Privacy policy of REFDAT

1.    Preamble

We are pleased about your visit on the website of our company. Information protection and in particular data protection is of great importance to our management. In principle, you can use this website without providing any personal data. Should you disclose data to us in connection with the processing described below, we will treat your personal data confidentially and in accordance with the legal data protection regulations of the European Union and the Federal Republic of Germany as well as this data protection declaration.
As the data controller, REFDAT has implemented numerous technical and organizational measures to ensure the complete protection of personal data processed via this website. However, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you as the person concerned are free to transmit personal data to us by alternative means, for example by telephone or mail.

2.    Definitions

REFDAT's data protection declaration is based on the terms used by the European legislator when the basic data protection regulation (GDPR) was issued. The detailed definitions can be found in Art. 4 GDPR. Essentially, these are the following terms, described here in simplified form:

a)    Personal data:
This is all information available to us as a responsible person to determine you as a natural person. (e.g. name, address, e-mail, telephone number, IP address etc.)

b)    Person concerned:
This is you as a natural person, if we have identified you or can identify you.

c)    Processing:
Processing is any collection, storage, further processing, forwarding, archiving and deletion of data. It is irrelevant whether the process is carried out automatically with the aid of IT systems or whether it is carried out manually (e.g. by letter).

d)    Restriction of processing:
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

e)    Profiling:
Profiling is any type of automated processing of your data, which consists in using these data to evaluate certain personal aspects relating to you. In particular, to analyse or predict aspects relating to your job performance, economic situation, health, personal preferences, interests, behaviour, whereabouts or change of location.

f)    Pseudonymization:
This is a process to identify your personal data. In the following, only this identifier will be used and without the original key or a "reference database" this pseudonym cannot be resolved (e.g. allocation of a customer number).

g)    Responsible Person:
The person responsible or responsible for processing is REFDAT with whom you have a contractual relationship. It is crucial that we can decide independently on the processing methods and means.

h)    Contract processor:
A processor is a company that has been commissioned by REFDAT to assist you in the collection, processing, storage, forwarding or deletion of your data. Usually these are IT service providers, but also waste disposal companies that are commissioned, for example, with the destruction of documents.

i)    Consent:
Consent is any expression of will given by you for a specific individual case. You will be fully informed about what you are consenting to.

3.    The name and address of the controller

The person responsible for this website and the central services of REFDAT within the meaning of the Data Protection Basic Regulation and other regulations of a data protection nature is:

REFDAT
Street: Gamburger Weg 24
City: D-97877 Wertheim

Brigitte Scharmann

E-Mail: info@refdat.net

4.    Data Protection Officer

REFDAT is not obliged to appoint a data protection officer. If you have any questions in connection with the processing of your data, please contact info@refdat.net.

5.    Rights of the data subject

In accordance with Chapter 3 of the GDPR, you have the following rights as a data subject. In order to fulfil our obligations in connection with your rights in accordance with the law, please address appropriate inquiries to info@refdat.net.

a)    Art. 15 Right to information
You have an unlimited right to request information about the personal data processed by you. This information must be provided to you free of charge. You may request information on the following information, a copy of which must also be sent to you

- the purpose of processing your data,
- the categories of the data,
- the internal and external recipients of your data,
- the duration of the data storage,
- their rights under Chapter 3, in connection with data processing,
- the origin of the data, if it was not collected from you,
- whether a profile was created,
- whether your data has been transferred to a third country (non-EU and non-EEA),
- which data protection authority is responsible for our respective company,

b)    Art. 16 Right of rectification
Should we process incorrect data from you, you can have this corrected at any time by your contact person.

c)    Art. 17 Right of cancellation
You have the right to request the deletion of your personal data at any time. We may be required by law to retain your data for a certain period of time (e.g. 6 years for business mail or 10 years for tax-related documents). In such a case we will block your data record until the retention period has expired and then delete the data record accordingly. Please address deletion requests to the above mentioned mail address.

d)    Art. 18 Right to limit processing
If you dispute the accuracy of our personal data, or if you refuse to have your data deleted and instead demand the restriction (e.g. in the case of advertising mail), you can demand the restriction of processing from us. We will then set your data to blocked.

e)    Art. 19 Obligations of notification in connection with correction, deletion or restriction
We are obliged to inform all recipients of your data of any correction, deletion or restriction you have commissioned, insofar as this is possible and can be implemented with a reasonable amount of effort. We will inform you about the recipients of your data if you request this.

f)    Art. 20 Right to data transfer
You have the right at any time to request our company to transfer your data to another responsible person. This refers to all master data that we keep about you. If technically possible, we will provide the data record in a common machine-readable format (e.g. .csv).

g)    Art. 21 Right of objection
If a data processing has been justified on the basis of article 6, paragraph I, letter f (so-called legitimate interest), you may object to the processing in this context.

h)    Art. 77 Right to appeal to a supervisory authority
You have the right to complain to the data protection supervisory authority responsible for our company at any time if you believe that we have violated the provisions of the GDPR in any way. The following authority is responsible for REFDAT:

    Bayerisches Landesamt f. Datenschutzaufsicht (BayLDA)
    Promenade 18
    D-91522 Ansbach

You can access the website of the data protection supervisory authority via the following link: https://www.lda.bayern.de/de/index.html