en
0
Zum Anfang scrollen

Data protection

Privacy Notice

We appreciate your visit on our website and your interest in our offer. We want you to feel comfortable and safe with regards to how we process your personal data. Data protection and transparency are very important to us. This Privacy Notice is meant to help you understand our privacy practices, including which Personal Data we collect, why we collect it, what we do with it, and how we protect it, as well as knowing your individual rights. This information will enable you to always be in full control of your personal data.

  1. Controller

Controller legally responsible for data processing:

puris Bad GmbH & Co. KG
Hinterm Gallberg 6 a
59929 Brilon
mail@puris.de

 

  1. Categories of data, purpose and legal basis

It´s possible to visit our website without disclosing any personal data besides the technical data provided for the operation of the website itself. For transparency reasons, our privacy notice can be found on every page.

 

Personal data is data about an identified or identifiable person. This means any information about you, information that could be used to identify you or that is directly associated with you. We use personal data like your IP address or technical data of your device (e.g. service provider and operating system), only to run and improve our website. We never save this data beyond the fulfilling of its purpose or legal retention periods.

 

We need this data to run our website. If you object to processing, you won´t be able to use our online offer. We evaluate this kind of information statistically in order to make using our website even more comfortable. We don´t connect this information to any other data we have collected previously. It´s only meant to improve the performance and attractiveness of our website and its content. Data collected when using our website will be deleted at the latest after 14 months. In some cases, we might be allowed to save data in order to enforce or defend any legal claims.

 

In any data processing we strictly adhere to the requirements of the EU General Data Protection Regulation (GDPR). This includes collecting, saving and using your personal data. We will never use your data for marketing purposes, and we will never sell, rent or leave your personal data to third parties.

 

Art. 6. 1 b and 1 f are legal basis for processing data in order to take care of information and network security. According to these articles processing of personal data is legal if necessary for the performance of a contract or for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

According to Art. 13 2 e GDPR you are not obliged to provide us with your personal data when using our website. Nevertheless it´s just not possible to run a website without this kind of data.

  1. Recipients of data

Your data will not be disclosed to any other third parties, except if there is a legal obligation to transfer the data. Art. 6 (1) c GDPR in connection with the respective instructions or the legal obligation we are subject to in the individual case, is the legal basis for processing data. Categories of recipients of the data are public authorities in case of a legal obligation and processors that process the data collected online on our behalf. Processors involved are: Mittwald CM Service GmbH & Co. KG

  1. Catalogue form

When filling out the contact or catalog order form and when contacting us by email or telephone, you provide us with personal data. We may collect the following types of data: names, email address, address, telephone number and information for creating an individual offer or for answering your inquiry and sending the catalog you have chosen. We use this data solely to answer your specific inquiry or request and to provide information. To protect your data, we use a recognized encryption method when transmitting it to us. We will retain your personal data for the period necessary to fulfill the purposes described in these notices. Legal retention periods remain unaffected.

The legal basis for processing general inquiries is your consent pursuant to Art. 6 1 a) GDPR.

For inquiries regarding contracts or in the context of contract initiation, the legal basis is Art. 6 1 b)GDPR.

The legal basis for data protection inquiries is Art. 6 1 c) GDPR.

Submitting the form constitutes your consent to the processing of the data.

 

  1. Photography and Video at Events (e.g., Trade Shows)

The creation and processing of recordings of participants and the event venue is carried out for the purpose of capturing the atmosphere and overall impression of the event. These recordings may be used for internal and external marketing purposes, as well as for presentations. Selected images/videos of this public event will be marketed on the website of puris Bad GmbH & Co. KG, as well as on social media platforms such as Instagram.

The legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR.

 

  1. Matomo

This Website uses an open-source project named Matomo  https://matomo.org/ (Piwik).

For this purpose, so-called “cookies” are used. Cookies are text files that are stored on the user’s computer. Matomo exclusively runs on the servers of Mittwald CM Service GmbH & Co. KG.

Only there the user’s personal data are stored.

IP-addresses are shortened to prevent identification of users. Data collected is not disclosed to any third party. The shortened IP-address cannot be reassigned to the visiting computer.

By this analysis we can see how different parts of our website are used and, on this basis, improve our website and user experience.

Matomo will only be used if you have given your consent. Legal basis is Art. 6 1 a GDPR and § 25 TDDDG. We will store this data within the regulatory retention periods.

  1. Google maps

This site uses the Google Maps mapping service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to and stored on a Google server in the USA. The provider of this site has no influence on this data transmission.

The transfer of data to the USA is carried out on the basis of the Data Privacy Framework.

Google Maps is only used if you consent to the use of Google Maps. The legal basis is your consent pursuant to Art. 6 1 a) GDPR and § 25 TDDDG.

More information on the handling of user data can be found in Google's privacy policy:

[https://www.google.de/intl/de/policies/privacy/.](https://www.google.de/intl/de/policies/privacy/)

If you consent to the use of Google Maps, Google may also load so-called web fonts (Google Fonts). For this purpose, the browser you are using must connect to Google's servers. This allows Google to become aware that our website has been accessed via your IP address. Further information on Google Web Fonts can be found at

https://developers.google.com/fonts/faq and in Google's privacy policy:

https://www.google.com/policies/privacy/.

We have no influence on this data collection.

  1. YouTube Videos

We have embedded YouTube videos (the operator of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) via a so-called iframe. This iframe is only loaded when you consent to this by making the appropriate selection in the cookie banner. As soon as you do this, a connection to the YouTube server in the USA is established.

This connection is necessary to display the respective video on our website via your internet browser. In the course of this, YouTube will at least record and process your IP address, the date and time, and the website you visited. In addition, a connection to Google's "DoubleClick" advertising network is established.

If you are logged into YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

For the purpose of functionality and to analyze user behavior, YouTube permanently stores cookies on your device via your internet browser.

In addition, after your consent, Google loads so-called web fonts into your browser cache in order to display text and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. This allows Google to become aware that our website has been accessed via your IP address. Further information on Google Web Fonts can be found at

https://developers.google.com/fonts/faq and in Google's privacy policy:

https://www.google.com/policies/privacy/.

The legal basis is your consent pursuant to Art. 6 1 a) GDPR.

  1. Instagram Account

We have a profile on Instagram. The provider is Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA.

We have concluded an agreement with Meta on joint responsibility for the processing of data (Controller Addendum). This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook fanpage. Meta Platforms has primary responsibility under the GDPR for the processing of insights data. You can view this agreement at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

You can independently adjust your advertising settings in your user account. To do this, click on the following link and log in:

https://www.facebook.com/settings?tab=ads

For details, please refer to Meta's privacy policy:

https://www.facebook.com/about/privacy/

The legal basis for processing is Art. 6 1 f) GDPR. The target group-oriented design of our posts is our legitimate interest. We receive aggregated data from Meta that does not allow conclusions to be drawn about individuals.

  1. Your rights

According to GDPR you have the following rights with regard to your personal data. You can find more detailed information in Art. 15 to 21 GDPR as well as in §§ 32 to 37 German Federal Data Protection Act. 

You have the right to access your personal data. You may also request the rectification of inaccurate data. Under certain conditions you have the right to erasure, the right to restriction and the right to data portability. Further, you have the right to object to processing of personal data which is based on point (e), (f) of Art. 6(1), including profiling based on those provisions. You may withdraw your consent at any time and without giving reasons with effect for the future. 

 

You may assert these rights directly with the controller. Therefore, informal contact is sufficient. You may send an Email or a letter. 

 

You also have the right to lodge a complaint with a supervisory authority if you find our processing of your personal data to be inconsistent with applicable data protection law. A list of federal Data Protection Commissioner and contact data can be found here: 

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html  

 

In case of any further questions please feel free to contact our officer for data protection: 

David Gabel - Email: David.gabel@your-insider.com 

 

General information concerning data protection and processing of personal data can be found at https://www.dsgvo-support.de 

 

 

Data Protection Notice for Meta products

Welcome to our Meta pages.

We want you to feel comfortable and safe with regards to how we process your personal data. Data protection and transparency are very important to us. That’s why we want to inform you accordingly.

We entered into a Joint-Controllership-Agreement with Meta according to Art. 26 GDPR. You can call up this agreement here: https://www.facebook.com/legal/terms/page_controller_addendum]

This agreement states that Meta comprehensively undertakes the obligations arising from data protection laws.

1. Controller

Joint Controllers for operation of these Meta pages are:

a)

Meta Platforms Ireland Ltd.

4 Grand Canal Square

Dublin 2 Ireland

You can contact Meta’s data protection officer by using this form:

www.facebook.com/help/contact/540977946302970.

and

b)

puris Bad GmbH & Co. KG
Hinterm Gallberg 6 a
59929 Brilon
mail@puris.de

Our external data protection officer can be contacted via E-Mail:

david.gabel@your-insider.com

2. Categories of Data, purpose and legal basis

Concerning the data processing by Meta we refer to their data protection notice:

https://www.facebook.com/privacy/center/

In the following we explain to you the data processing operations carried out by us.

a) Statistical Data

We can retrieve statistical data of different categories via the so-called “Insights” (https://www.facebook.com/business/a/page/page-insights).

These statistics are created and provided by Meta. We as operator cannot influence creation and display. We can neither deactivate this function nor prevent the creation and processing of the data. Inter alia, Meta provides us with the following data for a definable period of time for the categories, respectively, fans, subscribers, people reached, people interacting: Total number of call ups, “Likes”, page activity, post interactions, range of the posts, comments, shared content, answers, share of men and women, origin concerning country and city, language, call ups and clicks in the shop, clicks on the route planner, clicks on phone numbers. Also, in doing so, data of the Groups connected with our Meta pages are provided.

As a result of the continuous development of Meta, the availability and processing of data changes, wherefore we refer to the data protection notice of Meta for more detailed information.

Legal basis for processing is Art. 6 1 f GDPR. Making our posts and activities more attractive for the users is our legitimate interest. For example, we use the distribution of age and gender for addressing our users in an adjusted way and the preferred visiting hours of the users for timely optimized planning of our posts. Information about the user’s device help us adjusting our posts in appearance.

b) Interactions with our account

Also, you can interact with our account. For example, you can do that by pressing the “Like” button, share or comment on a post or by directly writing to us.

In case of you interacting with us, we inevitably process your data as we then can see your account and therefore have access to your personal data; this includes your username, profile picture or date or time of your interaction. According to Meta’s terms of use, that every user has agreed to when creating a Meta profile, we can identify subscribers and fans of the page and view their profile as well as their shared content.

These data are information that are only provided through an interaction with our profile. Legal basis for processing is Art. 6 1 b GDPR.

3. Recipient of data

We would like to point out that Meta might transmit your data to third parties. We cannot influence this, though. You can find more detailed information within the data protection notice of Meta: https://www.facebook.com/privacy/center/

We only share personal data within our organization if and when necessary for the purposes specified in this privacy notice. We don´t share personal data with any third party outside of our organization unless one of the following circumstances applies.

Art 6 (1) c GDPR

Processing is necessary for compliance with a legal obligation to which the controller is subject.

Recipients of your personal data may be public offices as well as processors, processing the data collected online in our behalf (Webhosts, designer etc.)

4. Storage period and erasure

You can find information about data storage by Meta in their data protection notice: https://www.facebook.com/privacy/center/

We store the personal data transmitted to us by you only for the period of time that is necessary to fulfil the purposes for which the data have been transmitted or as long as we are obligated by law to store them. After fulfilment of the purpose and/or after the legal retention period has expired, we either delete or block the data.

5. Your rights

According to GDPR you have the following rights with regard to your personal data. You can find more detailed information in Art. 15 to 21 GDPR as well as in §§ 32 to 37 German Federal Data Protection Act.

You have the right to access your personal data. You may also request the rectification of inaccurate data. Under certain conditions you have the right to erasure, the right to restriction and the right to data portability. Further, you have the right to object to processing of personal data which is based on point (e), (f) of Art. 6(1), including profiling based on those provisions. You may withdraw your consent at any time and without giving reasons with effect for the future.

You may assert these rights directly with the controller. Therefore, informal contact is sufficient. You may send an Email or a letter.

You also have the right to lodge a complaint with a supervisory authority if you find our processing of your personal data to be inconsistent with applicable data protection law. A list of federal Data Protection Commissioner and contact data can be found here:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

If processing by Meta is involved, you can directly contact Meta. In particular this is the case when it’s about processing in the scope of the “Insights”.

You might send a letter to:

Meta Platforms Ireland Ltd.

4 Grand Canal Square

Dublin 2 Ireland

As an alternative you might also contact us, and we transmit your request – according to our agreement with Meta as per Art. 26 GDPR – to Meta.