Privacy Policy

Welcome to our website. Please find our privacy policy below:

I. General Information

1. Contact details of the Controller

 

Silesia Gerhard Hanke GmbH & Co. KG
Am alten Bach 20 - 24
D – 41470 Neuss
Phone: +49 30 43576-0
E-mail: info[at]silsiea.com

 

2. Contact details of our data protection officer

Frau Lucia Straßer

 

II. Detailed information on the collection of personal data

1. Visiting the website

a) Purpose of data collection and processing

 

Every time a user accesses a page of our website and every time a user accesses a file stored on our website, access data regarding this process are saved in a log file. Each data set consists of:

 

(1) the web page from which the file was requested,
(2) the name of the file,
(3) the date and time of the request,
(4) the transmitted data volume,
(5) the access status (file transmitted, file not found, etc.),
(6) a description of the type of operating system and web browser used,
(7) the client IP address,
(8) the referrer.

 

We use these data to operate our website, especially in order to determine how much the Website is used, if there are malfunctions of the website, and to make adjustments or improvements. The client IP address is used to transmit the quested data; once it is no longer required for technical reasons, it will be anonymised by deleting the last numeric block (Ipv4) or the last octet (Ipv6).

 

b) Retention Period

The data are saved every time a user accesses a page of our website and when he accesses our online presence and they will be deleted once they are no longer required for the purpose they were collected for, which is the case once the user leaves our website.

 

c) Legal Basis

The legal basis for the temporary storage of the above data is Art. 6(1) point f EU General Data Protection Regulation (hereinafter referred to as “GDPR”). The justified interest is making our website available.

 

d) Objection and elimination Option

 

The data subject can object to data processing.

 

2. Contract execution

 

a) Purpose of data collection and processing

 

Name, address(es), bank details, e-mail addresses, phone or fax numbers, client IP address at the time a customer orders is placed are all collected, stored, and processed in order to conclude or execute contracts, which especially includes the billing and implementation of the contract. The personal data will only be transmitted to third parties if doing so is required for execution of the contract, such as when commissioning a shipping company or availing ourselves of a payment service provider.

 

b) Retention Period

 

The data will be deleted when the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed. This time limit is five years for personal data that are subject to section 147 Tax Code (AO) and ten years for personal data that are subject to section 257 German Commercial Code (HGB). The time limits start at the end of the calendar year in which the data were collected.

 

c) Legal Basis

 

The legal basis for storage of the above data is Art. 6(1) points b and c GDPR.

 

d) Objection and Elimination Option

 

As statutory retention periods apply in these cases and because the data are stored and have to remain stored to execute contracts, there are no options for objection or erasure in these cases.

 

3. Cookies

 

a) Purpose of data collection and use of the data

 

In order to make visiting our website and placing orders possible from a technical point of view, we transmit so-called cookies to the end device of the data subject. Cookies are small text files that identify the end device of the data subject, usually by recording the name of the domain that is sending the cookie files, information on the age of the cookie, and an alphanumeric identification code. By saving the cookie on the end device that is used – without accessing the operating system – the device can be recognised, and we are able to make any previously selected settings available immediately. We use this information to tailor our website and the services offered to your needs and to make accessing our website quicker.

 

b) Retention Period

 

The time for which the different cookies are stored varies but does not exceed two years. They are saved on your local end device, not on our server, which is why the actual time of deletion depends on your browser software settings. Please see the instructions for your browser to find out how you can delete cookies placed by us manually or automatically.

 

c) Legal Basis

 

The legal basis for storage of the above data is Art. 6(1) point f GDPR. The justified interest for placing cookies is, on the one hand, optimising the quality of our website through an analysis, and on the other hand, making visiting our website possible; in particular, some functions on our website cannot be used without cookies, since the user may not be recognised when changing pages, for example, it would not be possible to use the shopping basket, language settings would be lost, and searches could not be performed. Furthermore, storage is permissible on the legal basis pursuant to Art. 6(1) point b GDPR to execute a contract.

 

d) Objection and Elimination Option

 

The data subject can block the use of cookies in the end devices he uses or can delete these after their use. It may be possible, however, that individual features of our website will not be accessible in that case. Please see the instructions for your browser as to how to block and delete any cookies that were already saved.

 

4. Contact form, contacting by e-mail, fax, or telephone

 

a) Purpose of data collection and use of the data

 

We provide a contact form on the website. The data subject can use it to contact us electronically and we can then process the enquiry. The following data are collected and saved: Name, address, IP address, e-mail address, phone number, date and time of the request, and the description of the enquiry, if applicable contract details, if the enquiry deals with concluding or implementing a contract. A user can contact us by e-mail, fax, or phone. We will then save the data transmitted to us and provided by the data subject in order to process the request. These data include name, address, e-mail address, phone and/or fax number, date and time of the request, and the description of the enquiry, if applicable contract details, if the enquiry deals with concluding or implementing a contract. These data will not be shared with third parties. They are saved to handle the enquiry of the data subject.

 

b) Retention Period

 

As soon as the data are no longer required to achieve the purpose, they will be deleted, which is the case as soon as the enquiry has been dealt with and if the matter was resolved, and if no contractual or fiscal retention periods prevent such deletion. This time limit is five years for personal data that are subject to section 147 Tax Code (AO) and ten years for personal data that are subject to section 257 German Commercial Code (HGB). The time limits start at the end of the calendar year in which the data were collected.

 

c) Legal Basis

 

The above data are, pursuant to the legal basis under Art. 6(1) point a GDPR, only saved after consent was granted in the enquiry, based on Art. 6(1) point b GDPR to conclude or execute a contract, and pursuant to Art. 6(1) point f GDPR. The justified interest of the controller is being able to process the enquiry and to prevent any abuse of the contact form. The consent may be withdrawn at any time, which does not affect the lawfulness of processing personal data based on such consent before its withdrawal.

 

d) Objection and elimination option

 

The data subject has at all times the right to withdraw the consent to data processing and to object to such data being stored. The data pertaining to that process will then be erased. If a contract was concluded, the above explanations regarding “contract conclusion” shall apply.

 

5. Direct advertisement

 

a) Purpose of data collection and processing

 

We will use the data received from the data subject in connection with the sale of a good or a service for directly advertising our products. As regards your e-mail address, this will only apply to own, similar goods or services and if the data subject has not objected, which is pointed out every time data is collected (for example with this notice); we also point out the option to object to processing, which still applies.

 

b) Retention Period

 

As soon as the data are no longer required to achieve the purpose, they will be deleted, which is the case once the data subject objected to direct advertising or if the lapse of time after the last advertisement that referred to the right to objection so demands, which is the case after twelve months after the last advertisement measure.

 

The legal basis for advertisement after purchasing goods or using a service is 6(1) point f GDPR. The justified interest is direct advertising to increase sales.

 

d) Objection and elimination option

 

The data subject may withdraw his consent to such receipt with effect for the future at any time without incurring any costs other than the transmission costs according to the base rates.

 

6. Newsletter

 

a) Purpose of data collection and use of the data

 

You have the option of subscribing to a newsletter. Once the data subject registers for the newsletter, the data provided by the data subject in that registration form will be transmitted to us. These are the e-mail address that is provided, the IP address, and the date of registration. The collected data are required to be able to send the newsletter.

 

b) Retention Period

 

The data will be deleted as soon as the data are no longer required to achieve their purpose and once the data subject has unsubscribed from the newsletter. Afterwards, the data will be stored for ten years after the last newsletter was sent as means of proof in case of enquiries regarding existing consents, subject to limitation periods.

 

c) Legal Basis 

 

The legal basis for storage of the above data is Art. 6(1) point a GDPR; they shall only be stored based on prior consent granted as part of the registration. The consent may be withdrawn at any time, which does not affect the lawfulness of processing personal data based on such consent before its withdrawal.

 

d) Objection and Elimination Option

 

You can object to the data being used for sending newsletters at any time with effect for the future by unsubscribing from the newsletter, without incurring any costs other than the transmission costs according to the base rates. You can do this by written declaration towards us. If the data subject wishes to unsubscribe from the newsletter, he can do so using the ‘unsubscribe link’ that is provided in every e-mail and that he only needs to click on.

7. Matomo

This website uses the open-source web analysis service Matomo.

Through Matomo, we are able to collect and analyze data on the use of our website-by-website visitors. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g. IP address, referrer, browser, and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

IP anonymization

For analysis with Matomo we use IP anonymization. Your IP address is shortened before the analysis, so that it is no longer clearly assignable to you.

Hosting

We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

8. Social Media

 

Our social media appearances

This privacy policy applies to the following social media presence

    https://www.xing.com/pages/silesia-aroma

    https:de.linkedin.com/company/silesia-aroma?trk=similar-pages

Data processing through social networks

We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered.

If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).

Responsibility and assertion of rights

If you visit one of our social media sites, we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal.

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time

The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).

Your rights

You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time and free of charge. You also have the right to object, the right to data portability and the right to file a complaint with the responsible regulatory agency. Furthermore, you can request the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data.

Individual social networks

LinkedIn

We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:

   https://www.linkedin.com/legal/l/dpa and

   https://www.linkedin.com/legal/l/eu-sccs.

For details on how they handle your personal information, please refer to LinkedIn's privacy policy:

    https://www.linkedin.com/legal/privacy-policy

XING

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on their handling of your personal data can be found in the XING Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

III. Data subject rights

If our website processes personal data of users, the affected person (data subject) has the following rights towards the controller pursuant to the GDPR.

 

1. Right of access pursuant to Art. 15 GDPR

 The data subject has a right to the following information:

 

a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data has been or will still be disclosed, especially for recipients in third countries or for international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data is not collected from the data subject, any available information as to its source;
h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
i) if personal data is transferred to a third country or an international organisation, the data subject has the right to be informed of the appropriate guarantees according to Art. 46 of the GDPR in connection with the transfer of such data. We provide the data subject with a copy of the personal data undergoing processing. For all further copies requested by the data subject, the controller may demand a reasonable fee based on the administrative costs.

 

2. Right of rectification pursuant to Art. 16 GDPR

 

The data subject has the right to have the controller rectify inaccurate personal data concerning the data subject without undue delay. Under consideration of the purposes of processing, the data subject has the right to demand the completion of incomplete personal data - also by supplementary declaration.

 

3. Right of erasure pursuant to Art. 17 GDPR

 

The data subject has the right to have the controller erase personal data concerning the data subject without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
a) The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise;
b) the data subject withdraws consent on which processing is based pursuant to point (a) of Article 6(1) or point (a) of Art. 9(2) GDPR, and where there are no other legal grounds for processing;
c) the data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing the data subject objects to the processing pursuant to Art. 21(2) of the GDPR;
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law the controller is governed by;
f) the personal data has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

 

4. Right of restriction to processing pursuant to Art. 18 GDPR

 

The data subject has the right to have the controller restrict processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
b) the processing is unlawful and the data subject has opposed the erasure of the personal data and requested the restriction of its use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, or
d) the data subject has objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

 

5. Right of notification pursuant to Art. 19 GDPR

 

If the data subject has demanded from the controller in regard to the personal data of the data subject a rectification pursuant to Art. 16 GDPR, erasure pursuant to Art. 17(1) GDPR, or restriction of processing pursuant to Art. 18 GDPR, and if the controller has informed all recipients who have received personal data of the data subject of the request of the data subject (unless impossible or only possible subject to unreasonable efforts), the data subject shall have the right to receive a notification from the controller as to who has received his personal data.

 

6. Right to data portability Art. 20 GDPR

 

The data subject has the right to receive the personal data concerning him, which he has provided to the controller, in a structured, commonly used and machine-readable format and has the right to transmit this data to another controller without hindrance from us, where
a) processing is based on consent pursuant to Art. 6(1) point a GDPR or Art. 9(2) point a GDPR or on a contract pursuant to Art. 6(1) point b GDPR; and
b) the processing is carried out by automated means. This must not adversely affect the rights and freedoms of others. In exercising the right to data portability pursuant to (1), the data subject has the right to have the personal data transmitted directly from us to another controller, where technically feasible. The exercise of the right to data portability is without prejudice to the right to erasure pursuant to Art. 17 GDPR. The right of data portability shall not apply to any processing that is necessary for the performance of a task carried out in the public interest or in exercise of official authority vested in the controller.

 

7. Right of objection pursuant to Art. 21 GDPR

 

The data subject has at any time the right to object, on grounds relating to his particular situation, to processing of personal data concerning him which is based on Art. 6(1) point e or f GDPR, including profiling based on those provisions. We will no longer process the personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or if processing serves the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject has at any time the right to object to processing of personal data concerning him for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data are no longer be processed for such purposes. The data subject may withdraw the consent he has given at any time. The lawfulness of any collection and processing until such time, however, shall not be affected by this.

 

8. Automated individual decision-making, including profiling, pursuant to Art. 22 GDPR

 

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or similarly significantly affects him.
This does not apply if the decision
a) is necessary for entering into, or performance of, a contract between the data subject and us;
b) is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject; or
c) if the data subject has granted his express consent. Such decisions must not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2) point a or g GDPR applies and suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject are in place. In the cases referred to in sections a) and c), we will implement suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject, at least the right to obtain human intervention on our part, to express its point of view and to contest the decision.

 

9. Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

 

Each data subject has, without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement, if the data subject believes that the processing of their personal data violates this regulation. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

 

10. Right to an effective judicial remedy against a controller or processor pursuant to Art. 79 GDPR

 

Each data subject has, without prejudice to any other administrative or judicial remedy including the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, the right to an effective judicial remedy if he believes that the rights he is entitled to under this regulation were violated by any processing of his personal data that does not comply with the provisions of this regulation. The competent courts for actions brought against contract processors are the courts of the Member State in which we or the contract processor have a branch. Alternatively, such actions can also be brought before the courts of the Member State in which the data subject has his residence, unless we or the contract processor are an authority of the Member State and we or the contract processor exercised sovereign powers.