1. General information on data processing

(1) claus rodenberg waldkontor gmbh (“we” or “us”) operates the following websites: waldkontor.com, claus-rodenberg.de, claus-rodenberg.com, claroholz.de, cr-wk.de, nrgi-shop.de and pluswald.de. As we find it particularly important to ensure the protection of your personal data during your visit, we would like to thoroughly inform you about the personal data that will be processed depending on the way in which you contact us.

(2) We will only ever process your personal data (e.g. name, address, email address, phone number) in accordance with the General Data Protection Regulation (GDPR), the German Telemedia Act (TMG) and other data protection laws and regulations applicable within the member states of the European Union.

(3) The “controller”, as defined in Art. 4 (7) GDPR, is:

claus rodenberg waldkontor gmbh
represented by its managing director, Claus Rodenberg, Ibid.
Schmiedekoppel 7-9
D-23847 Kastorf

Tel.: +49-4501-8201-88
Email:

More information can be found in our legal notice. Insert link

(4) You can contact our data protection officer…

… by email:

… or by post at the address indicated above (FAO “Data Protection Officer”).

(5) You may contact us for different reasons. Depending on the reason for your enquiry, there may be differences in

  • the data which is stored on your person;
  • the legal basis for the processing of your data;
  • the disclosure of your data to third parties; and
  • the amount of time for which we will store your data.

This information is provided below for each separate reason.

2. Data processing when you visit our websites

(1) Our server is hosted by a company called “Strato”. If you use our websites for purely informational purposes, your web browser will transmit usage data to our server. Our web hosting provider will then process this data, provided this is technically necessary to display our websites and ensure stability and security. The following information will be transmitted:

  • Your IP address;
  • The date and time of your request;
  • The duration of your visit;
  • The difference between your time zone and Greenwich Mean Time (GMT);
  • The content of your request (specific page);
  • The access status / HTTP status code;
  • The volume of data transmitted;
  • The website from which your request comes;
  • Your Internet service provider;
  • Your browser type;
  • Your server log files (connection data);
  • Your operating system and its interface; and
  • The language and version of your browser software.

(2) Your data will be stored for no longer than seven days. Strato will save this data for the purpose of conducting statistical analysis, optimising its services, and detecting and averting cyber-attacks. More detailed information is available here: https://strato.de/blog/dsgvo-logfiles/.

(3) The legal basis for this is point (f) of Art. 6 (1) GDPR, as we have a legitimate interest in providing our websites and this processing is necessary to display the websites you wish to access. For more information, please refer to Strato’s privacy policy: https://www.strato.de/datenschutz/.

3. Data processing when we use cookies

(1) In addition to the data listed above, cookies will be saved on your device when you use our websites. A cookie is a text file that is generated by our web server and sent to your browser. As cookies do not contain any viruses or malware, they cannot cause any damage to your devices. The cookies will be saved on the hard drive of your device and matched to your browser to provide us with certain information. They help to make our websites more user-friendly and efficient.

By using session cookies, we can see whether you have visited certain pages on our websites in the past. These session cookies will be automatically deleted when you leave our website.

By using temporary cookies, we can see whether you have ever accessed our websites and, if so, which data you have entered and which settings you have made on our pages, to save you from re-entering such information each time.

The legal basis for the processing of personal data using cookies is point (f) of Art. 6 (1) GDPR, as we have a legitimate interest in providing more user-friendly websites and evaluating our online marketing activities, and data processing is necessary for such purposes.

You can configure your browser settings according to your preferences, which means you can also reject cookies. If you do this, however, please note that you may not be able to fully use all the features of our websites.

3.1 Google Analytics

(1) We use Google Analytics, a web analysis service provided by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics also uses cookies. The information generated by such cookies on your use of our websites will generally be transferred to a Google server in the USA and stored there.

(2) We always enable IP anonymisation when using Google Analytics. This means that Google will truncate your IP address before transferring data within member states of the European Union or the European Economic Area. Your full IP address will only be transmitted to a Google server in the United States and truncated there in exceptional cases. Google will use this information on our behalf to evaluate your use of our websites, to compile reports on website activities and to provide us with other services relating to your use of our websites and the Internet.

(3) According to Google, it will not match the IP address transmitted from your browser via Google Analytics with any other data stored in its databases. For more information, please refer to Google’s privacy policy. You can prevent the data generated by cookies on your use of our websites (incl. your IP address) from being transferred to Google for processing by downloading and installing a browser plug-in (http://tools.google.com/dlpage/gaoptout?hl=de) or by refusing your consent to Google Analytics.

(4) The legal basis for this is point (f) of Art. 6 (1) GDPR, as we have a legitimate interest in evaluating our online marketing activities to optimise the user-friendliness of our websites. Data processing is necessary for such purposes.

3.2 YouTube videos

Our website features YouTube videos, especially in the “News” section. As the videos are embedded in “Privacy Enhanced Mode”, YouTube will only place cookies on your device when you press play; the cookies generated by YouTube may be used to analyse your user behaviour for market research and marketing purposes. As the website operator, we have no control over such data processing activities.

If you do not enable our partner cookies, you will have to allow data to be transferred to YouTube before playing a video.

More information on YouTube’s use of cookies can be found in Google’s cookie policy: https://policies.google.com/technologies/types?hl=de.

Cookie-Zustimmung ändern / Change cookie approval

4. Data processing when you contact us

(1) If you contact us by email, over the phone or via a contact form, we will process any data you provide (e.g. first name, last name, email address, phone number, content of your enquiry) for the purpose of responding to your questions and/or processing your enquiry. We will obtain your consent in such cases.

(2) The legal basis for this is point (a) of Art. 6 (1) GDPR.

5. Data processing when you send us an application

(1) We will process any data you provide during an application process. This includes your first name, last name, address, landline and mobile numbers, email addresses and the personal data contained in your application documents.

(2) The legal basis for this is point (b) of Art. 6 (1) GDPR.

6. Data processing when we have a contractual relationship

(1) If you are or become a customer of ours, we will process your contact details, contract data, payment details and communication data to provide our contractually agreed services and facilitate the billing process in accordance with our general terms and conditions. For this purpose, your data may be disclosed to our service providers (e.g. subcontractors), who have been carefully chosen and who are bound by our instructions.

(2) If the processing of your personal data is necessary to perform a contract with you, the legal basis will be point (b) of Art. 6 (1) GDPR. The same applies to any pre-contractual measures.

7. Data processing when you request information (Art. 15 GDPR)

If you request information as to the data we are processing on you, we will store the following data:

  • Your name and contact data;
  • Printouts of incoming and outgoing letters and/or emails regarding your enquiry; and
  • Proof of identity (if necessary).

8. Your rights

(1) If your personal data is ever processed, you will be a “data subject”, as defined in the GDPR, and you may exercise the following rights against us:

  • Right of access (Art. 15 GDPR);
  • Right to rectification and erasure (Art. 16 and 17 GDPR);
  • Right to withdraw your consent (Art. 7 (3) GDPR);
  • Right to the restriction of processing (Art. 18 GDPR);
  • Right to object to data processing (Art. 21 GDPR);
  • Right to data portability (Art. 20 GDPR); and
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

(2) If you wish to exercise your rights, please make an informal request via email:

Please note that we may request additional information to determine your identity in certain cases. In this way, we can ensure that your information is not disclosed to unauthorised persons when honouring your right of access.

(3) If we are processing your personal data on the basis of our overriding legitimate interests in accordance with point (f) of Art. 6 (1) GDPR, you may object to such processing. When exercising your right to object, we kindly ask you to state the reasons why we should no longer process your personal data. If your objection is justified, we will examine the situation and either stop / adjust our data processing or indicate the essential and legitimate reasons for the continuation of our processing.

9. Disclosure of data to third parties

(1) We will only disclose your data to third parties if…

… you have given your explicit consent in accordance with point (a) of Art. 6 (1) GDPR;

… the disclosure of such information is necessary for the establishment, exercise or defence of legal claims and we have no reason to believe you might have an overriding legitimate interest in the non-disclosure of your data (point (f) of Art. 6 (1) GDPR);

… we have to disclose your data to fulfil a legal obligation in accordance with point (c) of Art. 6 (1) GDPR; and/or

… this is necessary for the execution of a contractual relationship in accordance with point (b) of Art. 6 (1) GDPR.

(2) If we commission subcontractors to provide our services, we will take the appropriate legal, technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal requirements.

10. Retention period and deletion of data

(1) Any data we store will be deleted as soon as it is no longer needed for the purpose for which it was originally stored, unless the deletion is prevented by statutory retention obligations. The original purpose of processing has usually been achieved by the end of a contractual term, enquiry or application process.

(2) Once your contract has ended, we will delete the data stored in our systems within 6 months.

(3) The back-up copies in our systems will be automatically deleted with a time delay.

(4) Once your contract has ended, the contract data will only be processed to a limited extent before being deleted at the end of the 10-year retention period stipulated in Section 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (AO).

(5) Any data provided during an application process will be stored for no longer than six months and then destroyed, unless you consent to being included in the next selection process. This being the case, your documents will be kept until the next selection process and then destroyed afterwards.

(6) All customer correspondence, order history and payment details are subject to the 6-year retention period stipulated in Section 257 HGB and Section 147 AO.

(7) If you submit a request for information in accordance with Art. 15 GDPR, the data contained in your request will be kept for a maximum of two years (retention period: one year after the end of the calendar year).

11. Final provisions

(1) We will take technical and organisational measures to protect your personal data from being accidentally or intentionally manipulated, lost, destroyed or accessed by unauthorised third parties. Our safety measures are constantly being improved in line with technical developments.

For example, data will be exchanged between your browser and our website using SSL encryption. You can tell whether an encrypted connection has been established, because your browser’s address bar will have changed from “http://” to “https://” and a padlock symbol will be displayed in your browser bar. This means the data you submit will not be accessible to third parties.

(2) This privacy statement will be occasionally updated to account for the technical development of our websites. If a change to our privacy statement does not affect the use of existing data, the new version will enter into force on the date it is updated on our website. If a change to our privacy statement affects the use of data that has already been collected, the new version will only enter into force if this is reasonable for you. In such cases, we will notify you in good time by email, on our website or in another form. You will then be entitled to file an objection to the new privacy statement within four weeks of being notified. If you do not file an objection within the specified period, you will be deemed to have given your consent to the amended privacy statement. When notifying you of such amendments, we will inform you of your right to object and the significance of the objection period.

(3) The contact details published in accordance with our obligation to provide a legal notice must not be used for the purpose of sending unsolicited advertising and information. The operators of the sites expressly reserve the right to take legal action if they are sent unsolicited advertising, such as spam emails.

 

Version

DateChange(s)
13.06.2018Version 1.0: first draft
03.11.2020Text correction: legal basis
Privacy policy v1.1 (79 KB)
15.04.2021Version 2.0