The controller within the meaning of the General Data Protection Regulation and other national data-protection laws of the Member States as well as other data-protection regulations is:
C.A. Warren GmbH
Tel.: +49 201 84 201 20
Fax: +49 201 84 201 10
The controller’s data protection officer is:
Tel.: +49 201 530091
Fundamentally, we process our users’ personal data only to the extent necessary to provide a functioning website and required by our content and services. The regular processing of users’ personal data takes place only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) provides the legal basis.
In the case of the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR provides the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation of our company, Article 6(1)(c) GDPR provides the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR provide the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Article 6(1)(f) GDPR provide the legal basis for processing.
The personal data of the data subject will be deleted or locked as soon as the purpose of the storage no longer applies. In addition, such storage may occur if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Locking or deletion of the data also occur when a storage period prescribed by the specified standards expires, unless there is a need for further storage of the data for conclusion or fulfilment of a contract.
Each time our website is accessed, our system automatically collects data and information from the computer system of the client computer.
The data are also stored in our system’s log files. These data are not stored together with other personal data of the user.
The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.
Storage in log files is performed to ensure the functionality of the website. In addition, the data are used to optimise the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, we have a legitimate interest in the processing of data according to Article 6(1)(f) GDPR.
The data will be deleted as soon as they are no longer necessary to achieve the purposes of their collection. In the case of collecting data in order to provide the website, this is the case when the respective session ends.
The current configuration of the hosting web server writes sequentially to the current log file until it reaches 10 MB in size. As soon as the limit of 10 MB is reached, the log file is archived and a new one is started. The last 10 archived log files are always kept.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. The user consequently has no right to object.
In this way, the following data can be transmitted:
The legal basis for the processing of personal data using cookies is Article 6(1)(f) GDPR.
We require cookies for the following applications:
The user data collected via technically-required cookies are not used to create user profiles.
The use of the analytics cookies is for the purpose of improving the quality of our website and its contents. Via the analytics cookies, we learn how the website is used and can thus constantly optimise our services.
It records the monthly number of visitors to our website and the number of requests for directions to us.
For these purposes, our legitimate interest in the processing of personal data is provided for by Article 6(1)(f) GDPR.
It is possible to contact us via the provided email address. In this case, the user’s personal data transmitted with the email are stored.
In this context, no data are disclosed to third parties. The data are used exclusively for carrying out the conversation.
The legal basis for the processing of data in the presence of user consent of the user is Article 6(1)(a) GDPR.
The legal basis for the processing of the data transmitted in the course of sending an email is Article 6(1)(f) GDPR. If the email contact aims to conclude a contract, then an additional legal basis for the processing is Article 6(1)(b) GDPR.
We only process personal data from the input form for contact purposes. In the case of contact via email, this also provides the required legitimate interest in the processing of the data.
The other personal data processed during the sending procedure serve to prevent abuse of the contact form and to ensure the security of our IT systems.
The data will be deleted as soon as they are no longer necessary to achieve the purposes of their collection. With regard to the personal data submitted via the contact form and those sent by email, this is the case when the conversation with the respective user has concluded. The conversation is ended when it can be inferred from the circumstances that the relevant situation has been conclusively clarified.
The additional personal data collected during the sending process are deleted at the latest after a period of seven days.
Users have the right to revoke their consent to the processing of their personal data at any time. If the user contacts us by email, he or she may thus object to the storage of his/her personal data at any time. In this case, the conversation cannot continue.
All personal data stored in the course of the contact will be deleted in this case.
If your personal data are processed, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
You may require the controller to confirm if personal data concerning you are processed by us.
If such processing is occurring, you can request the following information from the controller:
You have the right to request information about whether your personal information is transmitted to a third country or an international organisation. In this regard, you may demand to be informed of the appropriate guarantees under Article 46 GDPR in connection with the transfer.
You have a right to rectification and/or completion vis-à-vis the controller if your personal data being processed are incorrect or incomplete. The controller must make the correction without delay.
You may request the restriction of the processing of your personal data under the following conditions:
If the processing of your personal data has been restricted, these data—besides their storage—may only be used with your consent or for the purpose of asserting, exercising or defending legal claims; or protecting the rights of another natural or legal person; or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been limited in accordance with the above conditions, the controller will inform you before the restriction is lifted.
You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:
If the controller has made your personal data public and is obligated to erase them under Article 17(1) GDPR, the controller shall take measures—also of a technical nature—that are appropriate, under consideration of the available technology and implementation costs, to inform data controllers processing the personal data that you as the data subject have required the deletion of copies or replications of your personal data and all links to them.
The right to erasure does not exist if the processing is necessary
If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, he/she is obligated to notify all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have a right vis-à-vis the controller to be informed about these recipients.
You have the right to receive personal information you provide to the controller in a structured, commonly-used and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance by the controller to which the personal data have been provided, where:
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
You have the option, in the context of the use of information-society services—Directive 2002/58/EC notwithstanding—to exercise your right to object by automated means using technical specifications.
You have the right to revoke your data-protection declaration of consent at any time. The revocation of consent does not affect the legality of processing carried out on the basis of the consent before the revocation.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
However, these decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express his/her own position and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or the place of alleged infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.