1. An overview of data protection
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator’s contact details can be found in the website’s required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
2. General information and mandatory information
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
ORGANICA Feinchemie GmbH Wolfen
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Statutory data protection officer
We have appointed a data protection officer for our company.
kelobit IT-Experts GmbH
Dr. Andreas Melzer
Telephone: +49-345 132 553-80
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
3. Data collection on our website
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
4. Analytics and advertising
This website uses Google Analytics, a web analytics service. It is operated by Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Irland.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic data collection by Google Analytics
This website uses Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section “Refusal of data collection”.
This website uses the WordPress Stats tool to perform statistical analyses of visitor traffic. This service is provided by Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110-4929, USA.
WordPress Stats cookies remain on your device until you delete them.
The storage of “WordPress Stats” cookies is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
You can object to the collection and use of your data at any time with future effect by clicking on this link and setting an opt-out cookie in your browser: https://www.quantcast.com/opt-out/.
If you delete the cookies on your computer, you will have to set the opt-out cookie again.
Google Analytics Remarketing
Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Irland.
This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).
Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.
You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.
The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) DSGVO. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.
Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program from Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Irland.
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.
Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.
Conversion cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. This service is provided by Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Irland.
reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.
The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place.
Data processing is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.
5. Plugins and tools
Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font is used by your computer.
This site uses the Google Maps map service via an API. It is operated by Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Irland.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.
6. Own Services
Dealing with business partners’ data
Scope and purpose of collection of data
We process those data that are necessary in connection with the establishment, implementation and/or termination of our business relationships. We typically collect these data from you directly, for example as part of a request for an offer or placement of an order and when you contact us via our website, by e-mail, or at trade fairs or comparable events.
The personal data we process include:
- Last name, first name, and gender (for the form of address)
- Company affiliation and company address
- Typically two ways of contacting your company (such as a phone number and e-mail address)
- Records relating to business transactions and the relevant correspondence
We use the data listed above to prepare for and fulfill business transactions and to establish and maintain effective business communications. The legal basis for this processing is typically point (f) of Article 6(1) GDPR if you are representing another organization as our business partner. Our legitimate interest lies in achieving the aforementioned purposes. Should you as a person be our business partner directly, we process your data instead on the basis of point (b) of Article 6(1) GDPR, which permits the processing of personal data for the performance of a contract or in order to take steps prior to entering into a contract.
We may wish to collect further data from you or use data in a different way at a later time. Should this be the case, we will request your consent in accordance with point (a) of Article 6(1) in conjunction with Article 7 GDPR and notify you accordingly. If you grant us this consent, you can withdraw it at any time. No particular form is required for this.
Should your data be necessary for purposes of pursuing rights, processing may take place for the purposes of our legitimate interests pursuant to point (f) of Article 6(1) GDPR. Our interest in that case lies in asserting or defending against claims, for example within the scope of our evidentiary obligations in legal proceedings.
Who receives my data?
At our company, access to your data is limited in principle to those persons who require it for the smooth implementation of our business relationship. These may include multiple departments within our organization, depending on which services or products you receive from us. Our IT department also has access to your data for exclusively technical processing.
Service providers we work with may also be recipients of data concerning you personally within the scope of processing pursuant to Article 28 GDPR.
As part of the processing of your orders, it is necessary in some cases for us to transfer certain data to the relevant service providers, which are based in Germany, other countries in Europe, and/or the European Economic Area (EEA). These data include, but are not limited to, your last name, possibly your first name and organizational affiliation, and your contact information within your organization.
We may be required to disclose certain data to the relevant authorized bodies within the scope of our statutory obligations.
Transfer to third parties
Data are not typically transferred to bodies in states outside the European Economic Area (known as “third countries”). Nonetheless, data may be transferred to third countries in individual cases where:
- this is required by law,
- you have given us your consent, or
- this is legitimated under data protection and privacy law by our legitimate interest and there are no overriding legitimate interests on the part of the data subject that conflict with the transfer.
Beyond that, we do not transfer any personal data to bodies in third countries or international organizations.
Term of storage of data
We store your data during the entire lasting business contact between us and your organization, which includes, in particular, the existence of a contract or steps prior to entering into a contract.
Beyond that, we store your data only within the scope and to the extent that we are required to do so based on non-waivable statutory provisions, such as storage periods stipulated by commercial or tax law. This typically relates to a period of ten years. Where we no longer require your data for the purposes described above, we will keep them separately during the relevant statutory storage period and not process them for other purposes. After the end of the statutory storage periods, all data still existing at that time are immediately erased or destroyed securely.
Is there an obligation to provide data?
Providing your personal data is, first, not required either by law or contractually, nor are you obligated to provide these data.
To the extent that you maintain a direct business relationship with us, however, you are required to provide those personal data that are necessary in order to commence and implement a business relationship and perform the contractual obligations associated therewith. Without these data, we will typically have to decline to enter into a contract or perform the order, or we will no longer be able to perform an existing contract and may have to terminate it.
To the extent that the relationship is with a company that you represent in dealings with us, you are required to provide those personal data that are necessary in order to commence and implement a relationship of representation/authorization and perform the contractual obligations associated therewith. Without these data, we will typically have to decline to work with you as an authorized representative/agent or will have to terminate an existing representation authorization/agency authorization.
Automated decision making
For purposes of establishing, performing, and terminating the business relationship, we process, in accordance with Article 22 GDPR, personal data through automated means in some cases with the goal of evaluating certain personal aspects (profiling).
We use profiling in the following case:
- Based on statutory and regulatory specifications, we are obligated to fight the financing of terrorism (checking sanctions lists). Data concerning you personally are also analyzed in the process. These measures also serve to protect you.
7. Online Meetings, Teleconferences and Webinars
Scope and purpose of collection of data
We take the protection of your personal data very seriously. We treat your personal data with confidentiality at all times and in compliance with the statutory data protection regulations. For this reason, we would like to inform you here regarding the processing of your personal data in connection with the use of Microsoft Teams (hereinafter referred to as “Teams”) and which rights you are entitled to.
MS Teams is a service of Microsoft Ireland Ltd. (“Microsoft”). It cannot be ruled out in this context that data are sent to the US to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft may also carry out remote repairs from other third countries. We concluded the standard data protection clauses of the European Commission with Microsoft. For further information see Item 5.
To the extent that you retrieve the website of MS Teams or Microsoft, Microsoft is responsible for data processing. However, a retrieval of the website for use of MS Teams is only necessary for downloading the software for use of MS Teams.
If you do not want to use the MS Teams app, you can also use MS Teams via your browser. The service is then provided via the website of MS Teams.
When using MS Teams different types of data are used. The data volume also depends on which data you enter before or during participation in an online meeting. The following personal data are the subject matter of the processing:
- Display name
- E-mail address
- Profile picture (optional)
- Language preference
- Meeting ID
- Telephone numbers
Text, Audio and Video Data You may have the possibility of using the chat function in an online meeting. In this context, the text entry data are processed in order to display them in the online meeting. In order to facilitate the display of video and replay of audio, the data of the microphone of your final device as well of any video camera of the final device are processing during the meeting. You can turn off the camera or mute the microphone yourself at any time via the Teams application.
We use MS Teams in order to host online meetings, telephone and video conferences, webcasts, etc. You can also use a pseudonym in order to participate in an online meeting or to enter the “meeting room”.
The chat content is recorded during use of MS Teams. We normally save the chat content for one month. If necessary for recording the results of an online meeting, we can also record the chat content for a longer period, but at maximum until the purpose being pursued has been achieved. However, normally this will not be the case.
When we want to record meeting, we will be transparent and tell you in advance and where necessary, ask for your consent. The fact that the data is being recorded will also be displayed in the Teams app, resp. in the web browser display. Moreover, the organizer can determine which participants have the right to carry out a recording.
In the case of webcasts, we can also process the questions posed by the participants for the recording and reworking of webcasts. You also have the possibility of allowing declassification for your monitor. In this case we have knowledge of the data and content shared via your monitors.
Where personal data are processed by our company staff, §26 BDSG is the legal basis of the data processing. Should personal data not be required for the formation, performance or termination of the employment relationship when using MS Teams but notwithstanding be an elementary component in the use of MS Teams, Art. 6 Sect. 1 lit. f GDPR will be the legal basis of the data processing. In these cases, our interest is in the effective hosting of online meetings.
In other respects, the legal basis of data processing in the hosting of online meetings is Art. 6 Sect. 1, lit b GDPR where the meetings are hosted within the framework of contractual relations.
Where there is no contractual relationship, the legal basis is Art. 6 Sect. 1. lit f. GDPR. Here as well, our interest is in the effective hosting of online meetings.
Who receives my data?
At our company only persons requiring your data for the smooth performance of online meetings generally have access to them, i.e., for example organizers and participants in meetings from our company. These may include multiple departments within our organization, depending on which services or products you receive from us. Our IT department also has access to your data for exclusively technical processing.
Personal data processed in connection with online meetings are generally not disclosed to third parties unless they were intended for disclosure. Please be advised that content from online meetings as well as in the case of personal conferences frequently have the purpose of communicating information with customers, potential customer or third parties and are thus intended for disclosure.
As the provider of MS Teams Microsoft inevitably gains knowledge of the above data where this is provided for within the scope of our contract processing agreement with MS Teams. Service providers we work with may also be recipients of data concerning you personally within the scope of contract processing pursuant to Article 28 GDPR.
We may be required to disclose certain data to the relevant authorized bodies within the scope of our statutory obligations.
Transfer to third parties
In general, there is no data processing outside of the European Union (EU), as we have restricted our storage site to computing centers within the European Union. However, we are unable to rule out routing or storage of data via an Internet server located outside of the European Union. This may in particular be the case where the participants in an online meeting reside in a third country.
A secure data protection level is guaranteed through the conclusion of additional EU standard data protection clauses and technical-organizational measures. When using standard data protection clauses our intention is to implement additional measures for the protection of your data where necessary. For this purpose, the data are i.e. encrypted during transmission via the Internet and when inactive and are thus protected from unauthorized third-party access. Microsoft uses standard technologies such as TLS and SRTP in order to encrypt all data during the transmission between the devices of the users and the Microsoft computing centers as well as between the Microsoft computing centers. This comprises messages, files (video, audio, etc.), conferences and other content. Moreover, inactive company data at Microsoft computing centers are encrypted in such a way that allows the organization to decrypt the content where necessary. Moreover, MS Teams uses TLS and MTLS for the encryption of chat messages. The entire server-to-server data traffic requires MTLS- independent of whether the data traffic is restricted to the internal network or exceeds the internal network perimeter. For more information on how Microsoft Teams encrypts the data go here: https://docs.microsoft.com/de-de/microsoftteams/teams-security-guide.
With regard to personal data stored by Microsoft in the US and Europe and which may be subject to official requests for information by authorities in the US, Microsoft guarantees in a statement of July 20, 2020 that such orders facilitating access to personal data may be contested in court. Beyond this, within the scope of a legal settlement Microsoft acquired the right to disclose transparent reports on the number of American orders on national security addressed to Microsoft; moreover new guidelines were introduced within the US government which restricted the use of confidentiality orders (cf.ttps://news.microsoft.com/de-de/stellungnahme-zum-urteil-des-eugh-was-wir-unseren-kunden-zum-grenzueberschreitenden-datentransfer-bestaetigen-koennen/) On the basis of the anticipated content of our MS Teams meetings which normally do not contain any personal data except for the names of the participants in the video conference, the data protection level is deemed to be adequate.
Notwithstanding, we are explicitly advising you that MS Teams is a service offered by a provider in the US. Consequently, processing of your personal data also takes place in a third party which currently is regarded as insecure as defined by the GDPR. This may harbor risks for the users, as the assertion of the data subject rights may for example be made more difficult. Negotiations are being conducted at political, data protection law and bilateral level to find a solution. However, currently there are no results. If you decide personally that adequate protection cannot be provided to you in this legal situation (in accordance with a ruling by the European Supreme Court), participation in an online meeting per MS Teams is currently not possible.
Term of storage of data
We generally delete data when there is no longer any requirement to store them. There may in particular be a requirement where the data are still needed for meeting contractual obligations, for inspecting or defense against warranty and any guarantee claims. In the case of statutory records preservation duties deletion is only possible after expiration of the respective records preservation duty.
Data subject rights
Every data subject has the right to information pursuant to Article 15 GDPR, the right to correction pursuant to Article 16 GDPR, the right to deletion pursuant to Article 17 GDPR, the right to restriction of the processing pursuant to Article 18 GDPR, the right to objection from Article 21 GDPR, as well as the right to data transferability from Article 20 GDPR. In the case of the right to information or the right to deletion, the restrictions as set out under §§34 and 35 Federal Data Protection Act (BSSG) will apply. In addition, there is a right of objection before a data monitoring office having jurisdiction (Article 77 GDPR).
You may withdraw any consent given to us for the processing of personal data at any time. This will also apply to the withdrawal of declarations of consent given to us before the Basic Data Protection Ordinance, i.e., before May 25, 2018. Please be advised that the withdrawal of consent will only have effect for the future. Any cases of processing prior to the withdrawal of consent are not affected.
Is there an obligation to provide data?
Providing your personal data is, first, not required either by law or contractually, nor are you obligated to provide these data. In order to participate in an online meeting or to enter the “meeting room” you must at minimum provide your name Should you not wish to do so, participation in our online meetings is unfortunately not possible.
Automated decision making
There is no automated decision making as defined by Art. 22 GDPR.
We do not process your data with the objective of automated evaluation of specific personal aspects.
Information on right of objection
Right of objection in the individual case
You have the right to lodge an objection against the processing of your personal data on the basis of Art. 6 Sect. 1 lit. f GDPR at any time on grounds arising from your specific situation (data processing on the basis of weighing of interests). This will also apply to profiling based on this provision as defined by Art. 4 No. 4 GDPR.
If you lodge an objection, we will no longer process your personal data unless we can prove compellingly legitimate grounds for the process which outweigh your interests, rights and freedoms or the processing is for the purpose of asserting, exercising or defending legal claims.
Recipient of the objection The objection can be lodged without formality with the subject line “Objection”, stating your name and e-mail address and should be addressed to the contact details set out under Item 2.
8. Amendment of this data protection notice
We amend this data protection notice in the case of changes of the data processing or other reasons making this necessary. The currently valid version can be found at this website at all times.
Valid as per 4/8/2021