Privacy Notice
Introduction
This Privacy Notice is intended to inform you of the types of personal information (hereinafter referred to as “data”) we process, and the scope and purposes of this processing. This Privacy Notice applies to all processing of personal data we carry out, both as part of the performance of our services and in particular on our website, on mobile applications and within external online presences such as our social media profiles (hereinafter all referred to as “online content”)
Valid as of: 16 November 2020
Contents
- Introduction
- Controller
- Overview of data processing
- Relevant legal bases
- Security measures
- Transfer and disclosure of personal data
- Data processing in third countries
- Use of cookies
- Provision of online content and web hosting
- Contact
- Online marketing
- Plug-ins, embedded functions and content
- Data deletion
- Changes and updates to the Privacy Notice
- Rights of the data subject
- Definitions
Controller
Virobuster International GmbH
Eduard-Rhein Straße 52
D-53639 Königswinter
Tel.; +49 (0) 2244 8440-300
Authorised representatives: Thomas Rous, Fahmi Yigit, Herman Nanninga
Email address: info@virobuster.com
Overview of data processing
This summary details the types of information we process and the purposes for which they are processed, and notes the data subjects concerned.
Types of data processed
- Inventory data (e.g. names, addresses)
- Content data (e.g. information entered on online forms)
- Contact data (e.g. email addresses, telephone numbers)
- Meta/communication data (e.g. device information, IP addresses)
- Use data (e.g. pages visited, interest in content, access time)
- Location data (information on the geographical location of a device or person)
Categories of data subject
- Interested parties
- Communication partners
- Users (e.g. website visitors, online service users)
Reasons for processing
- Provision of our online content and user-friendliness
- Conversion tracking (measuring the efficacy of marketing measures)
- Content delivery network (CDN)
- Interest-based and behavioural marketing
- Contact requests and communication
- Profiling (creation of user profiles)
- Remarketing
- Reach measurement (e.g. access statistics, identification of returning visitors)
- Security measures
- Tracking (e.g. interest/behaviour-based profiling, use of cookies)
- Performance of contractual services and customer services
- Enquiry management and response
Relevant legal bases
We process your data in compliance with the provisions of the General Data Protection Regulation (GDPR), as explained below. Please note that additional national data protection requirements may apply in your/our country of residence/home state. If specific provisions apply in individual cases, this is mentioned in the Privacy Notice.
- Consent (Art. 6 (1)(1)(a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Performance of contract or pre-contract requests (Art. 6 (1)(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Legitimate interests (Art. 6(1)(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Security measures
In line with the legal requirements, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
These measures include ensuring the confidentiality, integrity and availability of data through the controlling of physical and electronic access to the data, as well as the relevant input, disclosure, safeguarding of availability and separation of this data. Furthermore, we have established procedures to ensure awareness of the rights of data subjects, the deletion of data and responses to data threats. We also take data protection into account when developing/choosing hardware, software and data protection procedures, by means of technology design and privacy-enhancing default settings.
Transfer and disclosure of personal data
As part of the data processing we carry out, we may transfer or disclose data to other offices, companies, legally independent organisational units or persons. The recipients of this data may include payment institutions in the context of payment transactions, IT service providers and website service/content providers. In such cases, we comply with legal requirements and conclude the appropriate contracts/agreements to ensure data protection with data recipients.
Data processing in third countries
Where we process data in third countries (i.e. outside the European Union (EU) and the European Economic Area (EEA)), or processing takes place in the context of the use of third-party services, or data is transferred/disclosed to other persons, offices or companies, this takes place exclusively in compliance with legal provisions.
In the absence of explicit consent or contractually or legally necessary transfer, we only process or allow the processing of data in third countries with a recognised adequate level of data protection, contractual obligations under standard data protection clauses adopted by the European Commission, certification or binding corporate data protection rules (Art. 44 to 49 GDPR, EC information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).
Use of cookies
Cookies are text files containing data on visited websites and domains that are saved on a user’s computer by a browser. Cookies are primarily intended to save information about a user during and after a visit to online content. The information saved can include language settings on a website, login status, shopping basket, or the location in which a video was viewed. Cookies also refer to other technologies with the same functions as cookies (e.g. where user information is saved using pseudonymised online tags called user IDs).
The following cookie types and functions are used:
- Temporary cookies (also called session cookies): Temporary cookies are deleted at the latest when a user leaves online content and closes the browser.
- • Permanent cookies: Permanent cookies remain saved after the browser is closed. This means that login status can be saved, for example, or preferred content shown immediately when the user returns to the website. In addition, these cookies can save user interests, which are used for reach measurement and marketing purposes.
- First-Party-Cookies: First-party cookies are set by us.
- Third-Party-Cookies: Third-party cookies are mainly used by advertisers (third parties) to process user information.
- Essential (necessary) cookies: Cookies can be essential for a website to work (e.g. to save logins or other user inputs or for security reasons).
- Analytics, marketing and personalisation cookies: Cookies are also regularly used to measure reach, and where a user’s interests or behaviour (e.g. viewing of specific content, use of functions etc.) on individual web pages is saved as a user profile. These profiles can be used to show content that may correspond to the user’s interests. This is called tracking. Where cookies or tracking technologies are used, this is specifically mentioned in our Privacy Notice or as part of the consent procedure.
Reference to legal basis: The legal basis under which we process your personal information using cookies depends on whether we request your consent. If this is the case, and you consent to the use of cookies, your data is processed under the principle of informed consent. In other cases, data processed using cookies takes place under the principle of our legitimate interests (e.g. for the business operation of our online content and its improvement) or, if the use of cookies is essential, in order to perform our contractual duties.
Storage period: If we do not provide explicit information on the length of time for which permanent cookies are stored (e.g. as part of a cookie opt-in), please assume that the storage period can be up to two years.
General information on revocation or opposition (opt out): Depending on whether processing is carried out on the basis of consent or legal authorisation, you may revoke your consent or oppose the processing of your data using cookie technology at any time (both referred to as “opt out”). You can declare your opposition using your browser settings, for example by disabling the use of cookies. Please note that this may limit the performance of our online content. You can also oppose the use of cookies for the purposes of online marketing using various services, particularly in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ addition, you may receive further opposition notices as part of the information on service providers and cookies used.
Processing cookie data on the basis of consent: Before we process or allow the processing of data in the context of cookie use, we ask the user for consent, which may be withdrawn at any time. Before consent is given, cookies essential for the operation of our online content are used.
- Types of data processed: Use data (e.g pages visited, interest in content, access time), meta/communication data (e.g. device information, IP addresses).
- Data subjects: Users (e.g. website visitors, online service users)
- Legal basis: Consent (Art. 6(1)(1)(a) GDPR), Legitimate interests (Art. 6(1)(1)(f) GDPR)
Provision of online content and web hosting
In order to provide our online content safely and efficiently, we use services from one or more web hosting providers, who own or manage servers on which our online content can be accessed. For these purposes, we may use infrastructure and platform services, computing capacities, memory, database services, security services and technical maintenance services.
Data processed in the context of the provision of the hosting offer can include all information relating to users of our online content collected through usage and communication. This routinely includes the IP address, which is required to deliver online content to browsers, and all information entered within our online content or by websites.
Email sending and hosting: The web hosting services we use also include the sending, receiving and saving of emails. For these purposes, the addresses of recipients and senders, as well as other information about the email transfer (e.g. provider) and the content of the email itself are processed. This data can also be processed to identify spam. Please note that emails are generally not encrypted when sent over the internet. In general, emails are encrypted during transport but not on the servers via which they are sent and received (unless end-to-end encryption is not used). We therefore accept no liability for the transmission route of emails between the sender and their receipt on our server.
Recording of access data and log files: We (or our web hosting provider) collect data each time the server is accessed (server log files). Server log files can include the address and name of the web pages and data accessed, the date and time when it was accessed, the amount of data transferred, records of successful access, browser type and version, user operating system, referrer URL (previously visited page) and as a rule IP addresses and the requesting provider.
Server log files may be used for purposes of security, e.g. to avoid server overloading (particularly in the case of DDoS attacks), and to ensure the capacity of the server and its stability.
Content delivery network: We use a content delivery network (CDN). This is a service that is used to deliver online content quickly and safely, in particular large media files such as graphics and program scripts via regionally distributed servers connected over the internet.
- Types of data processed: Content data (e.g. information entered on online forms), Use data (e.g pages visited, interest in content, access time), Meta/communication data (e.g. device information, IP addresses).
- Data subjects: Users (e.g. website visitors, online service users)
- Reasons for processing: Content delivery network (CDN)
- Legal Basis: Legitimate interests (Art. 6(1)(1)(f) GDPR)
Contact
When you contact us (e.g. via contact form, email, telephone or social media), your information is processed to the extent required to reply to your enquiry or take steps at your request.
Replying to enquiries in the context of contractual or pre-contractual relationships forms part of the performance of our contractual duties or to reply to (pre)contractual requests and also takes place for the purposes of the legitimate interests to answer requests.
- Types of data processed: Inventory data (e.g. names, addresses), Contact data (e.g. email addresses, telephone numbers), Content data (e.g. information entered on online forms).
- Data subjects: Communication partners
- Reasons for processing: Contact requests and communication
- Legal basis: Performance of a contract and precontractual requests (Art. 6(1)(1)(b), Legitimate interests (Art. 6(1)(1)(f) GDPR)
Online marketing
We process personal data for the purposes of online marketing, which can include in particular the marketing of advertising space, the displaying of advertising and other content (referred to as ‘content’) on the basis of potential user interests and the measuring of advert efficacy.
For these purposes, user profiles are created and saved in a file (cookie) or a similar process is used to save user information that is relevant for the displaying of such content. This information can include content viewed, web pages visited and online networks used, as well as communication partners, technical information such as the browser and computer system used, and information on usage times. If users have consented to their location data being recorded, this can also be processed.
User IP addresses are also saved. However, we use available IP masking procedures (i.e. pseudonymisation using shortened IP addresses) to protect the user. In general, no identifiable user data (such as email addresses or names) is saved for the purposes of online marketing. Instead, pseudonyms are used. In other words, neither we nor the online marketing service provider know the actual identity of the user. We only have access to the information saved in profiles.
The information in profiles is usually saved in cookies or using similar procedures. These cookies can generally be read on other websites that use the same online marketing procedures, analysed to show content, completed with additional data and saved on the server of the online marketing provider at a later point.
Identifiable data may be assigned to profiles in exceptional cases. This is the case, for example, when users are members of a social network and we use the online marketing procedures proposed by the social network, which connects the aforementioned information with the user’s profile. Please note that users can enter into additional agreements with service providers, for example by giving consent during the registration process.
In general, we only have access to summarised information about the success of our advertising. However, we can carry out conversion measurements, to find out which of our online marketing procedures have led to conversions (conclusion of a contract). Conversion measurements are only used to analyse the success of our marketing measures.
Unless otherwise stated, please assume that any cookies used are saved for a period of two years.
Reference to legal basis: Where users are asked to give their consent for the use of third-party providers, processing is permitted under the principle of consent. Otherwise, user data is processed under the principle of our legitimate interests (i.e. providing efficient, cost-effective and user-friendly services). Please also refer to the information on the use of cookies included in this Privacy Notice.
- Types of data processed: Use data (e.g pages visited, interest in content, access time), meta/communication data (e.g. device information, IP addresses).
- Data subjects: Users (e.g. website visitors, online service users), Interested parties.
- Reasons for processing: Tracking (e.g. interest/behaviour-based profiling, use of cookies), Remarketing, Conversion tracking (measuring the efficacy of marketing measures), Interest-based and behavioural marketing, Profiling (creation of user profiles), Reach measurement (e.g. access statistics, identification of returning visitors).
- Security measures: IP masking (pseudonymisation of IP address).
- Legal basis: Consent (Art. 6(1)(1)(a) GDPR), Legitimate interests (Art. 6(1)(1)(f) GDPR)
- Opposition (opt out): Please refer to the Privacy Notices of the relevant service provider and the opt out options provided. If no explicit opt out options are given, it is possible to disable cookies in your browser settings. However, this may limit the performance of our online content. We therefore recommend using the following opt out services, which are offered for specific regions: a) Europe: https://www.youronlinechoices.eu. b) Kanada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Unrestricted: https://optout.aboutads.info.
Services and service providers used:
- Google Analytics: Online marketing and web analysis; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy notice: https://policies.google.com/privacy; Opposition (opt-Out): Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for inclusion of advertisements: https://adssettings.google.com/authenticated.
Plug-ins, embedded functions and content
Our online content contains function and content items obtained from the servers of service providers (“third-party providers”). This can include graphics, videos, social media buttons and posts (“content”).
This use always requires third-party providers of this content to process user IP addresses, as the content cannot be sent to the browser without the IP address. The IP address is therefore essential for this content or function to be displayed. We make every effort to ensure that this content is only used if the provider uses IP addresses solely for the delivery of the content. Third-party providers may also use pixel tags (invisible graphics, also called web beacons) for analytics and marketing purposes. Pixel tags can be used to analyse information such as visitor traffic to pages of a website. Pseudonymised information can also be saved on the user’s computer in cookies and include technical information on the browser and operating system, referring websites, viewing time and other information on the use of our online content. This information can also be associated with similar information from other sources.
Reference to legal basis: Where users are asked to give their consent for the use of third-party providers, processing is permitted under the principle of consent. Otherwise, user data is processed under the principle of our legitimate interests (i.e. providing efficient, cost-effective and user-friendly services). Please also refer to the information on the use of cookies included in this Privacy Notice.
- Types of data processed: Use data (e.g pages visited, interest in content, access time), Meta/communication data (e.g. device information, IP addresses), Location data (information on the geographical location of a device or person), Inventory data (e.g. names, addresses), Contact data (e.g. email addresses, telephone numbers), Content data (e.g. information entered on online forms).
- Data subjects: Users (e.g. website visitors, online service users)
- Reasons for processing: Provision of our online content and user-friendliness, Performance of contractual services and customer services, Security measures, Enquiry management and response.
- Legal basis: Legitimate interests (Art. 6(1)(1)(f) GDPR), Consent (Art. 6(1)(1)(a) GDPR), Performance of a contract and precontractual requests (Art. 6(1)(1)(b).
Services and service providers used:
- Google Fonts: We use fonts from Google. In this case, user data is used solely to display fonts in the user’s browser. This takes place under the principle of our legitimate interest in ensuring the safe, maintenance-free and efficient use of fonts and their uniform display in line with any possible licensing restrictions. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://fonts.google.com/; Privacy notice: https://policies.google.com/privacy.
- Google Maps: We use maps from the service “Google Maps” provided by Google. The data processed can include user IP addresses and location data, although this is not collected without your consent (generally through your mobile device settings); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/maps-platform; Privacy Notice: https://policies.google.com/privacy; Opposition (opt-out): Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for inclusion of advertisements: https://adssettings.google.com/authenticated.
- YouTube-Videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy Notice: https://policies.google.com/privacy; Opposition (opt-out): Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for inclusion of advertisements: https://adssettings.google.com/authenticated.
Data deletion
The data we process is deleted according to the provisions of the legal guidelines, as soon as consent for processing is withdrawn or other events occur (e.g. the purpose for processing the data is no longer applicable or the data is not required for the purpose).
If data are not deleted because they are required for other lawful purposes, their processing will be limited to these purposes. In other words, these data are locked and not processed for other purposes. This applies, for example, to data that must be kept for business or tax law reasons, or data retention for the establishment, exercise or defence of legal claims, or to protect the rights of other natural or legal persons.
Further information on the deletion of personal data can be found in the individual data protection notices of this Privacy Notice.
Changes and updates to the Privacy Notice
Please consult our Privacy Notice regularly. We adapt the Privacy Notice as soon as necessary due to changes in the data processing we carry out. We will inform you if any changes require action on your part (e.g. consent) or other individual notification is necessary.
Where this Privacy Notice includes addresses and contact information for companies and organisations, please note that these details may change over time. Please verify the details before contacting the company/organisation in question.
Rights of the data subject
As a data subject, you have various rights under the GDPR, specifically those listed in Articles 15 to 21 of the GDPR.
- Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
- Withdrawal of consent: You have the right to withdraw consent you have given at any time.
- Right of access: You have the right to obtain confirmation as to whether or not your personal data are being processed, and, where that is the case, access to the personal data and further information and copies of the data in line with the legal guidelines.
- Right to rectification: You have the right to obtain the rectification of inaccurate personal data and to have incomplete personal data completed in line with the legal guidelines.
- Right to erasure and restriction of processing: According to the provisions of the legal guidelines, you have the right to obtain the erasure of your personal data or the restriction of its processing.
- Right to data portability: According to the provisions of the legal guidelines, you have the right to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format or transmit those data to another controller.
- Complaints to supervisory authorities: According to the provisions of the legal guidelines, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
Definitions
This section provides definitions of terms used in this Privacy Notice. Many of the terms are taken from the GDPR and are defined in Article 4. The legal definitions are binding. The following explanations are solely to assist with understanding. The terms are given in alphabetical order.
- Content delivery network (CDN): This is a service that is used to quickly and safely deliver online content, in particular large media files such as graphics and program scripts via regionally distributed servers connected over the internet.
- IP masking: IP masking is a method that removes the last octet (the last two figures) of an IP address, so that the IP address can no longer be used to explicitly identify a person. It is therefore a means of pseudonymisation for processing procedures, in particular for online marketing.
- Interest-based and behavioural marketing: Interest-based and behavioural marketing is the term used when the potential interests of users are matched to adverts and other content as closely as possible. This is done using information on previous behaviour (e.g. visiting specific web pages and how long is spent on them, buying behaviour, interactions with other users), saved as a profile. In general, cookies are used for this.
- Conversion measurement: Conversion measurement is a way to determine the efficacy of marketing measures. In general, a cookie is saved on the user’s device within the website on which the marketing measure is found, and then accessed again on the target website. This allows us to measure, for example, whether adverts we place on other websites are successful.
- Personal data: Personal data is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to analyse or evaluate certain personal aspects relating to a natural person (which, depending on the type of profiling, can include information on age, sex, location and movements, interactions with websites and their content, buying behaviour, social interactions with others) or in order to predict said aspects (e.g. interest in particular content or products, click behaviour on a website or place of residence). Cookies and web beacons are often used for profiling.
- Reach measurement: Reach measurement (also called web analytics) is used to evaluate visitor flows to online content and can include the behaviour of visitors or their interest in particular information, such as web page content. Reach measurement can help website owners identify, for example, the time at which visitors view their website and the content in which they are interested. This can then be used to adapt website content to better meet the needs of its visitors. For reach measurement, pseudonymised cookies and web beacons are often used in order to recognise repeat visitors and obtain a more precise analysis of how online content is used.
- Remarketing: Remarketing or retargeting is where products that interest a user on a website are noted for marketing purposes, in order to remind the user of these products on another website, for example in adverts.
- Location data: Location data is obtained when a mobile device (or another device with the technical settings to enable location determination) is connected with a radio cell, WLAN or similar technical intermediaries and location determination functions. Location data are used to determine the geographical position of the device in the world. They can be used to display map functions or other location-dependent information.
- Tracking: Tracking is when the behaviour of users can be identified across the internet. In general, information on the user’s behaviour and interests with regard to the online content used is saved in cookies or on servers owned by the tracking technology provider (profiling). This information can then be used to show users adverts that predominantly correspond to their interests.
- Controller: Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processing: Processing means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is wide-reaching and covers practically all data processes, including collection, analysis, storage, transmission and erasure.
Let us find the right solution for you!
We look forward to hearing from you – call us on
+49 (0) 2244/8440-300 or email us.
The VIROBUSTER® Service
From providing information on the most efficient air purification concept to installation on your premises.
Advice
Are you interested in UV-C air purification, would like to switch or don’t know which system is right for you? Ask us - we’ll be happy to advise.
Planning
Do you have specific requirements or your own ideas? Contact us to plan your individual project and make your company future-proof in terms of UV-C air purification.
Installation
We also handle delivery and installation, so that you can focus on what’s important for you.
Service
We’re here for you after installation and commissioning. Do you need replacement parts, or information on your devices and UV-C air purification? Get in touch!