We, PUSTEFIX GmbH, are delighted to welcome you to our website PUSTEFIX Promotion and we thank you for your interest in our products. We appreciate your trust and apply the utmost care and the highest security standards to protect your personal data from unauthorized access. The processing of personal data on our website is carried out in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act 2017 (Bundesdatenschutzgesetz (neu) / BDSG (new)).
1. Name and contact details of the controller
Kilchberg, Bahnhofstraße 29
phone 0049 – (0)7071-78 89 8
fax 0049 – (0)7071-79 10 07
2. Data protection officer
3. Data processing on our website
During data processing, your concerns worth being protected are taken into account in accordance with the statutory provisions. Personal data will only be processed on our website as described below:
When you visit our website, our web server temporarily stores each access in a log file. The following data is recorded and stored until it is automatically deleted:
- IP address of the requesting computer
- date and time of access
- name and URL of the retrieved file
- amount of data transferred
- notice if retrieval was successful
- data for identification of the browser and operating system used
- website from which access is made
- name of your internet access provider.
IP addresses are only stored anonymously, so that an assignment of the calling client is no longer possible. These data are not combined with other data sources; the data are also deleted after a statistical evaluation.
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f) GDPR (protection of legitimate interests).
These data are processed for the purpose of enabling the use of the website (connection establishment) and for the purposes of system security, technical administration, network infrastructure and optimization of the website. This is also our legitimate interest in data processing.
The data will be deleted as soon as they are no longer necessary to achieve this. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
The legal basis for data processing is Art. 6 para. (1) sentence 1 lit. a) GDPR (consent).
You also have the option of deactivating or restricting the storage of cookies on your computer by making the appropriate settings in your browser. However, this may limit the functionality of our website for you. Cookies that have already been saved can be deleted at any time. This can also be done automatically.
c) Use of Google Analytics
The information generated by the cookie about your use of the website such as
- browser type/version,
- the operating system used,
- URL of the page you visited previously,
- host name of the accessing computer (IP address),
- time of the server request,
are usually transferred to a Google server in the USA and stored there. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. We have also added the code “anonymizeIP” to Google Analytics on this website. This guarantees that your IP address is masked so that all data is collected anonymously. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google uses this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website and Internet use.
The legal basis for data processing is Art. 6 para. (1) sentence 1 lit. a) GDPR (consent). Due to the anonymization of your data through the use of “anonymizeIP”, however, we also assume that your interests worthy of protection, fundamental rights and freedoms are not impaired and that we have a justified interest in using the analysis tool. The use of Google Analytics is therefore also based on Art. 6 para. (1) sentence 1 lit. f) GDPR (protection of legitimate interests).
You can also prevent cookies from being saved by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
We continue to use Google Analytics to evaluate data from double-click cookies and AdWords for statistical purposes. If you do not want this to happen, you can disable it using the Ads Preferences Manager at www.google.com/settings/ads/onweb/?hl=en.
[ga-optout text=”Deactivate Google Analytics”]
d) YouTube videos
For the integration of videos, this website uses YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (“YouTube”), represented by Google. With YouTube’s default setting, your IP address is already sent to YouTube and cookies are installed on your computer when a page with embedded videos is accessed. However, we have integrated our YouTube videos with the extended data protection mode. According to YouTube, no personal data about the page visitor will be saved or evaluated unless you click on the play button.
When you watch the video, your IP address is transmitted to YouTube and YouTube learns that you have watched the video. The legal basis for data processing is Art. 6 para. (1) sentence 1 lit. f) GDPR (protection of legitimate interests).
In addition, we would like to point out once again that you can also prevent the storage of cookies by setting your browser software accordingly.
e) Online contact form und e-mail / telephone contact
You have the possibility to contact us via a prepared contact form on our website. If you use this option, the data you enter in the input mask will be transmitted to us and stored. These are your name, e-mail address and, if applicable, other personal data that you provide in your message. At the time of sending the message, the date and time of sending are also stored.
Alternatively, you can contact us via the e-mail address and telephone number provided. If you contact us by e-mail, the personal data transmitted with your e-mail will be stored.
The legal basis for processing the data is Art. 6 para. (1) sentence 1 lit. f) GDPR (protection of legitimate interests). If your contact is aimed at placing an order with us, the legal basis for data processing is Art. 6 para. (1) sentence 1 lit. b) GDPR (steps at the request of the data subject prior to entering into a contract).
The data provided by you will be used without your separate consent exclusively for processing your request. After processing your requests, your data will be blocked or deleted for further use, unless you have expressly consented to further use of your data or a contractual relationship was established on the basis of your request.
4. Use of your data for direct advertising
a) Registration for our e-mail newsletter
If you register for our e-mail newsletter, we will send you regular information about our offers. Your e-mail address is the only mandatory information for sending the newsletter. The indication of further possible data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will not send you an e-mail newsletter until you have expressly confirmed that you agree to receive the newsletter. We will then send you a confirmation e-mail asking you to confirm that you wish to receive future newsletters by clicking on a corresponding link.
By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a DSGVO. When you register for the newsletter, we save your IP address entered by your Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter will be used exclusively for the purpose of advertising in the newsletter. You can unsubscribe from the newsletter at any time using the link provided for this purpose in the newsletter or by sending a message to the person responsible mentioned at the beginning. Once you have cancelled your subscription, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this declaration.
b) Newsletter dispatch via Sendinblue
Our e-mail newsletters are sent via the technical service provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany (“Sendinblue”), to whom we pass on the data you provide when you register for the newsletter. This disclosure is made in accordance with Art. 6 Para. 1 lit. f DSGVO and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. The data you enter to subscribe to the newsletter (e.g. e-mail address) is stored on Sendinblue’s servers in Germany.
Sendinblue uses this information to send the newsletter and for statistical analysis on our behalf. For evaluation purposes, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This way it can be determined whether a newsletter message was opened and which links were clicked if necessary. Conversion tracking can also be used to analyze whether a previously defined action (e.g. purchase of a product on our website) took place after clicking on the link in the newsletter. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). The data is only collected pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
We have entered into a contract with Sendinblue in which we commit Sendinblue to protect our customers’ data and not to disclose it to third parties.
5. Our security standards
Your personal data is transmitted over the internet on our website using the so-called SSL security system (Secure Socket Layer). This technology offers a high level of security and is therefore also used by banks for data protection in online banking, for example. We protect our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons.
6. Rights of the data subject
If your personal data are processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the respective controller:
a) Right of access
According to Art. 15 GDPR, you can ask the controller to confirm whether personal data concerning you will be processed. If this is the case, you have a right of access to this personal data and the information mentioned in Art. 15 para. (1) lit. a) – h), such as processing purposes, categories of personal data processed, whether disclosure to third parties takes place and the planned storage period. You also have the right to a copy of the personal data that is the subject of the processing.
b) Right to rectification
Art. 16 GDPR grants you the right to immediate rectification of incorrect and/or incomplete personal data.
c) Right to erasure
Pursuant to Art. 17 of the GDPR, you may require the controller to erase the personal data concerning you without delay, provided that one of the reasons stated in Art. 17 para. (1) lit. a) – f) GDPR applies. Reasons for the right of erasure are, for example,
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- that you withdraw a consent you have given and that there is no other legal basis for the processing, or
- that the personal data have been processed unlawfully.
The right to erasure shall not apply where processing is required under Art. 17 para. (3) lit. a) – e) GDPR, such as to exercise freedom of expression and information, to fulfil a legal obligation required for processing under the law of the Union or the Member States to which the controller is subject, or to assert, exercise or defend rights.
d) Right to restriction of processing
According to Art. 18 GDPR, you have the right, under certain conditions, to request that the processing of personal data concerning you be restricted. This is the case if
- you contest the accuracy of the personal data concerning you and, for a period of time, the person responsible must be given the opportunity to check the accuracy of the personal data;
- the processing is unlawful and you opposes the erasure of the personal data and instead request that the use of the personal data be restricted;
- the controller no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or
- if you have filed an objection to the processing pursuant to Art. 21 para. (1) GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State. If processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
e) Notification of recipients and right of information
If you have exercised your right to have the controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. You have the right against the controller to be informed of such recipients.
f) Right to data portability
Art. 20 GDPR grants you the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance from the controller to which the personal data have been provided, given that the processing is based on your consent or on a contract and that the processing is carried out using automated procedures. In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
g) Right to object
If your personal data are processed under Art. 6 para. (1) lit. e) GDPR for the performance of a task in the public interest or in the exercise of official authority, or under Art. 6 para. (1) lit. f) GDPR for the protection of the legitimate interests of the controller or a third party, you have the right under Art. 21 GDPR to object at any time to the processing of personal data concerning you for reasons arising from your particular situation. This also applies to profiling based on these provisions.
The controller will then no longer process the personal data concerning you, unless he can prove compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
h) Right to withdraw given consent
If you have given your consent to the processing of personal data concerning you pursuant to Art. 6 para. (1) lit. a) GDPR, you have the right to withdraw your consent at any time (Art. 7 para. (3) GDPR). The withdrawal of consent shall not affect the legality of the processing carried out on the basis of the consent until withdrawal.
i) Right to lodge a complaint with a supervisory authority
Art. 77 GDPR gives you the right to lodge a complaint with a supervisory authority, in particular in the Member State where you are staying, working or suspected of having infringed the GDPR, without prejudice to any other administrative or judicial remedy, if you believe that the processing of personal data concerning you is contrary to the GDPR.
j) Automated decision-making, including profiling
Your personal data will not be used for automated decision making.