You can print or save this document to your computer by using the print function of your browser.
1 Office Responsible
1.1 The controller for data processing
The office responsibles for the collection, processing and use of your personal data is
- TUNAP AG, Weinfelderstrasse 19, 8560 Märstetten
1.2 Responsible person
- TUNAP AG: Dieter Amrhein
1.3 Contact details of data protection officer
Insofar as you wish to revoke the collection, processing or use of your data by TUNAP in accordance with these data protection provisions, you are kindly asked to send this revocation by e-mail, fax or letter to the following contact address:
- Letter: TUNAP AG, Datenschutzbeauftragter, Weinfelderstrasse 19, 8560 Märstetten
- Fax: +41 (0) 71 / 659 04 08
- E-mail: email@example.com
2 General Remarks and Mandatory Information
2.1 Data protection
Data protection is ubiquitous at TUNAP. Data protection protects the persons behind the data stored or processed in companies. The objective of data protection and the primary goal of TUNAP is to handle personal data in a way that nobody's personal rights are affected.
The European General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (FDPA) impose a whole series of obligations to the entities responsible for processing personal data.
Personal data may only be collected and processed if it is explicitly permitted by the GDPR. The essential underlying principles of the GDPR are:
- Lawfulness of processing, fairness of processing, transparency
- Purpose limitation
- Data minimization
- Accuracy of data processing
- Storage limitation and erasure concepts
- Integrity and confidentiality
2.2 Purpose of data collection, processing or use
Research, development, production and sales from a single source. With innovations and reliable products from our R&D and production and with our comprehensive international direct sales organization, TUNAP is successful and indispensable partner of several industries. From the businessmanagement consultation, technical product training through to working safely with chemicals, TUNAP offers a complete consultation program.
The company collects, processes and uses personal data entirely for the purpose of preparing and performing contracts or of complying with statutory obligations or it does so with the consent of the data subject. The relevant groups of data subjects are
- present employees,
- former employees,
- job applicants,
- persons expressing interest,
- service providers and
- other business associates.
The relevant data are all the personal data required for the fulfilment of a given purpose.
2.3 Legal basis
The legal basis for carrying out the aforementioned processes is defined in EU GDPR and, where applicable, in each country’s national data protection laws. In particular, please note EU GDPR Articles 4 to 7. EU GDPR Article 4 defines the relevant terms and refers to Recitals 26-37.
Should processing be required under Article 6 paragraph 1 point (f), then this is done entirely for the purpose of entering into or performing contracts, provided that processing does not conflict with the legitimate interest of the data subject, while also taking account of all statutory data protection requirements. When weighing the interests of data subjects and the contractual parties, a strict standard is always applied in favour of the data subject.
2.4 Potential recipients in data transfer
Potential recipients in the transfer of personal data:
- Public authorities where there is a statutory duty
- Service providers and other business associates where data transfer is required for the fulfilment of the relevant purpose and where a legal regulation either permits or requires transfer or where the data subject has given their consent
No further onward transfer of personal data is envisaged, and neither does it take place.
2.5 Planned data transfer to non-EU states
Should data need to be transferred to non-EU states, then this is done entirely for the purpose of entering into or performing contracts, provided that transfer does not conflict with the legitimate interest of the data subject, while also taking account of all statutory data protection requirements. If, in a given case, the company intends to transfer personal data to a non-EU country or to an international organisation, then it does so under EU GDPR Article 45, “Transfers on the basis of an adequacy decision”. If data transfer still takes place under Article 46 or Article 47 or Article 49 paragraph 1(2), we hereby refer to the availability of suitable warranties or binding corporate data protection rules or to the practice whereby a strict standard is always applied in favour of the data subject when weighing the interests of data subjects and contractual parties.
2.6 Time limits for the erasure of data
Personal data are erased under the prevailing statutory and contractual data erasure provisions, while taking account of statutory or contractual retention duties. Any personal data that are not subject to statutory or contractual retention or erasure duties are erased immediately upon becoming unnecessary for the fulfilment of the relevant purpose.
2.7 Right to information, rectification and erasure
Every data subject is entitled to receive information from the controller on their own personal data and is also entitled to rectification or erasure of their data or a restriction of processing or a right of revocation as well as the right of data portability.
2.8 Right of revocation
If processing is based on Article 6 paragraph 1 point (a) or on Article 9 paragraph 2 point (a), every data subject is entitled at any time to revoke their consent without affecting the lawfulness of consent-based processing conducted until revocation.
2.9 Right to lodge a complaint
Every data subject is entitled to assert their right to lodge a complaint with a supervisory authority.
2.10 Right to information
Every data subject is entitled to be told whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data.
2.11 Automated decision-making, including profiling
Decisions are made automatically, including profiling. The logic that is involved, the scope and the envisaged impact are defined as follows. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, based on algorithms. An automated decision in an individual case is one where the decision is made entirely on the basis of algorithms, without also being checked by a human being. Within the company this is done on the basis of EU GDPR Article 22, and the data subject may, if applicable, assert their rights arising from EU GDPR Article 22 paragraph 1.
2.12 Revocation of your consent to process data
Many data processing activities are only possible with your explicit consent. You can revoke a consent given at any time. An informal e-mail addressed to us is sufficient. The lawfulness of the data processing activity carried out before the revocation remains unaffected.
2.13 Right to complain with the supervisory authority in charge
In case of data breaches the data subject can file a complaint to the supervisory authority in charge. The supervisory authority in charge of data-protection issues is the data protection officer of the Federal Land, in which our company is located. A list of data protection officers and their contact details can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
2.14 Right to data portability
You have the right to receive the personal data, which we processes in an automated fashion on the basis of your consent or fulfilling a contract, in a commonly used and machine-readable format. Should you request the direct portability of the data to another controller this will only be done if it is technically feasible.
2.15 SSL and/or TLS encryption
This website uses SSL and/or TSL encryption for security reasons and to protection the transmission of confidential content such as orders or requests that you send to the website's operator. You can recognize an encrypted connection when you see that the address bar of your browser changes from “http://” to “https://” and when the lock symbol appears in your address bar. When the SSL and/or TSL encryption is activated the data that you transfer to us cannot be read by third parties.
2.16 Information, blocking, erasure
Within the framework of the applicable legal regulations you have the right to receive information, free of charge, about your stored personal data, its origin and recipient and the purpose of data processing and, if applicable, you have the right to rectification, blocking or erasure of this data. If you have further questions regarding personal data please do not hesitate to contact us anytime at the above address.
3 Collection, Processing and Use of Personal Data
3.1 Personal data
Personal data is considered to be details concerning the material or personal circumstances of a specific or specifiable natural person. The details concerned include your name, your customer number, your telephone number and your address as well as all account data you communicate to us upon the registration and opening of your customer account. Statistical data such as that we collect from visits to our web presence cannot be connected directly with your person is not included. These statistics include for example details of those pages that are particularly popular or of the number of users visiting specific pages of our web presence.
3.2 Customer account
For each customer appropriately registering with us, we set up password-protected, direct access to his/her data records (customer account) saved by us. You undertake to treat the personal access data in the strictest confidence and not to make it accessible to unauthorized third parties. We cannot assume any liability for the misuse of passwords unless we are responsible for the misuse concerned.
3.3 Collection, processing and use of your personal data
Data protection is very important to us. We therefore comply strictly with the statutory provisions set out under the German Data Protection Act and Telemedia Act when collecting, processing and using your personal data. We collect, save and process your data for the overall handling of your purchase including any subsequent warranties, for our service provision, technical administration and our own marketing purposes. Your personal data is only forwarded to third parties or otherwise transmitted if this is required for the purpose of contract processing or accounting or has been approved in advance by you. As part of order processing activities, for example, the service providers used by us in this connection (such as forwarders, logistical specialists, banks) are given the necessary data for ordering and order processing purposes. The data thus forwarded may only be used by our service providers for fulfilling their remit. No other use of the information is permitted nor is such use made by any of the service providers we appoint.
Insofar as you have made personal data available to us, we use this exclusively for the purpose of the technical administration of our websites and for meeting your requests and needs notably for handling the contract concluded with you or for answering your inquiries.
No forwarding, sale or transmission otherwise of your personal data to third parties occurs unless this is necessary for contract processing purposes. As such it may be necessary, for example, that when products are ordered we forward your address and order data to our suppliers or if this is required for accounting purposes. Otherwise no transmission of your data occurs unless you have given your prior consent to this effect.
Deletion of your personal data occurs, insofar as this does not run counter to any statutory duty to keep data and you have asserted a deletion claim, if the data is no longer required for meeting the purpose pursued by way of the saving of the data or if the saving of the data is inadmissible for other statutory reasons.
I herewith give my consent that TUNAP processes and uses my personal data for setting up, executing and handling my contractual relationship with TUNAP.
3.4 Use of your data for advertising purposes
In addition to the processing of your data for handling your purchase from TUNAP, we also use your data to communicate with you about your orders, specific products or marketing campaigns and to send you by e-mail product and service recommendations that might interest you. Moreover, we also use this data to inform you by post about such products and services as may be of interest to you.
I herewith give my consent that TUNAP processes and uses my personal data for its own advertising purposes in order to send marketing information to me by e-mail and post.
You may revoke your consent to the use of your personal data for advertising purposes at any time without incurring any costs other than those incurred for transmission purposes in accordance with the basic tariffs applicable. Notification in text form (e.g. e-mail, fax, and letter) suffices for this.
The acceptance of cookies is a prerequisite for the use of our website.
4.1 What are cookies?
Cookies and flash cookies are small files that are stored on your data storage medium and save specific settings and data for exchange purposes with our system via your browser. There are fundamentally 2 different types of cookie, so-called session cookies that are deleted as soon as you close your browser und temporary/permanent cookies that are stored on your data storage medium for a lengthy or indefinite period. Saving cookies helps us design our website and our offers for you appropriately and facilitates your use of them in that for example specific entries from you are saved such that you do not have to repeat them constantly.
4.2 Which cookies does TUNAP use?
Most of the cookies used by us are deleted automatically from your hard-disk drive at the end of the browser session (hence the name session cookies). Session cookies are needed for example to offer you the shopping basket function across several sites. Moreover, we also use such cookies as stay on your hard-disk drive. On your next visit, it is automatically recognized that you have already visited us together with the entries and settings you prefer. These temporary cookies and the permanent ones too (lifetime from 1 month to 10 years) are stored on your hard-disk drive and are deleted automatically after the set time. Notably these cookies serve to make our offering more user-friendly, effective and secure. Thanks to these files it is for example possible for you to be shown on the website information specifically tailored to suit your interests. The exclusive purpose of these cookies is to adapt our offering to meet customer needs in an optimum manner and to make surfing with us as convenient as possible.
4.3 Which data is stored in the cookies?
No personal data is stored in the cookies used by TUNAP. The cookies used by us cannot therefore be attributed to any specific person and thus not to you either. Upon the activation of the cookie, an identification number is allocated to it. Your personal data cannot be attributed to this identification number at any time. Your name, IP address or similar data that would enable the cookie to be attributed to you is not used at any time. On the basis of cookie technology we merely obtain anonymized information for example on the pages of our web presence that were visited, the products that were viewed, etc.
5 Log Files
Whenever TUNAP websites are accessed, usage data is transmitted via the Internet browser concerned and stored in protocol files, so-called server log files. The data records thus saved contain the following data: date and time of access, name of site accessed, IP address, referrer URL (originating URL from which you have come to access the TUNAP website), the data volume transmitted, and the product and version information of the browser used.
Subject to any statutory duty to keep data, the IP addresses of the users are deleted or anonymized after the end of usage. When anonymized the IP addresses are changed to such an extent that individual details concerning personal or material circumstances can no longer be attributed to a specific or specifiable person or if so only by way of the disproportionate input of time, cost and effort.
These log file data records are evaluated by us in anonymized form to enable us to further improve our offering and the TUNAP web presence and make them user-friendlier, detect and correct errors faster and to control server capacities. As such we are for example able to identify the times at which usage of the TUNAP web presence is particularly popular and thus make the relevant data volume available in order to guarantee that, for example, the user’s shopping experience is as quick and convenient as possible. Moreover analysis of the protocol files enables us to identify and rectify any errors in the TUNAP web presence faster.
6 Web Analysis
In order to enhance and optimize our offering on an ongoing basis, we use so-called tracking technologies. For this purpose we use the services provided via Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable an analysis of your website usage to be conducted. The information on your use of this website generated via the cookie is generally transmitted to a server operated by Google in the USA and saved there. In the event that IP anonymization has been activated on this website, your IP address will however be abbreviated in advance by Google within the member states of the European Union and in other countries that have signed the treaty on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server operated by Google in the USA and abbreviated there. By order of the operator of this website, Google uses this information to evaluate your usage of the website in order to compile reports on website activities and provide vis-à-vis the website operator further services connected with website usage and Internet usage. The IP address transmitted from your browser by way of Google Analytics is not brought together with any other data held by Google. You can prevent the storage of cookies via the corresponding setting on your browser software; we must point out to you however that in such case you may not be able to use all the functions offered by this website in full. You can moreover prevent the logging by Google of the data generated via the cookie and relating to your usage of the website (incl. your IP address) and the processing of this data by Google by downloading and installing the browser plugin provided via the following link http://tools.google.com/dlpage/gaoptout?hl=en.
6.1 Google Analytics
This website uses functions from the web analysis service Google Analytics.The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website.The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. Google Analytics cookies are stored on the basis of Art. 6 Par. 1(F) of the GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
6.1.1 Browser Plugin
You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that, in such case, you may not be able to fully utilize all of the functions of this website.Furthermore, you can prevent the collection of data (including your IP address) through cookies and website use as well as data processing by Google by downloading and installing the browser plug-in available through the following link https://tools.google.com/dlpage/gaoptout?hl=en .
6.1.2 Opposition to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set; this will prevent your data from being collected when you visit this website in the future: Disable Google Analytics.
6.1.3 Contract data processing
We have signed a contract on the processing of order data with Google that is in full compliance with the strict requirements imposed by German data protection authorities on the use of Google Analytics.
6.1.4 IP anonymization
We have activated the IP anonymization function on this website.Your IP address will be truncated by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States.Only in exceptional cases will your full IP address be transferred to a Google server in the U.S. and cropped there.On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports regarding website activity and provide other services to the website operator related to website usage and Internet usage. The IP address transmitted by your browser as part of Google Analytics is not bought together with other Google data.
6.1.5 Google Remarketing
6.1.6 Google Tag Manager
We use the Google Tag Manager. Using this service, website tags can be managed over an interface.The Google Tag Manager only implements tags.No cookies are set and no personal data is collected.The Google Tag Manager triggers other tags that may collect data.The Google Tag Manager does not access this data. More information about the Google Tag Manager can be found under the following link: https://www.google.com/analytics/tag-manager/use-policy/ .
6.2 Google reCAPTCHA
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our website.This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google")
reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) have been entered by a human or by an automated program.To do this, reCAPTCHA analyses the behavior of the website visitor based on various characteristics.This analysis starts automatically as soon as the visitor enters the website.For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user).The data collected during the analysis will be forwarded to Google.
reCAPTCHA analyses take place entirely in the background.Visitors are not advised that such an analysis is taking place.
Data processing is carried out under Art. 6 para. 1 (f) DSGVO.The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.
7 Plugins and Tools
7.1 Adobe Typekit
Our website uses Adobe Typekit. Typekit is a service provided by Adobe Systems Software Ireland Ltd. (“Adobe”), which allows us to access Adobe’s font library. In order for the fonts we use to be visible to you, your browser needs to connect to a server from Adobe US and download the font required in each case. Adobe obtains the information that our website has been accessed by your IP address. For more information about Adobe Typekit, see Adobe’s privacy policies, which can be found here: http://www.adobe.com/privacy/typekit.html
We have integrated YouTube videos into our online services, which is stored on https://www.youtube.com and can be played directly from our website. These are all integrated in the "Extended Privacy Mode", i.e. no data about you as user are transferred to Youtube if you do not play the videos.Data is not transferred until you play the videos.We have no influence on this data transfer.This takes place regardless of whether YouTube makes a user account available via which you are logged in or no user account exists.If you are logged in to Google, your information will be directly associated with your account.
If you do not wish to be associated with your profile on YouTube, you must log out of YouTube before playing the video.YouTube stores your data as usage profiles and uses it for the purposes of advertising, market research and/or requirements-oriented design of its website.You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
YouTube is used in the interests of making our online presence more attractive.This represents a legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR.
YouTube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
7.3 Google Maps
On this website we use the services of Google Maps.This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.
When you visit this website, Google receives the information that you have accessed the corresponding subpage of our website.This takes place regardless of whether Google makes a user account available via which you are logged in or no user account exists.If you are logged in to Google, your information will be directly associated with your account.If you do not wish to be associated with your Google profile, you must log out before calling up a map.Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or requirements-oriented design of its website.Such evaluation also takes place (even for users who are not logged in) for the purposes of providing customized advertising and to inform other social network users about activities on our website.You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
The use of Google Maps is in the interest of making our website appealing and to facilitate locating the places we specify on the website.This represents a legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR.
Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
8 Secure Data Transmission
Your personal data is securely transmitted by encryption. This applies to your order and also to the customer login. We use the coding system SSL (Secure Socket Layer). Although no one can guarantee absolute protection, we secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or dissemination of your data by unauthorized persons.
9 Automatic Logoff / Time Monitoring Facility
In order to log off from our online shop properly, please ensure that you select the “Logoff” button at all times. You can find this by clicking on “My TUNAP” in the main navigation. Should you forget to do so at any time, our system logs off for you automatically for security reasons after 90 minutes of inactive online time. This is not an error but instead merely serves the purpose of protecting your data.
10 Information Rights of the Person Concerned
In accordance with the provisions set out under the German Data Protection Act, the rights our customers are entitled to include the right to obtain free-of-charge information on the data stored on them as well as the right to have the data corrected, blocked or deleted.
We take the protection of your data very seriously. In order to ensure that personal data is not forwarded to third parties, kindly address your inquiry in this respect by e-mail or post together with your customer number and personal details to:
- TUNAP AG, Weinfelderstrasse 19, 8560 Märstetten
- E-Mail: firstname.lastname@example.org
11 Liability Exclusion / Disclaimer
The data protection declaration of TUNAP does not apply to applications, products, services, websites or social media functions of third party providers which are accessible via links which we offer for information reasons. When using these links you leave the website of TUNAP, so it is possible that information about you may be collected or passed on by third parties. TUNAP has no influence whatsoever on the websites of third parties and makes no recommendations or assurances regarding these websites or their data protection practices. We encourage you to read and review the privacy policies of all websites with which you may interact before allowing them to collect, process and use your personal information.