LAYERTEC Logo

Privacy Statement

I. Name and Address of the Data Controller

The data controller as defined by the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:
LAYERTEC GmbH
Ernst-Abbe-Weg 1
99441 Mellingen
Deutschland
Tel.: +49 36453 744 0
Email: info@layertec.de
Website: www.layertec.de

II. Name and Address of the Data Protection Officer

The data protection officer of the controller is:
Data Protection
Ernst-Abbe-Weg 1
99441 Mellingen
Deutschland
Tel.: +49 36453 744 0
E-Mail: datenschutz@layertec.de
Website: www.layertec.de

III. General Information on Data Processing

1. Scope of Processing Personal Data

LAYERTEC takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy policy.
We process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users takes place regularly only with the user’s consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.
Specifically:
  • To protect your data from unauthorized access, the transmission of the content is encrypted. We generally use "https://" on the website.
  • We do not use tracking. We may collect anonymized usage statistics and anonymized error reports.
  • Our web server/online shop does not store customer data, orders, inquiries, etc. These are immediately transferred upon completion.
  • We do not track you during your visit to our website.
  • We do not recognize you on a subsequent visit without an active session (e.g., the next day).
  • We do not use supercookies, flash cookies, or canvas fingerprinting.
  • We do not integrate analytics service providers or social networks.
  • Technical log files (see below) are typically used exclusively for technical purposes within IT.
  • We do not embed elements from external domains through which your data would flow.
  • Our web server is located in D-07743 Jena and is operated by THYOTEC | IKS Service GmbH.

2. Legal Basis for Processing Personal Data

Insofar as we obtain the consent of the data subject for processing personal data, Art. 6(1)(a) GDPR serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6(1)(d) GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Art. 6(1)(f) GDPR serves as the legal basis for processing.

3. Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may occur beyond this if provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of the data also occurs if a storage period prescribed by the mentioned norms expires unless there is a necessity for further storage of the data for contract conclusion or fulfillment.

IV. Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the accessing computer system.
The following data are collected:
  1. Information about the browser type and version used;
  2. The user’s preferred language set in the browser;
  3. The user’s operating system;
  4. Date and time of access;
  5. The user’s IP address;
  6. Websites from which the user’s system reaches our website.
The data are also stored in the log files of our system. Storage of these data together with other personal data of the user does not take place.

2. Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.

3. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the user’s computer. For this, the user’s IP address must be stored for the duration of the session.
Storage in log files is done to ensure the functionality of the website. Additionally, the data help us to optimize the website and ensure the security of our information technology systems. In this context, data are not evaluated for marketing purposes.
Our legitimate interest in data processing under Art. 6(1)(f) GDPR lies in these purposes.

4. Duration of Storage

Data are deleted as soon as they are no longer necessary for achieving the purpose of their collection. In the case of data collection for the provision of the website, this is the case when the respective session is ended.
In the case of data storage in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized, so that assignment of the accessing client is no longer possible.

5. Objection and Removal Possibility

The collection of data for the provision of the website and storage of data in log files is essential for the operation of the website. Therefore, the user has no option to object.

V. Provision of the Online Shop

1. Description and Scope of Data Processing

As part of our website, we offer an online shop exclusively for business customers. Articles manufactured by us are offered for purchase through this online shop. Users can submit inquiries about offered articles or purchase articles through the online shop by completing a purchase contract.
During these processes, particularly in the context of concluding a contract, personal data are collected. We need these data to carry out our processes, such as order processing.
The following data are collected:
  1. Name;
  2. Email address;
  3. Company name;
  4. Country to which the order is to be shipped;
  5. Billing address;
  6. Telephone number (optional);
  7. Fax number (optional);
  8. Customer number (optional);
  9. Delivery address (optional);
  10. Information about the browser type and version used;
  11. Information about the user’s operating system;
  12. Date and time of the order;
  13. The user’s IP address.
After completion of the ordering process, the data are transferred by the system to us via email. These emails are stored according to the rules of the GoBD (Principles for the Proper Management and Storage of Books, Records, and Documents in Electronic Form as well as Data Access).
To confirm, the system sends emails to the email address you provided. While the LAYERTEC internal email does not leave the control of our website provider and IT, the confirmation email sent to you is transmitted in clear text to your email inbox. Where possible, the involved mail servers will communicate encrypted. LAYERTEC has no influence over this.
In this context, there is no transfer of data to third parties. The data are used exclusively for processing related to the inquiry or order.

2. Legal Basis for Data Processing

The legal basis for the processing of the data is the user’s consent under Art. 6(1)(a) GDPR.
The legal basis for the processing of the data in the context of concluding or initiating a contract is Art. 6(1)(b) GDPR.

3. Purpose of Data Storage

The data are collected to:
  1. Identify you as our customer;
  2. Process, fulfill, and manage your order;
  3. Correspond with you;
  4. Issue invoices;
  5. Manage any liability claims and assert any claims against you;
  6. Ensure the technical administration of our website;
  7. Manage our customer data.

4. Duration of Storage

The personal data collected by us for the processing of your order will be stored until the expiry of the statutory retention obligation and then deleted, unless we are obliged under Art. 6(1)(c) GDPR to store data for a longer period due to tax and commercial retention and documentation obligations (from HGB, StGB, or AO) or you have consented to further storage under Art. 6(1)(a) GDPR.

5. Objection and Removal Possibility

The collection of data during the ordering process and their storage is essential for the conclusion of a purchase contract. The same applies to the collection and storage of data during the inquiry. Therefore, the user has no option to object.

VI. Use of Cookies

1. Description and Scope of Data Processing

Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is accessed again.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
The following data are stored and transmitted in the cookies:
  1. Session ID (characteristic string representing the user’s session).

2. Legal Basis for Data Processing

The legal basis for the processing of personal data using cookies is Art. 6(1)(f) GDPR.

3. Purpose of Data Storage

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser can be recognized even after a page change.
We require cookies for the following applications:
  1. Shopping cart;
  2. Adoption of language settings;
  3. Adoption of currency settings;
  4. Adoption of the user’s assumed time zone;
  5. Adoption of filter and search settings;
  6. Adoption of user data provided in feedback and contact forms.
The user data collected by technically necessary cookies are not used to create user profiles.
Our legitimate interest in processing personal data according to Art. 6(1)(f) GDPR lies in these purposes.

4. Duration of Storage, Objection, and Removal Possibility

Cookies are stored on the user’s computer and transmitted to our site. Therefore, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it may not be possible to use all functions of the website to their full extent.

VII. Contact Form and Email Contact

1. Description and Scope of Data Processing

A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask are transmitted to us and stored. These data are:
  1. The user’s IP address;
  2. The user’s email address;
  3. Date and time of the request;
  4. Session ID (characteristic string representing the user’s session);
  5. Browser and version;
  6. Operating system;
  7. Hostname.
For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy.
Alternatively, contact via the provided email address is possible. In this case, the user’s personal data transmitted with the email are stored.
No data are passed on to third parties in this context. The data are used exclusively for processing the conversation.

2. Legal Basis for Data Processing

The legal basis for processing the data is Art. 6(1)(a) GDPR if the user has given consent.
The legal basis for processing the data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the email contact aims at concluding a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR.

3. Purpose of Data Processing

The processing of personal data from the input mask serves us solely to process the contact. In the case of contact via email, this also includes the necessary legitimate interest in processing the data.
The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of Storage

The data are deleted as soon as they are no longer necessary for achieving the purpose of their collection. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
If legal, tax, or commercial retention obligations arise from the email or the data transmitted through the contact form, the personal data collected by us will be stored until the expiration of the statutory retention obligation and then deleted, unless we are obliged to store them for a longer period under Art. 6(1)(c) GDPR due to tax and commercial retention and documentation obligations (according to HGB, StGB, or AO) or you have consented to further storage under Art. 6(1)(a) GDPR.
The additional personal data collected during the submission process will be deleted after a period of seven days at the latest.

5. Objection and Removal Possibility

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
Please communicate your revocation of consent and objection to storage in writing.
Please address your revocation to:
  1. Via email to: datenschutz@layertec.de or
  2. By post to: LAYERTEC GmbH, Ernst-Abbe-Weg 1, 99441 Mellingen.
All personal data stored in the course of contacting us will be deleted in this case.

VIII. Integration of a Payment Service Provider

1. Description and Scope of Data Processing

LAYERTEC offers users of the online shop the option to make payments for purchased items by credit card. When paying by credit card, payment processing is carried out through the service provider GP Payments Acquiring International GmbH, Elsa-Brändström-Straße 10‒12, 50668 Cologne.
The following data will be transmitted:
  1. Customer reference number (optional, as provided in the order process);
  2. Gross invoice amount of the order;
  3. Date and time of the order;
  4. Anonymized personal data;

2. Legal Basis for Data Processing

The legal basis for the processing of personal data is Article 6(1)(b) of the GDPR.

3. Purpose of Data Processing

As part of the order process, data is transmitted to GP Payments Acquiring International GmbH exclusively for the purpose of payment processing.

4. Duration of Storage

The personal data collected by us for processing your order will be stored until the expiration of the legal retention period and then deleted, unless we are obliged to retain the data for a longer period in accordance with Article 6(1) Sentence 1 lit. c of the GDPR due to tax and commercial law retention and documentation obligations (from the German Commercial Code, Criminal Code, or Fiscal Code) or you have consented to further storage in accordance with Article 6(1) Sentence 1 lit. a of the GDPR.

5. Right to Object and Removal

You may object to the processing of your data at any time by sending a message to the responsible party or to GP Payments Acquiring International GmbH. However, it is possible that after an objection, you will no longer be able to pay for the order by credit card.

6. Information and Contacts of the Payment Service Provider

Responsible for acquiring credit card payments:
GP Payments Acquiring International GmbH
Elsa-Brändström-Straße 10‒12, 50668 Cologne,
Tel.: +49 221 99577-0
Fax: +49 221 99577-720
E-Mail: info.de@globalpay.com
You can view the data privacy policy of GP Payments Acquiring International GmbH here: https://www.globalpayments.de/de/datenschutz/.
Data Protection Officer of GP Payments Acquiring International GmbH:
Bird & Bird DPO Services SRL
Avenue Louise 235 b 1, 1050 Brussels, Belgium
E-Mail: dpo@globalpay.com
Competent Data Protection Supervisory Authority:
The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia,
Kavalleriestraße 2‒4, 40213 Düsseldorf,
Tel.: +49 211 38424-0
Fax: +49 211 38424-10
E-Mail: poststelle@ldi.nrw.de
Competent Supervisory Authority:
Federal Financial Supervisory Authority (BaFin)
Marie-Curie-Straße 24-28, 60439 Frankfurt
Tel.: +49 228 4108 0
Fax: +49 228 4108 1550
E-Mail: poststelle@bafin.de

IX. Video Conferences, Online Meetings, Webinars, and Screen Sharing

1. Description and Scope of Data Processing

LAYERTEC uses a platform and application operated by a third party for the purpose of conducting video and audio conferences and other types of video and audio meetings.
In this context, data of the communication participants are processed on the servers of the third party, insofar as they are part of communication processes with us. The data processed may include, in particular, login and contact data, visual and spoken contributions, as well as input of text messages in chats and shared screen content.
The following data are transmitted:
  1. Inventory data (e.g., names);
  2. Contact data (e.g., email addresses, phone numbers);
  3. Content data (optional, e.g., text messages, visual and spoken contributions, screen contents);
  4. Usage data (e.g., access times).

2. Legal Basis for Data Processing

If we ask users for their consent to the use of the third party or certain functions (e.g., consent to recording conversations), the legal basis for processing is consent. Furthermore, the use of the third party may be a part of our (pre-)contractual services if the use of the third party was agreed upon in this context. Otherwise, the data of the users are processed based on our legitimate interests in efficient and secure communication with our communication partners. In this context, we additionally refer you to the information on the use of cookies in this privacy policy.
Consent (Art. 6(1)(a) GDPR), contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

3. Purpose of Data Processing

The processing of personal data through the video conferencing solution is for the purpose of
  1. enabling communication between business partners, prospects, applicants, and employees or managers of LAYERTEC GmbH;
  2. providing contractual services and customer service, handling inquiries, and communication, office and organizational procedures.

4. Duration of Storage

The data are deleted as soon as they are no longer necessary for achieving the purpose of their collection. In the case of processing data for communication via the video conferencing solution, this is the case when the respective session is ended. In the case of storing data in log files by the third party, this is after seven days at the latest.
LAYERTEC explicitly does not store any data processed in the context of communication via the video conferencing solution. The recording of sessions is technically prevented. All collected data such as the username required for registration or the participants' phone numbers and transmitted text messages are deleted after the session.

5. Objection and Removal Possibility

The user has the option to revoke their consent to the processing of personal data at any time. If the user participates in communication via the video conferencing solution with the transmission of image and/or sound, they can end the session independently at any time. Therefore, no further notification regarding the revocation of consent and objection to storage is necessary.
All personal data stored in the course of communication will be deleted in this case.

6. Services and Service Providers Used

The video conferencing solution used by LAYERTEC is the BigBlueButton software in conjunction with the Greenlight interface.
The application is operated by the third party:
rackSPEED GmbH
Reisholzer Werftstraße 31b / Eingang 35
40589 Düsseldorf
If users are referred to the third party or its software or platforms in the context of communication, business, or other relationships with us, the third party may process usage and metadata for security and service optimization purposes. We therefore ask you to take note of the third party’s privacy information.

X. Rights of the Data Subject

If your personal data are processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:

1. Right to Information

You can request confirmation from the controller as to whether personal data concerning you are being processed by us.
If such processing is taking place, you can request information from the controller about the following:
  1. the purposes for which the personal data are processed;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  4. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
  5. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to this processing;
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. all available information about the source of the data if the personal data are not collected from the data subject;
  8. the existence of automated decision-making, including profiling, according to Art. 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information about whether the personal data concerning you are transferred to a third country or an international organization. In this context, you can request to be informed about the appropriate safeguards according to Art. 46 GDPR in connection with the transfer.

2. Right to Rectification

You have the right to obtain rectification and/or completion from the controller if the processed personal data concerning you are incorrect or incomplete. The controller must make the correction without undue delay.

3. Right to Restriction of Processing

You may request the restriction of the processing of your personal data under the following conditions:
  1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims; or
  4. if you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours.
Where the processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to Erasure

a. Obligation to Delete

You can request the controller to delete the personal data concerning you without undue delay, and the controller is obliged to delete this data without undue delay where one of the following grounds applies:
  1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. You withdraw your consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal ground for the processing.
  3. You object to the processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
  4. The personal data concerning you have been unlawfully processed.
  5. The personal data concerning you must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

b. Information to Third Parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you have requested the erasure by such controllers of any links to, or copies or replications of, those personal data.

c. Exceptions

The right to erasure does not apply to the extent that processing is necessary:
  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health according to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes according to Art. 89(1) GDPR insofar as the right referred to in section (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise, or defense of legal claims.

5. Right to Notification

If you have asserted the right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about those recipients.

6. Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
  1. the processing is based on consent according to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract according to Art. 6(1)(b) GDPR; and
  2. the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others must not be adversely affected by this.
The right to data portability does not apply to processing personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
You have the option, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.

8. Right to Withdraw the Data Protection Consent Declaration

You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
  1. is necessary for entering into or the performance of a contract between you and the controller;
  2. is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.
However, these decisions may not be based on special categories of personal data referred to in Art. 9(1) GDPR unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy according to Art. 78 GDPR.
Address

LAYERTEC GmbH
Ernst-Abbe-Weg 1
99441 Mellingen
Germany

International Sales

+49 36453 744 0

contact@sales.layertec.de

US Sales Office

+1 707 48 10 216

ussales@layertec.de

Social Media

LinkedIn

GTC

Site Notice

Privacy Statement

© 2024 | LAYERTEC GmbH