Privacy policy

Preliminary note

This privacy policy informs you about it,

  • how we process your personal data (hereinafter: “data”) when you visit our website;
  • why and on what legal basis we process the Data; and
  • which data protection rights and options you have.

The details are explained in the following chapters. The structure of this declaration is based on the EU Data Protection Basic Regulation (hereinafter referred to as DS-GVO) and the Federal Data Protection Act (BDSG).

In Chapter 17. we explain some data protection terms.

 

Chapter overview

1. Who do I contact if I have questions about privacy on this website?
(Contact details of the responsible person, duty to inform in accordance with Art. 13 para. 1 a DS-GVO)

2. Why do we process your data?
(Purposes of processing, duty to inform according to Art. 13 Para. 1 c DS-GVO)

3. Which personal data do we process?
(Type of data processed, duty to inform according to art. 13 para. 1 c DS-GVO)

4. Why is this data processing permitted?
(Legal basis of the processing and legitimate interest of the data controller, duty to provide information in accordance with Art. 13 Paragraph 1 c DS-GVO)

5. To whom will my data be disclosed?
(Recipients / categories of recipients, duty to inform in accordance with Art. 13 para. 1 e DS-GVO)

6. Who is affected by the data processing?
(Data subjects, duty to provide information in accordance with Art. 13 para. 1 DS-GVO)

7. Will my data be transferred to a country outside the European Union (EU)?
(Transfer of data to third countries, duty to inform in accordance with Art. 13 para. 1 f DS-GVO)

8. How long will my data be stored? When will they be deleted?
(Duration of data storage, duty to inform according to Art. 13 para. 2 a DS-GVO)

9. What rights do I have?
(Rights of the data subject, duty to inform in accordance with Art. 13 para. 1 b – d DS-GVO)

9.1 How can I exercise my right to information?
9.2 When and how can I have my data corrected?
9.3 When must my data be deleted?
9.4 What does “right to limit processing” mean?
9.5 What does “right to data transferability” mean?
9.6 How do I exercise my right of objection?
9.7 How can I withdraw my consent?
9.8 When and how can I complain to the supervisory authority?

10. Is it required by law or contract that I must provide my data?
(Provision of data required by law or contract, duty to inform in accordance with Art. 13 Para. 2 e DS-GVO)

11. Do automated decision processes take place in connection with my data?
(Existence of automated decision-making including profiling, obligation to provide information in accordance with Art. 13 para. 2 f DS-GVO)

12. What are the general functions and offers of our website?

13. What special features and offers does our website offer?

13.1 Data processing on our website

  • Font Awesome
  • Google Maps
  • Google Fonts
  • Contact form

13.2 Data processing via Social Media Plugins

  • Facebook and Instagram

13.3 Further data processing

  • Applications

14. Does cooperation with contract processors and third parties take place?

15. Which security measures do we use to protect your data?

16. Changes to this privacy policy

17. Explanation of some data protection terms

 

 

 

 

1. Who do I contact, if I have questions about privacy on this website?

The responsible person for processing your data on this website is:

Guido Klatte GmbH & Co. KG
Unnerweg 76
49688 Lastrup

Phone: (+49 44 72) 94 00 70

This data protection declaration informs you about the data that is processed when you visit our website. You can also contact us at the following e-mail address if you have any further questions:

guido@gklatte.de

 

Art. 4 para. 7 DS-GVO defines the term “responsible person“:

“responsible person”[:] means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

 

Data protection officer
You can reach our data protection officer at

datenschutzbeauftragter@gklatte.de

or via our postal address with the addition “the data protection officer”.

 

2. Why do we process your data?

We process your data in order to ensure the proper operation of our website and to be able to provide you with our online offer and the contents of the site. The processing is also carried out in order to process your contact requests and to be able to communicate with you.

The specific further processing purposes are mentioned under items 12 (What general functions and offers does our website offer?) and 13 (What special functions and offers does our website offer?).

We only process your data for purposes other than those described there,

  • if a legal provision permits this or
  • you have consented to the changed purpose of the data processing.

We will inform you before we process your data for purposes other than those for which the data was originally processed. We will then provide you with all relevant information about the other purposes.

 

3. Which personal data do we process?

If you contact us by e-mail or via the form on our website, we will store the data you provide (your e-mail address, your name and telephone number if applicable) in order to answer your questions. We delete the data that is collected in the process as soon as the storage is no longer necessary or restrict the processing if there are legal storage obligations.

Further data that we process when you visit our website is stated under items 12 and 13 of this declaration.

 

4. Why is this data processing permitted?

In principle, we may only process your data if we have a legal right to do so or if you have given us permission. In sections 12 and 13 of this privacy policy, we indicate the processes in which we process your data and the basis on which the processing is carried out.

In principle, we base the processing of your data on the following legal bases of the DS-GVO:

  • Article 6 Paragraph 1 a, Article 7 DS-GVO: Your consent;
  • Article 6 Paragraph 1 b DS-GVO: Processing of your data in order to be able to fulfil a contract with you or to carry out (pre-)contractual measures;
  • Article 6 Paragraph 1 c DS-GVO: Data processing in order to fulfil a legal obligation to which we are subject;
  • Article 6 Paragraph 1 d DS-GVO: when vital interests of you or another natural person must be protected;
  • Article 6 Paragraph 1 f DS-GVO: Our legitimate interest if it outweighs your interest or your fundamental rights and freedoms.

 

5. To whom will my data be disclosed?

If your data is disclosed not only to us, but also to other recipients, they will be listed under item 13 of this Privacy Policy (What special functions and offers does our website offer?).

 

6. Who is affected by the data processing?

We process the data of visitors and users of our online offer, as well as our customers, interested parties and business partners who access it.

 

7. Is my data transferred to a country outside the European Union (EU)?

We also process your data in countries outside the European Union (EU) if you have given us your consent to do so. The processing concerns the services described in chapter 13.

Note on data transfer to the USA
Among other things, our website includes tools from companies based in the USA. If these tools are active, your personal data may be transferred to the US servers of these companies. We would like to point out that the USA is not a safe third country in terms of EU data protection law. US companies are obliged to release personal data to security authorities without you as the person concerned being able to take legal action against this. Therefore, it cannot be excluded that US authorities may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.

 

8. How long will my data be stored? When will they be deleted?

We delete or make anonymous your data as soon as they are no longer required for the purposes for which we have processed them and no legal retention periods stand in the way of deletion. If we need your data for other, legally permissible purposes, we do not delete the data. This is the case, for example, if we have to keep it for commercial or tax law reasons. However, we then process the data only to a limited extent, e.g. by blocking it.

In your claim for deletion we are guided by Article 17 DS-GVO (“Right to be forgotten”) and Article 18 DS-GVO (Right to restrict processing).

 

9. What rights do I have?

You have the following rights in relation to your data:

  • Right to information, Art. 15 DS-GVO
  • Right of rectification, Art. 16,
  • Right of deletion, Art. 17 DS-GVO
  • Right to restrict processing, Art. 18 DS-GVO
  • Right to object to processing, Art. 21 DS-GVO
  • Right to data transferability, Art. 20 DS-GVO
  • the right to complain to a data protection supervisory authority about our processing of your personal data.

In the following paragraphs 9.1 to 9.8 we inform you in detail about your rights.

 

9.1 How can I exercise my right to information?

You can request information from us at any time about the data we process concerning you. Simply write us a letter or an e-mail to the contact address mentioned in section 1 of this privacy policy.

The type and scope of the right to information is defined in Art. 15 DS-GVO.

 

9.2 When and how can I have my data corrected?

Is the data we process about you incorrect? Then you can demand that we correct this data immediately. To do so, please contact the contact address mentioned under point 1.

 

9.3 When must my data be deleted?

Under certain circumstances, you have the right to demand that we delete your data. You can exercise this right, for example, if

  • your data are no longer necessary for the purposes for which they were processed in case of unlawful processing
  • if you have objected to the processing; or
  • if there is an obligation to delete the data according to Union law or German law.

If you would like us to delete your data, please contact us at the contact address mentioned under point 1.

Art. 17 DS-GVO describes the conditions that must be fulfilled to request the deletion of data.

 

9.4 What does “right to restrict processing” mean?

Under certain conditions you can demand that we process your data only to a limited extent, e.g. if

  • there is a dispute between you and us as to whether the data we process about you is correct: For the duration of the review, we may only process your data to a limited extent;
  • you have the right to delete your data (see above), but you demand limited processing from us instead;
  • we no longer need your data for the purposes we pursue, but you need it in order to assert, exercise or defend legal claims; or
  • you have exercised your right of objection, but it is still disputed whether the objection was justified.

You can contact us at the address mentioned in point 1 to exercise your right to limit the processing.

The right to restrict processing follows from Art. 18 DS-GVO.

 

9.5 What does “right to data transferability” mean?

According to Art. 20 DS-GVO you have the right to receive the data you have provided us with in a structured, common, machine-readable format. To do so, please contact the address given under point 1.

 

9.6 How do I exercise my right of objection?

If we base the processing of your data on a balancing of interests, you can object to the processing. If you exercise such an objection, we ask you to state the reasons why we should not process your data as we have done. If your objection is justified, we will examine the facts of the case. We will then either stop or adapt the data processing or, if necessary, show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

Of course, you can object to the processing of your data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising by using the contact data mentioned in section 1.

Article 6 Paragraph 1 f DS-GVO determines when data processing is permissible on the basis of a weighing of interests. This provision constitutes a so-called exceptional circumstance for cases in which processing is not possible in accordance with the alternatives in Article 6 (1) a to e. The legitimate interest of the data controller must outweigh the interest of the data subject.

The right of revocation against such processing is governed by Article 21 (1) of the DPA.

 

9.7 How can I withdraw my consent?

If you have given consent to the processing of your data, you can revoke it at any time. If you revoke your consent, the permissibility of processing your data will change.

 

9.8 When and how can I complain to the supervisory authority?

If you do not agree with the way we process your data or react to your data protection concerns, you can contact the relevant supervisory authority. The contact details of the authority are as follows:

State Commissioner for Data Protection Lower Saxony
Prinzenstraße 5
30159 Hannover

Phone: (+49 5 11) 120 45 00
Fax: (+49 5 11) 120 45 99
e-mail: poststelle@lfd.niedersachsen.de

 

10. Is it a legal or contractual requirement that I provide my data?

You are not required by law or contract or for any other reason to provide us with your information on our website.

We also do not need the data processed by visiting our website in order to conclude a contract, unless you wish to conclude a contract with us in this way.

However, if you do not provide us with the data we require, you may not be able to make full use of our online services.

 

11.Are there automated decision-making processes in connection with my data?

No automated decision making or profiling is used on our website.

 

12. What are the general functions and offers of our website?

If you use our website exclusively for your information (and neither register nor send us information via the site), we only collect the data that your browser sends to our server. When you view the website, we collect the data listed below. This data is technically necessary to display our website and to ensure its stability and security:

  • IP address,
  • Date and time of the request,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Content of the request (concrete page),
  • Access status/HTTP status code,
  • amount of data transferred in each case,
  • Website from which the request comes,
  • Browser,
  • Operating system and its interface,
  • Language and version of the browser software.

The legal basis for the processing is Article 6 Paragraph 1 S. 1 f DS-GVO.

In addition to this data, cookies are stored on your computer when you use our website. A cookie consists of a key-value pair with the elements “Key” = name of the cookie (e.g. dt_id) and “Value” = content of the cookie (e.g. hfcjakdf3424fnewl.

As a result, certain information flows to us. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer altogether more user-friendly and efficient.

 

Use of cookies:

a) This website uses the following types of cookies, the scope and function of which are explained below:

  • Transient cookies (in addition b),
  • Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

d) You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the features of this website.

 

13. What special features and offers does our website offer?

We do not only provide information on our website, but also offer various functions and services which you can use if you are interested. Usually further data must be processed in order to use the respective functions and services. Our above data processing principles also apply to these data.

We offer the following additional functions and services on our website:

 

13.1 Data processing on our website

Font Awesome
This site uses so-called web fonts, provided by Fonticons, Inc., for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.

For this purpose, the browser you use must connect to the servers of Fonticons, Inc. This allows Fonticons, Inc. to know that your IP address was used to access our website. The use of web fonts is in the interest of a consistent and attractive presentation of our online offerings. This represents a legitimate interest in the sense of Art. 6 Par. 1 lit. f DS-GVO.

If your browser does not support web fonts, a standard font from your computer will be used.

Further information about Font Awesome can be found at https://fontawesome.com and in the privacy policy of Fonticons, Inc.: https://fontawesome.com/privacy.

 

Google Maps
(1) On this website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.

(2) By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the data mentioned under point 12 of this declaration is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not want the assignment with your profile at Google, you have to log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide need-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

(3) For further information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider’s privacy policy. There you will also find further information on your rights and settings options to protect your privacy: https://policies.google.com/privacy. Google also processes your personal data in the USA.

 

Google Fonts
External fonts (Google Fonts) are used on these Internet pages. Google Fonts is a service of Google Inc. (“Google”). The integration of these Web Fonts is done by a server call, usually a Google server in the USA. This transfers to the server which of our Internet pages you have visited. The IP address of the browser of the end device of the visitor to this website is also stored by Google. You will find more information in the Google data protection information, which you can download here:

https://fonts.google.com/about#AboutPlace:about

https://policies.google.com/privacy?hl=en

The legal basis for the processing is Art. 6 para. 1 letter f DS-GVO. Our legitimate interest lies in the highest possible functionality of the Internet presence. The use of Google fonts improves the loading time of the fonts and thus the website as a whole.

 

Contact form
If you send us inquiries via contact form or e-mail, we will save your details from the form or your e-mail, including the contact details you provided there, in order to process your inquiry and to be able to answer any follow-up questions. Your name and e-mail address are required to contact you, the remaining information in the contact form is voluntary. We will not pass on this data without your consent.

The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 Para. 1 letter f DS-GVO and, if applicable, Art. 6 Para. 1 letter b DS-GVO, if your request is aimed at the conclusion of a contract. Your data will be deleted after the final processing of your inquiry, provided that there are no legal storage obligations to the contrary. In the case of Art. 6 Para. 1 letter f DS-GVO, you can object to the processing of your personal data at any time.

 

13.2 Data processing via Social Media Plugins

Facebook and Instagram
When you visit our Facebook and Instagram pages, through which we present our company or individual products from our range, certain information about you is processed. The only persons responsible for this processing of personal data are

a) Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
b) Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)

Further information about the processing of personal data by Facebook can be found at https://www.facebook.com/privacy/explanation.

Facebook offers the opportunity to object to certain data processing; information on this and opt-out options can be found at https://www.facebook.com/settings?tab=ads.

Facebook provides us with anonymous statistics and insights for our Facebook and Instagram pages that help us gain insight into the types of actions that people take on our site (so-called “page insights”). These Page-Insights are created based on certain information about people who have visited our site. This processing of personal data is done by Facebook and us as jointly responsible parties. The processing serves our legitimate interest in evaluating the types of actions performed on our site and improving our site based on this information. The legal basis for this processing is article 6 paragraph 1 letter f) DS-GVO. We cannot assign the information obtained via the Page Insights to individual Facebook profiles that interact with our Facebook Page. We have entered into an agreement with Facebook on processing as jointly responsible parties, which defines the distribution of data protection obligations between us and Facebook. For details on the processing of personal data to create Page Insights and the agreement concluded between us and Facebook, please visit https://www.facebook.com/legal/terms/information_about_page_insights_data.

With regard to these data processing activities, you have the opportunity to assert your rights as a data subject (see “Your rights”) also against Facebook. Further information on this can be found in Facebook’s privacy policy at https://www.facebook.com/privacy/explanation.

Please note that according to the Facebook data protection regulations, user data is also processed in the USA or other third countries. Facebook only transfers user data to countries for which an appropriateness decision of the European Commission has been made in accordance with Art. 45 DS-GVO or on the basis of suitable guarantees in accordance with Art. 46 DS-GVO.

 

Objection by Facebook and Instagram
In the following linked information, the respective processing and the possibilities of objection (opt-out) are described in detail:

  • Privacy policy of Facebook
  • Opt-Out with Facebook

 

13.3 Further data processing

Applications
If you apply to our company, we process your application data exclusively for purposes related to your interest in a current or future employment with us and the processing of your application. Your application will only be viewed and processed by the relevant contact persons. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you provide for up to three months after a possible rejection for the purpose of answering questions in connection with your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage. The legal basis for data processing is 26 para. 1 sentence 1 BDSG. Should we store your applicant data for a period of six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 Para. 3 DS-GVO. Such a revocation does not affect the lawfulness of the processing, which has taken place until revocation based on the consent.

 

14. Does cooperation with processors and third parties take place?

If we wish to use commissioned service providers for individual functions of our offer or use your data for advertising purposes, we will inform you in detail about the respective processes. We will also state the specified criteria for the storage duration.

We will only transfer your data to third parties or commissioned service providers if we have

  • a legal permission,
  • Your consent,
  • the fulfilment of a legal obligation, or
  • our legitimate interests

can fall back on. We select our external service providers carefully. They are bound by our instructions and are regularly checked.

If we conclude an “order processing contract” with third parties and your data is processed within this framework, we observe the provisions of Article 28 DS-GVO.

 

15. What security measures do we use to protect your data?

We have taken suitable technical and organizational measures to ensure the protection of your data.

SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and the lock symbol is displayed in your browser line..

If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

We guarantee the “appropriate level of protection” required by Article 32 DS-GVO and have taken the following factors into account:

  • State of the art
  • Implementation costs
  • Type of processing
  • Scope of processing
  • Circumstances of the processing
  • Purposes of processing
  • Probabilities of occurrence
  • Severity of risk for
    • Destruction of data
    • Loss of data
    • Change of data
    • unauthorized disclosure of personal data
    • unauthorized access to personal data

This has enabled us to ensure the confidentiality, integrity, availability and resilience of our systems and services.

 

16. Changes to this privacy policy

We ensure that this privacy policy is always up to date. We therefore reserve the right to adapt it if necessary and to include changes in the processing of your data.

 

17. Explanation of some data protection terms

Anonymization

Anonymization occurs when the personal reference of data is removed in such a way that it cannot be restored or can only be restored with a disproportionate expenditure of time, cost and manpower.

An absolute anonymization, which means that nobody can restore the personal reference, is often not possible and is usually not required by data protection law. It is then sufficient that re-identification is practically impossible, because it would involve an extraordinarily high effort.

 

Order processing

The term is defined in Art. 4 No. 8 DS-GVO:

“Processor” [is] a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

The data controller must ensure that the contractor takes the necessary and appropriate technical and organizational measures to protect the processed data. The data processing must be carried out in accordance with the provisions of data protection law. In other words, the contractor must treat the data with the same sensitivity as the client.

 

Data protection through technology design (“data protection by design”)

The technology must follow the applicable law. Therefore, data protection must be taken into account as early as the conception of programs or the programming itself. Appropriate technical and organizational measures through technology design are, for example:

  • the pseudonymization or encryption of data (purpose: not easy to evaluate in the event of misuse or loss, Art. 32 para. 1 a DS-GVO)
  • the anonymisation of data without reference to persons (Art. 32 DS-GVO only gives examples)
  • the technical integration of data protection notices (purpose: transparency, Art. 5 para. 1 a DS-GVO)
  • Authentication procedure to ensure exclusive access by authorized users (for data minimization, Art. 5 para. 1 f DS-GVO)
  • special marking of data records (electronic labelling, so-called tag; helpful for compliance with the purpose limitation principle, Art. 5 (1) b DS-GVO)

 

Data protection through data protection-friendly default settings (“data protection by default”)

This provision in Art. 25 (2) DS-GVO is new and is likely to apply in particular to Internet services and social networks. In principle, the principle of data minimization is to be implemented by means of technical presettings. According to this, the technical systems must be adapted to the principles of data protection with regard to:

  • the limitation to the respective processing purpose
  • the amount of personal data collected
  • the extent of their processing
  • the storage periods
  • their accessibility

Default settings are the variables that the responsible person gives to the users of his data processing system. The user must therefore enter them or select them by “clicking”.

 

Privacy policy (website)

The data protection declaration on a website is intended to inform consumers as users about the extent to which data is processed, what is done to protect their privacy and what rights they have.

Among other things, the declaration describes how personal data is collected, used or passed on to third parties by the operator. The DS-GVO requires clear and understandable language (no “technical jargon”).

 

Integrity of data

Term: Stored personal data must be protected from being damaged by system malfunctions.

Protection: Backup concept (backup copies), secure storage of data.

Control: authorization for data backup, sensitization, patch management (security holes, updates).

 

Personal data

The term is defined in Art. 4 No. 1 DS-GVO:

„ […] any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.“

Examples: name, address, date of birth, personal number, IP addresses, cookies, location data, biometric data.

 

Pseudonymisation (Art. 4 No. 5, 25 para. 1, 32 para. 1 a DS-GVO)

Term:

The reference to a person is partially removed (restricted) and cannot be restored without additional information (e.g. identification data).

Requirements:

  • no assignment of data without identification data
  • separate storage of identification data by the responsible person
  • technical and organizational measures to protect identification data (access)

 

Example:
Medical data and personal data are separated and can only be assigned by the identification data.

Protection:
Appropriate measures to ensure data security, especially in the case of higher protection requirements (Art. 24, 25, 32 DS-GVO).

 

State of the art (Art. 25, 32 DS-GVO)

The state of the art includes the technological tools available to ensure, for example, appropriate encryption or reliable pseudonymization.

The security of the processing must be “in accordance with the state of the art” and by “appropriate technical and organisational measures” (TOMs) (Art. 24, 32 DS-GVO).

Furthermore, the DS-GVO mentions data protection by “technology design” and “data protection-friendly presettings”. Confidentiality, integrity, availability and resilience of the data processing systems must thus be ensured.

It is not necessarily necessary to use the best available technologies. It is sufficient to use proven and efficient technology.

Concretization:

  • IT-Grundschutzkompendium of the BSI, BSI Standard 200-2
  • Standard Data Protection Model (SDM)
  • ISO-27000-Normenreihe
  • other recommendations of governmental agencies

 

Technical and organizational measures (TOM)

The so-called “TOMs” are measures designed to ensure an adequate level of protection for personal data (Art. 32 DS-GVO). Examples: Pseudonymisation and encryption, security locks, firewall, virus scanner, authorisation concept, fire alarm and extinguishing equipment, air conditioning, security rooms, alarm systems, etc.

 

© This privacy policy was created by the ORA GmbH (www.ora-gmbh.com).

Status: October 2020

Your cookie settings

You can change your cookie settings at any time or view additional information to select only certain cookies.

Change cookie settings

Your cookie selection history

DateVersionConsents