Privacy policy – Kolibri

Privacy notice in accordance with Article 13 GDPR

Name and address of the data controller

The responsible body within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

Mesko-Pinsel GmbH

Sport- und Gewerbestraße 1
91632 Wieseth
Deutschland

Telefon: +49 (9822) 8285 – 0
E-Mail: office@mesko.eu

Name and address of the data protection officer

The data protection officer of the data controller is:

Jörg Hermann

Freibadstr. 30
81543 München

Telefon: +49 89 200 033 580
E-Mail: info@jmh-datenschutz.de

General information on data processing

Legal basis for processing personal data

In accordance with Article 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not specified in the privacy notice, the following applies: the legal basis for obtaining consent is Articel 6(1)(a) in conjunction with Article 7 GDPR. The legal basis for processing in order to provide our services and fulfil contractual measures, as well as answering inquiries, is Article 6(1)(b) GDPR. The legal basis for processing in order to fulfil our legal obligations is Article 6(1)(c) GDPR. If the processing of your data is necessary to safeguard the legitimate interests of our company or a third party and if your interests, fundamental rights and fundamental freedoms as the data subject do not outweigh the first interest, Article 6(1)(f) GDPR serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

Data deletion and storage period

We adhere to the principles of data minimisation in accordance with Article 5(1)(c) GDPR and storage limitation according to Article 5(1)(e) GDPR. We only store your personal data for as long as is necessary to achieve the purposes stated here, or as stipulated by the retention periods provided for by law. After the respective purpose no longer applies or after these retention periods have expired, the corresponding data will be deleted as quickly as possible.

Note on data transfer to third countries

We also use tools from companies based in third countries on our website. If these tools are active, your personal data may be transmitted to the servers of the respective companies. The level of data protection in third countries does not usually correspond to EU data protection legislation. This means that there is a risk that your data will be passed on to authorities in these countries. We have no influence on these processing activities.

External links

This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to any of the websites outside our control, please note that these websites have their own privacy notices. We do not assume any responsibility or liability for these external websites and their privacy notices. Before using these websites, please check whether you agree with their privacy policies.

You can recognise external links either by the fact that they are displayed in a colour which is slightly different from the rest of the text or that they are underlined. Your cursor will show you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. The operator of the other website will then receive your IP address, the time at which you clicked on the link, the website you were on when you clicked on the link, and other information that you can find in the respective provider’s privacy notice.

Please also note that individual links may result in data transfer outside the European Economic Area. This could give foreign authorities access to your data. You may not be entitled to any legal recourse against such data access. If you do not want your personal data to be transferred to the link destination or potentially even accessed by foreign authorities against your will, please do not click on any links.

Rights of data subjects

As a data subject within the meaning of the GDPR, you have the opportunity to assert various rights. The rights of data subjects arising from the GDPR are the right of access (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20).

Withdrawal:

Some data processing can only be carried out with your explicit consent. You have the option of revoking your consent at any time. However, the lawfulness of the data processing until the revocation is not affected by this.

Right to object:

If the processing is based on Art. 6 (1) (e) or (f) GDPR, you as a data subject can object to the processing of personal data concerning you at any time for reasons arising from your particular situation. You are also entitled to this right in the case of profiling based on these provisions within the meaning of Art. 4 (4) GDPR. If we cannot prove a legitimate interest for the processing that outweighs your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal claims, we will refrain from processing your data after an objection has been made.

If the processing of personal data serves the purpose of direct marketing, you also have the right to object at any time. The same applies to profiling, which is related to direct advertising. Again, we will no longer process personal data as soon as you object.

Right to lodge a complaint with a supervisory authority:

If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

Right to data portability:

If your data is processed automatically on the basis of consent or performance of a contract, you have the right to receive this data in a structured, commonly used and machine-readable format. In addition, you have the right to request the transfer and provision of the data to another controller, insofar as this is technically feasible.

Right to information, correction and deletion:

You have the right to obtain information about your processed personal data regarding the purpose of the data processing, the categories, the recipients and the duration of storage. If you have any questions on this topic or on other topics regarding personal data, you can of course contact us via the contact options given in the imprint.

Right to restriction of processing:

You can assert the restriction of the processing of your personal data at any time. To do this, you must meet one of the following requirements:

They contest the accuracy of the personal data. For the duration of the verification of accuracy, you have the right to request a restriction of processing.
If processing is unlawful, you can request the restriction of the use of the data as an alternative to deletion.
If we no longer need your personal data for the purposes of processing, but you need the data for the establishment, exercise or defence of legal claims, you can request the restriction of processing as an alternative to deletion.
If you object to the processing in accordance with Art. 21 (1) GDPR, a balancing of your interests and ours will be carried out. Until this balancing has been carried out, you have the right to request the restriction of processing.
Restriction of processing means that, apart from storage, the personal data may only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

Provision of the website (web host)

Our website is hosted by:

LinzNet Internet Service Provider GmbH
Landwiedstrasse 211, A-4020 Linz
Austria

When you access our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or our hosting company’s server.

These are:

IP address of the website visitor’s end device
device used
host name of the accessing computer
visitor’s operating system
browser type and version
name of the retrieved file
time of server request
amount of data
information on whether the retrieval of the data was successful
This data is not merged with other data sources.

Instead of operating this website on our own server, we may also commission an external service provider (hosting company) to operate it on their own server, which we have named above in this case. The personal data collected by this website will be stored on the hosting company’s servers. In addition to the data mentioned above, the web host also stores for us, for example, contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website.

The legal basis for processing this data is Article 6(1)(f) GDPR . Our legitimate interest is the technically error-free presentation and optimisation of this website. If the website is called up in order to enter into contract negotiations with us or to conclude a contract, this serves as a further legal basis (Article 6(1)(b) GDPR). In the event that we have commissioned a hosting company, a order processing contract will have been agreed with this service provider.

Use of Local Storage Items, Session Storage Items and Cookies

Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that enables data to be stored within the browser on your end device. This data usually includes user preferences, such as the “day” or “night” mode of a website, and is retained until you manually delete the data. Session storage is very similar to Local storage, whereas the storage duration only lasts during the current session, so until the current tab is closed. The session storage objects are then deleted from your end device. Cookies are information that a web server (server that provides web content) stores on your end device in order to be able to identify this end device. They are either temporarily deleted for the duration of a session (session cookies) and after your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser.

These objects can also be stored on your end device by third-party companies when you visit our site (third-party requests). This allows us, as the operator, and you, as a visitor to this website, to make use of certain third-party services installed on this website. Examples are the processing payment services or displaying videos on a website.

These mechanisms have a variety of uses. They can improve the functionality of a website, control shopping cart functions, increase the security and comfort of website use and carry out analyses regarding visitor flows and behaviour. Depending on their individual functions, they must be classified in terms of data protection legislation. Are they necessary for the operation of the website and intended to provide certain features (shopping cart feature) or serve to optimize the website (e.g. cookies to measure visitor behaviour), then their use is based on Article 6(1)(f) GDPR. As a website operator, we have a legitimate interest in storing local storage items, session storage items and cookies in order to ensure the technically error-free and optimized provision of our services. In all other cases, local storage items, session storage items and cookies are only stored with your express consent (Article 6(1)(a) GDPR).

If local storage items, session storage items and cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy notice. When required, your consent will be requested and can be revoked at any time.

Use of external services

We use external services on our website. External services are services provided by third parties that are used on our website. This can be done for a variety of reasons, such as embedding videos or website security. When using these services, personal data is also passed on to the respective providers of these external services. If we have no legitimate interest in using these services, we will obtain your revocable consent as a visitor to our website before using them (Article 6(1)(a) GDPR).

Analytics

We process website visitors’ personal data in order to analyse user behaviour. Evaluation of this data enables us to compile information on how visitors use individual components of our website. This allows us to increase the user-friendliness of our website. The analysis tools may be used, for example, to create user profiles for the display of targeted or interest-based advertising messages, to recognise our website visitors the next time they visit our website, to measure their click/scroll behaviour and downloads, to create heat maps, to recognise page views, to measure the length of visits to the website or bounce rates, as well as to trace the origin of website visitors (city, country, the website visitors have come from). The analysis tools help us to improve our market research and marketing activities.

Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.

Google Analytics

We use the service on our website Google Analytics. The provider of the service is the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The use of the service may result in data transfer to a third country (USA). The provider is certified according to the EU-U.S. Data Privacy Framework and therefore offers an appropriate level of data protection.

Further information can be found in the provider’s data protection information at the following URL: https://business.safety.google/privacy.

Content delivery network (CDN)

We use a content delivery network (CDN) to optimise the performance and availability of our website. For this purpose, the service provider who makes this network available will process your IP address and information about when you visited our website. All further information on data processing by this service provider can be found in the company’s privacy notice.

This processing is based on our legitimate interest (Article 6(1)(f) GDPR).

Our legitimate interest in using a content delivery network is to be able to display our website as quickly, securely and reliably as possible.

Bootstrap CDN

We use the service on our website Bootstrap CDN. The provider of the service is the Prospect One Ltd., Królewska 65A/1, PL-30-081 Krakau, Poland.

The use of the service may result in data transfer to a third country (USA).

Further information can be found in the provider’s data protection information at the following URL: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net.

Google Static

We use the service on our website Google Static. The provider of the service is the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Further information can be found in the provider’s data protection information at the following URL: https://business.safety.google/privacy.

jsDelivr

We use the service on our website jsDelivr. The provider of the service is the Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, EN4 9EB, Great Britain.

Further information can be found in the provider’s data protection information at the following URL: https://www.jsdelivr.com/terms/privacy-policy.

Privacy software

In order to better comply with data protection requirements, we use appropriate software. This software supports us in complying with data protection regulations.

ALFRIGHT Datenschutzhinweise

We use the service on our website ALFRIGHT Datenschutzhinweise. The provider of the service is the Lukmann Consulting GmbH, Packerstraße 131a, A-8561 Söding, Austria.

This processing is based on our legitimate interest (Article 6(1)(f) GDPR).

This service helps us to keep our privacy notice up to date and legally compliant at all times. We therefore rely on our legitimate interest as the relevant legal basis.

Map service

We use a map service on this website. In order for the map to be used and displayed on the website, the map must be loaded from the provider’s server. This results in your IP address being transmitted to the provider’s server. Depending on the provider, cookies and other technologies, including fonts, are loaded. More information on this can be found in the provider’s privacy policy.

Google Maps

We use the service on our website Google Maps. The provider of the service is the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Further information can be found in the provider’s data protection information at the following URL: https://business.safety.google/privacy.

Interface software

Business processes run faster, more cheaply and with fewer errors if they are automated using software via interfaces. This allows them to be efficiently integrated into the company’s processes via its own website or social networks. We use interface software on our website to link different applications and to transfer personal data securely from one application to another.

Google APIs

We use the service on our website Google APIs. The provider of the service is the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Further information can be found in the provider’s data protection information at the following URL: https://business.safety.google/privacy.

Software framework

Software frameworks facilitate interaction with a platform by creating a standardized interface to it. Frameworks are used to reduce development effort for recurring software requirements and to ensure code and feature reusability. Some software frameworks implement security features to prevent improper use of the website. Software frameworks can increase function, accessibility, security and performance with little effort. Other use cases can also be covered by software frameworks.

jQuery

We use the service on our website jQuery. The provider of the service is the OpenJS Foundation, 1 Letterman Dr, Ste D4700, San Francisco, California, 94129, USA.

The use of the service may result in data transfer to a third country (USA).

Further information can be found in the provider’s data protection information at the following URL: https://images.prismic.io/openjsf/ba00b254-685f-4e54-b1ca-17984b0f3e55_OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf.

PHP.net

We use the service on our website PHP.net. The provider of the service is the The PHP Group, 1400 Parkmoor Ave, Ste 100, San Jose, California, 95126, USA.

Since this service is hosted locally on the web server, no data transfer to third parties takes place.

This processing is based on our legitimate interest (Article 6(1)(f) GDPR).

This application is required to ensure the unrestricted functionality of the website.

Video/Music service

We integrate audio files and videos into our website. These are retrieved from the server of our provider, the so-called audio or video platform. In order to be able to play an audio file or a video, your end device establishes a connection with the audio or video platform and transmits personal data to it. This includes in particular your IP address and any location data or information about your browser and end device.

YouTube

We use the service on our website YouTube. The provider of the service is the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Further information can be found in the provider’s data protection information at the following URL: https://business.safety.google/privacy.

Web fonts

This site uses so-called web fonts for the uniform display of fonts, which are provided by an external provider and loaded by the browser when the website is accessed. When web fonts are loaded, the web font provider becomes aware that our website has been accessed from your IP address, as your browser establishes a direct connection to the web font provider.

Google Fonts

We use the service on our website Google Fonts. The provider of the service is the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Further information can be found in the provider’s data protection information at the following URL: https://business.safety.google/privacy.

Web security

We use tools that protect against unauthorised access, spam or other attacks on our website. This increases the security of our website.

This processing is based on our legitimate interest (Article 6(1)(f) GDPR).

Our legitimate interest is to be able to guarantee the security of our website and to protect ourselves from unauthorised access, spam and other attacks.

Google Recaptcha

We use the service on our website Google Recaptcha. The provider of the service is the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Further information can be found in the provider’s data protection information at the following URL: https://business.safety.google/privacy.

As there is no technical necessity for the use of the tool, the legal basis is consent.

Contact form

You have the option to contact us via a form on the website. In order to contact to be established via this form, we need your contact details in particular.

The legal basis for data processing here is to fulfil a contract or pre-contractual measures in accordance with Article 6(1)(b) GDPR . There may also be a legitimate interest in maintaining business relationships or answering your request for other reasons.

In this case, the legal basis for the processing of your data would be Article 6(1)(f) GDPR.

The data will be deleted when we have resolved your request and no other retention obligations apply.

Contact by telephone and email

We have provided a telephone number and email address on our website in accordance with legal requirements. Data transmitted in this way is automatically stored by us in order to process the corresponding enquiries or to be able to contact the person making the enquiry. We will not pass this data on to third parties without your consent.

If contact is made by telephone or via our email address for pre-contractual or contractual purposes, the legal basis for the processing of personal data is Article 6(1)(b) GDPR. For all other contact you make, the legal basis for our processing of your personal data is our legitimate interest in accordance with Article 6(1)(f) GDPR.

Handling of applicant data

You have the option to send us an application (e.g. by post, online application form or by email). We will store and process the personal data obtained in this way in order to process your application.

The legal basis for processing is Article 6(1)(b) GDPR as well as Article 6(1)(a) GDPR, provided consent has been given. Insofar as German law is applicable, § 26 of the German Federal Data Protection Act (Bundesschutzgesetz, BDSG) in particular is used as the legal basis for processing. You can revoke your consent at any time. The lawfulness of the processing carried out prior to the revocation of consent remains unaffected.

If an employment relationship results from the application, the data collected will be stored for the purpose of processing the employment relationship on the basis of Article 6(1)(b) GDPR. If no employment relationship results from the application, the data will be stored on the basis of Article 6(1)(f) GDPR for the duration of the statutory claims, in particular due to discrimination in the application process. This is necessary to defend against potential legal action or allegations. If consent has been given, the data will be stored for a longer period on the basis of Article 6(1)(a) GDPR. You can revoke your consent at any time. The lawfulness of the processing carried out prior to the revocation of consent remains unaffected.

If no employment relationship is established, the person applying may be included in our applicant pool, in which case the details of their application will be saved so that they can be contacted in the event of suitable job vacancies arising.

Data is only stored in the applicant pool after consent has been given on the basis of Article 6(1)(a) GDPR. This consent can be revoked at any time, after which the corresponding data will be deleted, provided there are no legal reasons for retention. Deletion takes place automatically no later than two years after consent has been given. The lawfulness of the processing carried out prior to the revocation of consent remains unaffected.

DATA PROTECTION INFORMATION FOR CUSTOMERS AND CONTRACTUAL PARTNERS

Information on data protection regarding our processing of personal data in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)

Dear customer, dear contractual partner,

In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of your personal data and your rights under data protection law in this regard. Which data is processed in detail and how it is used depends largely on the requested or agreed services. In order to ensure that you are fully informed about the processing of your personal data in the context of the fulfilment of a contract or the implementation of pre-contractual measures, please take note of the following information.

1. RESPONSIBLE BODY WITHIN THE MEANING OF DATA PROTECTION LAW

Mesko-Pinsel GmbH
Sport- und Gewerbestraße 1
91632 Wieseth
Germany

Tel: +49 (9822) 8285-0
E-Mail: office@mesko.eu

2. CONTACT DETAILS OF OUR DATA PROTECTION OFFICER

Jörg Hermann, external data protection officer
jmh datenschutzberatung
Freibadstr. 30
81543 Munich
Germany

E-mail: info@jmh-datenschutz.de

3. PURPOSES AND LEGAL BASES OF PROCESSING

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as amended:

For the fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR)

Your data is processed for contract processing online or in one of our branches, for contract processing for your employees in our company. The data is processed in particular when initiating business and when executing contracts with you.

For the fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR)

The processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code or the German Fiscal Code.

For the protection of legitimate interests (Art. 6 para. 1 lit.f GDPR)

Based on a balancing of interests, data processing may take place beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Data processing to protect legitimate interests takes place in the following cases, for example:

Advertising or marketing: Under the legal requirements of Section 7 (3) UWG, we are authorised to use the email address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. You can object to the use of your personal data for advertising purposes as a whole or for individual measures at any time.
Measures for business management and further development of services and products
In the context of legal prosecution
Within the scope of your consent (Art. 6 para. 1 lit. a GDPR)

If you have given us your consent to process your data, e.g. to send you our newsletter, etc., we will process your data accordingly.

4. CATEGORIES OF PERSONAL DATA

We only process data that is related to the establishment of the contract or pre-contractual measures.

This includes, for example:

company name
first name and surname
address
contact details (email address, telephone number, fax)
bank details
commercial register number
VAT number.

5. SOURCES OF THE DATA

We process personal data that we receive from you in the context of establishing contact or establishing a contractual relationship or in the context of pre-contractual measures.

6. RECIPIENTS OF THE DATA

We only pass on your personal data within our company to those areas and persons who need this data to fulfil contractual and legal obligations or to implement our legitimate interest.

Your personal data is processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are providers of internet service providers and providers of customer management systems and software.

Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for processing and thus for the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorised to provide information.

7. TRANSFER TO A THIRD COUNTRY

Personal data will only be transferred to countries outside the EEA (European Economic Area) or to an international organisation if this is necessary for the processing and thus fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if the transfer is required by law or if you have given us your consent.

8. DURATION OF DATA STORAGE

Where necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. This also includes the initiation and fulfilment of a contract.

In addition, we are subject to various retention and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods stipulated there are two to ten years.

Finally, the storage period is also based on the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.

9. YOUR RIGHTS

Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to notification under Art. 19 GDPR and the right to data portability under Art. 20 GDPR.

In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR if you believe that your personal data is being processed unlawfully. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

If the processing of data is based on your consent, you are entitled under Art. 7 GDPR to withdraw your consent to the use of your personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. Please also note that we may have to retain certain data for a certain period of time in order to fulfil legal requirements.

Right of objection

Insofar as your personal data is processed in accordance with Art. 6 para. 1 lit. f GDPR to safeguard legitimate interests, you have the right to object to the processing of this data at any time in accordance with Art. 21 GDPR for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve the assertion, exercise or defence of legal claims.

In individual cases, we process your personal data for the purpose of direct advertising. You have the right to object at any time to processing for the purpose of such advertising. This also applies to profiling insofar as it is associated with this direct advertising. If you object to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.

To safeguard your rights, you can contact us using the contact details provided in section 1.

10. NECESSITY OF THE PROVISION OF PERSONAL DATA

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make a decision within the framework of contractual measures if you provide personal data that is necessary for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.