The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws and data protection regulations is:
POS Service GmbH
Walter-Rathenau-Ring 9-11
59581 Warstein
Phone: +49 2331 473101 – 0
Fax: 49 2331 473101 – 99
E-mail: info@posservice.de
The data protection officer for POS service GmbH is:
Mr Markus Strauss
Tacticx Consulting GmbH
Walbecker Straße 53
47608 Geldern
E-mail: datenschutz@posservice.de
To facilitate readability, a distinction between female and male pronouns has been deliberately omitted.
1. General information about data processing
1.1. Processing personal data and its purpose
POS Service GmbH (hereinafter “POS” or “we”) processes users’ personal data only to the extent necessary to provide a functional website along with our content and services. The following data is processed when you visit our website:
- The user’s IP address
- The user’s browser (type, version, language)
- The user’s operating system
- The user’s Internet service provider
- The date and time of access to our website
- Files accessed on our website
- The website from which the user reached our website
- Websites that the user accesses via our website
The processing and temporary storage of the user’s IP address is necessary to enable the website to be delivered to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session. The log files contain IP addresses or other data that allows for the identification of a user. Data is stored in log files to ensure the functionality of the website. In addition, this data helps to optimise our website and to ensure the security of our information technology systems. Any use of personal data is confined to the purposes stated above, and is only undertaken to the extent necessary for these purposes.
1.2. Legal bases for processing personal data
As a rule, the processing of users’ personal data is undertaken with the respective user’s consent. An exception applies in such cases where prior consent cannot be obtained for circumstantial reasons and where we are permitted by law to process the data. Data and log files are stored on the basis of Art. 6(1)(f) GDPR.
1.3. Data erasure and retention period
The personal data of a data subject will be erased or blocked by us as soon as the purpose for which it was retained ceases to apply. In the case of data processing for the provision of the website, erasure takes place when the respective session has ended. If personal data is stored in log files, it will be erased after seven days at the latest. Further storage is possible if the IP addresses of the respective users are erased or modified, so that it is not possible to associate the IP address with the requesting client.
2. Cookies
We use cookies in several instances on our website. A cookie may be stored on the user’s operating system if a user visits one of our website. A cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again. The following data is stored and transmitted in cookies:
- Language settings
- Log-in information
Cookies are used to make our websites user-friendly. The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR. Cookies are stored on the user’s computer and transmitted to our site from there. Users may deactivate or restrict the transmission of cookies by changing the settings on their web browser. Cookies that have already been saved can be deleted at any time. If cookies are deactivated for our website, it may no longer be possible to use all functions of our websites to their full extent.
3. Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google, Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This is software used for the statistical evaluation of user access provided by Google Inc. The purpose of web analysis is to improve the quality of our website and its content. Google Analytics also uses cookies (see above), which enables the analysis of the use of our website. Data processing is performed in this context on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in analysing the behaviour of the users of our website in order to optimise our web offerings. Web analysis can be prevented by the user of the website by deactivating JavaScript and cookies in their web browser. Details regarding the settings required for this can be found in the product descriptions and instructions of the various browser providers. Furthermore, data processing by Google can be prevented by the user using a browser add-on to deactivate Google Analytics. Additional information along with the add-on may be found at https://tools.google.com/dlpage/gaoptout?hl=de.
You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent the collection of your information on future visits to this website: Deactivate Google Analytics.
For more information about how Google Analytics treats user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
We have activated the IP anonymisation function on our website. As a result, the user’s IP address will be shortened by Google within member states of the European Union or in other contracting parties of the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the user’s full IP address be transmitted to a Google server in the United States and shortened there. The user’s IP address sent by the browser will not be associated with other data held by Google. You can find more detailed information on Google’s Terms of Use and Privacy Policy for Google Analytics at https://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/.
4. Google reCaptcha
Our website uses Google reCaptcha, a service provided by Google, Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. reCAPTCHA is a service used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyses the behaviour of the user based on various characteristics. This analysis starts automatically as soon as the user accesses the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the user has been on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The legal basis for processing data in this context is Art. 6(1)(f) GDPR. We have a legitimate interest in protecting our websites from unauthorised automated spying and spamming. Further information about data processing by Google can be found in Google’s Privacy Policy at https://policies.google.com/privacy?hl=en.
5. Google Maps
Our website uses Google Maps API, a service provided by Google, Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in order to visually display geographical information. When Google Maps is used, Google also collects, processes, and utilises data about the user’s use of map functions. The legal basis for processing data in this context is Art. 6(1)(f) GDPR. We have a legitimate interest in the appealing presentation of our website and making it easy to locate the places referred to by us on our website. Further information about data processing by Google can be found in Google’s Privacy Policy at https://policies.google.com/privacy?hl=en.
6. Font Awesome
Our website usess Font Awesome, service provided by Fonticons, Inc., to display fonts uniformly. When a user visits our website, the user’s browser loads the required web fonts into the user’s browser cache in order to display texts and fonts correctly. For this purpose, the browser used by the user establishes a connection to Fonticons’ servers. Via this conjunction, Fonticons receives information that our website was accessed via the user’s IP address. If the user’s browser does not support web fonts, a standard font from the user’s computer will be used. The legal basis for processing data in this context is Art. 6(1)(f) GDPR. We have a legitimate interest in the appealing presentation of our website. Further information can be found in the respective privacy policy at https://fontawesome.com/privacy.
7. Contact form and contacting us by e-mail
Our website includes a contact form that may be used to contact us electronically. If a user makes use of this option, the data entered in the input screen will be transmitted to us and stored:
- Company name (optional)
- Last name
- E-mail address
- Telephone number (optional)
- Blank field for optional text
- The user’s IP address
- Date and time the message was sent.
Alternatively, you can contact us via the e-mail addresses provided. In this case, we store the user’s personal data that is transmitted along with the e-mail. The legal basis for processing data in this context is Art. 6(1)(f) GDPR. The data will only be used to process your contact enquiry and the subsequent communication. This data will not be shared with any third parties in this context. If we use the data for other purposes, we will obtain the user’s consent in advance. Personal data entered into the contact form, and data sent by e-mail, will be erased when the respective communication with the user is terminated, i.e. as soon as it can be inferred from the circumstances that the matter at hand has been conclusively resolved. Additional personal data collected during the sending process will be erased after a period of seven days at the latest.
8. Security
POS employs technical and organisational security measures to protect users’ personal data against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. Our security measures are continuously improved in line with technological developments.
9. Rights of data subjects
If POS processes your personal data, you are a data subject pursuant to Art. 4(1) GDPR with the following rights in relation to POS:
9.1. Right to information
In accordance with Art. 15 GDPR, you can ask us to confirm whether we process personal data concerning you. In the event we do process your personal data, you can request the following information from us:
- The processing purposes;
- The categories of personal data we process;
- The recipients or categories of recipients to whom your personal data has been or will be disclosed;
- Where possible, the envisaged period for which we will retain your personal data, or, if not possible, the criteria used to determine that period;
- The existence of a right to rectification or erasure of your personal data, a right to restrict processing by the controller, or the right to object to such processing;
- The existence of the right to lodge a complaint with a supervisory authority;
- Any available information about the origin of the data, unless the personal data was collected from you;
- The existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the rationale involved, as well as the significance and envisaged consequences of such processing for you.
You also have the right to know whether your personal data has been transmitted to a third country or to an international organization. In this respect, you can request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
9.2. Right to rectification
In accordance with Art. 16 GDPR, you have the right to request us to correct and/or complete any inaccurate personal data concerning you.
9.3. Right to erasure
In accordance with Art. 17 GDPR, you may request that we erase your personal data without undue delay. We are obliged to erase this data immediately if one of the following applies:
- Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- You withdraw your consent upon which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and no other legal ground for the processing applies.
- You object to processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to processing pursuant to Article 21(2) GDPR.
- Your personal data has been unlawfully processed.
- The erasure of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
- Your personal data was collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
If we have made your personal data public and we are obliged to erase it in accordance with Art. 17(1) GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the erasure of all links to this personal data or of copies or replications of this personal data.
The right to erasure does not apply insofar as processing is necessary
- To exercise the right of freedom of expression and information;
- To perform a legal obligation which requires such processing under the applicable laws of the Union or of the Member States or to perform a task in the public interest or in the exercise of official authority vested in us;
- For reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR;
- For archiving purposes in the interest of public, scientific, or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, to the extent that the law referred to above is likely to render impossible or seriously prejudice the attainment of the objectives of such processing; or
- To establish, exercise, or defend legal claims.
9.4. Right to restriction of processing
Under the following conditions, you may request that the processing of your personal data be restricted pursuant to Art. 18 GDPR:
- If you dispute the accuracy of your personal data for a period of time that enables us to verify the accuracy of the personal data;
- If the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
- If we no longer need your personal data for the purpose of data processing, but you require it to establish, exercise, or defend legal claims; or
- If you have objected to the processing in accordance with Art. 21(1) GDPR and it has not yet been verified whether our legitimate reasons override yours.
Where processing of personal data that concerns you has been restricted, such data – apart from being retained – may be processed only with your consent or for the purpose of establishing, exercising, or defending legal claims or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State. If the restriction of processing has been implemented in accordance with the above conditions, you will be informed by us before the restriction has been lifted.
9.5. Right to notification
If you have exercised your right to have your data rectified or erased, or have asked for its processing to be restricted, pursuant to Art. 19 GDPR we are obliged to provide notice of the same to all recipients to whom your data has been disclosed, unless this proves impossible or involves a disproportionate effort. It is your right to have us inform you regarding such recipients.
9.6. Right to data portability
Pursuant to Art. 20 GDPR, you have the right to obtain personal data you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another data controller without any interference from us, provided that
- Processing is based on consent (Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR) or based on a contract pursuant to Art. 6(1)(b) GDPR and
- Processing is carried out by automated means
In exercising this right, you also have the right to request that personal data concerning you be transferred directly by us to another controller, insofar as this is technically feasible. The exercise of this right may not adversely affect the rights and freedoms of others. The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
9.7. Right to object
Pursuant to Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you that is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. We will then no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
9.8. Right to withdraw consent
You have the right to withdraw any consent you have provided us under data protection law at any time, for example by sending an e-mail to datenschutz@posservice.de. Such a withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
9.9. Automated individual decision-making, including profiling
Pursuant to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
- Is necessary for entering into, or performance of, a contract between you and us;
- Is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- Is made based on your explicit consent.
9.10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge ca complaint with a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of your personal data infringes the GDPR.
10. Responsibility for content and information
Our website contains links to online content provided by third parties. When creating the respective link, we checked the online content provided by third parties to determine whether it violated applicable civil law or criminal laws. However, it cannot be ruled out that such content may be subsequently changed by the respective providers. If you are of the opinion that external sites for which links have been provided violate applicable law or have other inappropriate content, please let us know. We will follow-up on your information and remove the external link if necessary. POS is not responsible for the content and availability of external websites to which links have been provided.
11. Integration and validity of the Privacy Policy
By using our website, you agree to the data processing described above. This Privacy Policy applies only to the contents of our website. Different data protection and data security policies apply to external content to which links have been provided. Please consult the relevant legal notices for information about who is responsible for such content.
It may become necessary to change our Privacy Policy in light of enhancements made to our website or the implementation of new technologies. We therefore reserve the right to amend our Privacy Policy at any time with future effect. The version available at the time of your visit to our website applies in all cases.
Last updated: July 2018