Data protection

We appreciate your visit on our website and your interest in our offer. We want you to feel comfortable and safe with regards to how we process your personal data. Data protection and transparency are very important to us. This Privacy Notice is meant to help you understand our privacy practices, including which Personal Data we collect, why we collect it, what we do with it, and how we protect it, as well as knowing your individual rights. This information will enable you to always be in full control of your personal data.

1.    Controller

Controller legally responsible for data processing:

puris Bad GmbH & Co. KG
Hinterm Gallberg 6 a
59929 Brilon
mail@puris.de

 

2.    Categories of data, purpose and legal basis

It´s possible to visit our website without disclosing any personal data besides the technical data provided for the operation of the website itself. For transparency reasons, our privacy notice can be found on every page.

 

Personal data is data about an identified or identifiable person. This means any information about you, information that could be used to identify you or that is directly associated with you. We use personal data like your IP address or technical data of your device (e.g. service provider and operating system), only to run and improve our website. We never save this data beyond the fulfilling of its purpose or legal retention periods.

 

We need this data to run our website. If you object to processing, you won´t be able to use our online offer. We evaluate this kind of information statistically in order to make using our website even more comfortable. We don´t connect this information to any other data we have collected previously. It´s only meant to improve the performance and attractiveness of our website and its content. Data collected when using our website will be deleted at the latest after 14 months. In some cases, we might be allowed to save data in order to enforce or defend any legal claims.

 

In any data processing we strictly adhere to the requirements of the EU General Data Protection Regulation (GDPR). This includes collecting, saving and using your personal data. We will never use your data for marketing purposes, and we will never sell, rent or leave your personal data to third parties.

 

Art. 6. 1 b and 1 f are legal basis for processing data in order to take care of information and network security. According to these articles processing of personal data is legal if necessary for the performance of a contract or for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

According to Art. 13 2 e GDPR you are not obliged to provide us with your personal data when using our website. Nevertheless it´s just not possible to run a website without this kind of data.

3.    Recipients of data

We only share personal data within our organization if and when necessary for the purposes specified in this privacy notice. We don´t share personal data with any third party outside of our organization unless one of the following circumstances applies.

 

Art 6 1c GDPR

Processing is necessary for compliance with a legal obligation to which the controller is subject.

 

Recipients of your personal data may be public offices as well as processors, processing the data collected online in our behalf. (Google, Webhosts, etc.)

Data processors are

 

Strato AG

4.    Contact form

You can use our contact form for contacting us and ordering catalogues.

Using our contact form, you provide us with your personal data. This includes name, email address, a message and the desired catalogue. You may provide us with more information, but you don’t have to. We will use this information only for your particular claims or requests and delete them after we have answered your request or clarified your claim.

Legal basis for processing is your prior consent according to Art. 6 1 a GDPR. By submitting the form, you give us your consent for processing. You may withdraw your consent with effect for the future in case you don’t want your data to be processed any more.

5.    Cookies

We use two types of cookies: session cookies and persistent cookies. Cookies are small text files that we place on your computer. Cookies cannot execute any commands and therefore, they pose no security risk.
Session Cookies store information during the visit of our website. They are not stored permanently on your computer since they disappear when the browser is closed. When you visit our website for the first time, we inform you about the use of cookies. We store your perusal in a cookie so that we don’t have to show you this information every time you visit our website. Legal basis for the use of cookies is Art. 6 1 f GDPR. According to this article processing of personal data is legal if necessary for the purpose of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights of the data subject. The controller has a legitimate interest in operating the website.
You can define the handling of cookies by yourself in your browser, you can completely refuse cookies, or you can set your browser to regularly delete cookies. You can find sufficient information concerning this matter on the Internet.

6.    Photographs and videos in the course of events (e. g fairs)

We shoot pictures and videos of the participants and the venue for the purpose of capturing the atmosphere and the general impression of the event. We can use those images/videos for internal and external marketing purposes, as well as for presentations. A selection of photos and videos will be marketed on the webpage of puris Bad GmbH & Co. KG, as well as on our social media profiles like Pinterest, Instagram, Facebook and Youtube. Legal basis is our legitimate interest according to Art. 6 1 f GDPR. If you do not want us to take and process pictures/videos of you, please inform our staff.

7.    Fairs

When visiting our stand, our marketing staff will collect meeting and contact information. Those will be used for the purpose of the preparation of a business connection. After the fair your personal data will be transferred to the responsible area sales manager. The fair protocols will be digitized and stored within our CRM-system. We will delete your contact information after 5 years in case we did not enter into a business relationship with each other. Legal basis for processing is Art. 6 1 f GDPR. Establishing and maintaining business relationships is our legitimate interest.

8.    Social Media profiles

In order to expand our reach, we have several social media profiles. When you visit one of our profiles, the operator of this platform may also collect and process your personal data.

 

Pinterest

We use a Pinterest account operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA, 91403, USA („Pinterest“).

 

Information concerning purpose and scope of data collection as well as your rights and configuration options to protect your privacy can be found here:
https://policy.pinterest.com/de/privacy-policy.

 

Xing

We use a Xing account operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

The data protection notice of Xing can be found here:

https://privacy.xing.com/de/datenschutzerklaerung 

 

Youtube

We use a Youtube channel operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google is certified according to the EU-US-Privacy-Shield.

More information can be found here:
http://www.youtube.com/t/privacy_at_youtube 

 

Facebook/Instagram

We have a profile at Facebook and Instagram. Supplier is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified according to the EU-US-Privacy-Shield. We entered a Joint-Controllership-Agreement with Facebook. This agreement states for which data processing operations we or Facebook are responsible when you visit our Facebook-Fanpage. Facebook-Ireland is primarily responsible according to GDPR for the processing of Insight data. You can view this agreement here:
https://www.facebook.com/legal/terms/page_controller_addendum 

 

You can modify your advertising preferences in your profile by yourself. Therefore, click on the following link and log in:
https://www.facebook.com/settings?tab=ads 

 

You can find detailed information within the data protection notice of Facebook:
https://www.facebook.com/about/privacy/ 

9.    Your rights

According to GDPR you have the following rights with regard to your personal data. You can find more detailed information in Art. 15 to 21 GDPR as well as in §§ 32 to 37 German Federal Data Protection Act. 

You have the right to access your personal data. You may also request the rectification of inaccurate data. Under certain conditions you have the right to erasure, the right to restriction and the right to data portability. Further, you have the right to object to processing of personal data which is based on point (e), (f) of Art. 6(1), including profiling based on those provisions. You may withdraw your consent at any time and without giving reasons with effect for the future. 

 

You may assert these rights directly with the controller. Therefore, informal contact is sufficient. You may send an Email or a letter. 

 

You also have the right to lodge a complaint with a supervisory authority if you find our processing of your personal data to be inconsistent with applicable data protection law. A list of federal Data Protection Commissioner and contact data can be found here: 

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html  

 

In case of any further questions please feel free to contact our officer for data protection: 

David Gabel - Email: david.gabel(at)dsgvo-support.de 

 

General information concerning data protection and processing of personal data can be found at https://www.dsgvo-support.de 

 

Data Protection Notice for Facebook

 

Welcome to our Facebook page.

 

We want you to feel comfortable and safe with regards to how we process your personal data. Data protection and transparency are very important to us. That’s why we want to inform you accordingly.

 

We entered into a Joint-Controllership-Agreement with Facebook according to Art. 26 GDPR. You can call up this agreement here: https://www.facebook.com/legal/terms/page_controller_addendum]

This agreement states that Facebook comprehensively undertakes the obligations arising from data protection laws.

 

1.    Controller

Joint Controllers for operation of this Facebook page are:

 

a)
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbor

Dublin 2 Ireland

 

You can contact Facebook’s data protection officer by using this form:
www.facebook.com/help/contact/540977946302970.  

 

 

and

 

b)

puris Bad GmbH & Co. KG
Hinterm Gallberg 6 a

59929 Brilon

mail@puris.de

 

Our external data protection officer can be contacted via E-Mail:
david.gabel@dsgvo-support.de

 

2.    Categories of Data, purpose and legal basis

Concerning the data processing by Facebook we refer to their data protection notice:

https://www.facebook.com/privacy/explanation

 

In the following we explain to you the data processing operations carried out by us.

a)    Statistical Data

We can retrieve statistical data of different categories via the so-called “Insights” (https://www.facebook.com/business/a/page/page-insights).

These statistics are created and provided by Facebook. We as operator cannot influence creation and display. We can neither deactivate this function nor prevent the creation and processing of the data. Facebook provides us with the following data for a definable period of time for the categories, respectively, fans, subscribers, people reached, people interacting: Total number of call ups, “Likes”, page activity, post interactions, range of the posts, comments, shared content, answers, share of men and women, origin concerning country and city, language, call ups and clicks in the shop, clicks on the route planner, clicks on phone numbers. Also, in doing so, data of the Facebook Groups connected with our Facebook page are provided.

As a result of the continuous development of Facebook, the availability and processing of data changes, wherefore we refer to the data protection notice of Facebook for more detailed information.

 

Legal basis for processing is Art. 6 1 f GDPR. Making our posts and activities more attractive for the users is our legitimate interest. For example, we use the distribution of age and gender for addressing our users in an adjusted way and the preferred visiting hours of the users for timely optimized planning of our posts. Information about the user’s device help us adjusting our posts in appearance.

b)    Interactions with our account

Also, you can interact with our account. For example, you can do that by pressing the “Like” button, share or comment on a post or by directly writing to us.

 

In case of you interacting with us, we inevitably process your data as we then can see your account and therefore have access to your personal data; this includes your username, profile picture or date or time of your interaction. According to Facebook’s terms of use, that every user has agreed to when creating a Facebook profile, we can identify subscribers and fans of the page and view their profile as well as their shared content.

 

These data are information that are only provided through an interaction with our profile. Legal basis for processing is Art. 6 1 b GDPR.

3.    Recipient of data

We would like to point out that Facebook might transmit your data to third parties. We cannot influence this, though. You can find more detailed information within the data protection notice of Facebook: www.facebook.com/privacy/explanation   

 

We only share personal data within our organization if and when necessary for the purposes specified in this privacy notice. We don´t share personal data with any third party outside of our organization unless one of the following circumstances applies.

 

Art 6 (1) c GDPR

Processing is necessary for compliance with a legal obligation to which the controller is subject.

 

Recipients of your personal data may be public offices as well as processors, processing the data collected online in our behalf (Webhosts, designer etc.)

4.    Storage period and erasure

You can find information about data storage by Facebook in their data protection notice: www.facebook.com/privacy/explanation.  

 

We store the personal data transmitted to us by you only for the period of time that is necessary to fulfil the purposes for which the data have been transmitted or as long as we are obligated by law to store them. After fulfilment of the purpose and/or after the legal retention period has expired, we either delete or block the data.

5.    Your rights

According to GDPR you have the following rights with regard to your personal data. You can find more detailed information in Art. 15 to 21 GDPR as well as in §§ 32 to 37 German Federal Data Protection Act. 

You have the right to access your personal data. You may also request the rectification of inaccurate data. Under certain conditions you have the right to erasure, the right to restriction and the right to data portability. Further, you have the right to object to processing of personal data which is based on point (e), (f) of Art. 6(1), including profiling based on those provisions. You may withdraw your consent at any time and without giving reasons with effect for the future. 

 

You may assert these rights directly with the controller. Therefore, informal contact is sufficient. You may send an Email or a letter. 

 

You also have the right to lodge a complaint with a supervisory authority if you find our processing of your personal data to be inconsistent with applicable data protection law. A list of federal Data Protection Commissioner and contact data can be found here: 

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html  

 

If processing by Facebook is involved, you can directly contact Facebook. In particular this is the case when it’s about processing in the scope of the “Insights”.

You can contact Facebook via this form: https://www.facebook.com/help/contact/2061665240770586.  

 

Furthermore, you might send a letter to:

Facebook Ireland Ltd.   
4 Grand Canal Square   
Grand Canal Harbour   
Dublin 2 Ireland   

 

As an alternative you might also contact us, and we transmit your request – according to our agreement with Facebook as per Art. 26 GDPR – to Facebook.