Data Privacy Statement and Mandatory Information in Acc. With Art. 13, 14 EU GDPR
1. General information
Information on responsible office
The responsible office for the processing of information on this website is:
Topp Goldings GmbH
Phone: +49 (0) 421 20 488-0
Fax: +49 (0) 421 24 39004
We take the protection of your personal data very seriously and treat them confidentially and in accordance with the statutory data privacy regulations and this data privacy statement.
The use of this website is associated with the collection of various items of personal data. Personal data in this sense are data which can be used to identify you personally. This data privacy statement explains which data are collected and the purpose(s) for which we use them. It also explains how and why this is done.
Please note that online data transmission (for example communication via e-mail) may be subject to security vulnerabilities. It is not currently possible to protect data conclusively against third-party access.
Data protection officer as prescribed by law
We have nominated a data protection officer for our company.
Miss Larissa Schwarz
MERENTIS DataSec GmbH
Phone: 0421 / 23804-0
2. Data collection on our website and the applicable legal basis
Some of the Internet sites use ‘cookies’. Cookies do not damage your computer and do not contain viruses. Cookies help make our offering more user-friendly, efficient and safe. Cookies are small text files that are stored on your computer and saved by your browser.
The majority of the cookies we use are so-called ‘session cookies’. These are deleted automatically when you leave our website. Other cookies remain stored on your end device until you delete them. These cookies allow us to recognise your browser again if you visit in the future.
You can adjust the settings of your browser so that you are informed about the storage of cookies and cookies are only permitted in certain cases, cookies are excluded under specific conditions or entirely or all cookies are automatically deleted when you close your browser window. Disabling cookies can restrict the proper functioning of this website.
Cookies required for electronic communication and the provision of certain functions you wish to use (e.g., shopping basket function) are stored in accordance with the provisions of Art. 6 1. b) of the GDPR (contract negotiations and conclusion of contracts).
Server log files
The provider of the pages automatically collects and saves information in ‘server log files’, which your browser sends to us automatically. These include:
- Browser type and version
- Operating system in use
- Referrer URL
- Host name of accessing computer
- Time of server request
- IP address
These data are not combined with other data sources.
The legal basis for data processing is Art. 6 1. f) of the GDPR. The website operator has a legitimate interest in the storage of these data for the technically unimpaired and optimised provision of its services.
If you send us enquiries via our contact form, the data you input in the contact form, including the contact data you specify, are stored by us for the processing of your enquiry and any follow-up questions. These data are not provided to third parties without your consent.
As such, the processing of the data input in the contact form is performed exclusively on the basis of your consent (Art. 6 1. a) of the GDPR). You may withdraw this consent at any time. To do so, simply send us an informal notification via e-mail. This withdrawal of consent does not affect the legal validity of the data processing performed before it was received.
The data you input in the contact form are stored until you ask us to erase them, withdraw your consent to their storage or the purpose for which the data was stored no longer applies (e.g., once processing of your enquiry is completed). Mandatory statutory provisions – especially with regard to storage periods – remain unaffected.
Our website employs plug-ins from the Google-operated site YouTube. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
A connection to the YouTube servers is established if you visit one of our pages with an enabled YouTube plug-in. The YouTube server is notified of which of our pages you have visited.
If you are logged in to your YouTube account, you permit YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is employed in the interest of making the presentation of our online offers appealing. This constitutes a legitimate interest as defined by Art. 6 1. f) of the GDPR.
Analysis tools and advertising
This website employs the functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses ‘cookies’. Cookies are text files which are stored on your computer and facilitate analysis of your use of the website. The information that the cookie generates in relation to your use of this website is generally sent to a Google Inc. server in the USA and stored there.
Google Analytics cookies are stored on the basis of Art. 6 1. f) of the GDPR. The website operator has a legitimate interest in the analysis of user behaviour for the purpose of optimising both its online offering and advertising.
We have enabled the IP anonymization function on this website. Consequently, Google truncates your IP address within the Member States of the European Union and in other states which have signed the agreement concerning the European Economic Area before transferring it to the USA. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website provider with other services connected with website use and Internet use. The IP address sent by your browser for Google Analytics purposes will not be combined with other Google data.
You can prevent the storage of cookies by adjusting your browser software settings. However, please note that, if you do so, some parts of the website may not function fully. You can also opt out of storage of the data on your site activity by the cookie (incl. your IP address) as well as the processing of these data by Google by downloading and installing the browser plug-in available from the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Objection to data collection
Commissioned data processing
We have concluded an agreement with Google governing commissioned data processing and enforce the strictest requirements of the German data protection authorities with regard to the use of Google Analytics in their entirety.
Google Analytics Demographics
This website employs the Google Analytics “Demographics” function. This allows compilation of reports containing information on the age, gender and interests of visitors to the sites. These data originate from interest-related advertising by Google and visitor data from third parties. It is not possible to identify a specific person using these data. You can disable this function at any time via the advertising settings in your Google account or prohibit the collection of your data by Google Analytics entirely as explained in the “Objection to data collection” section.
Google AdWords and Google conversion tracking
This website employs Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
In the scope of Google AdWords, we also utilise so-called conversion tracking. If you click on an advert placed by Google, a cookie is saved for the conversion tracking. Cookies are small text files which the Internet browser stores on the user’s computer. These cookies become invalid after 30 days and can no longer be used to identify users personally. If the user visits specific pages of this website and the cookie is still valid, Google and we can recognise that the user has clicked on the advert and been forwarded to this page.
Each Google AdWords customer receives a different cookie. The cookies cannot be traced via the websites of AdWords customers. The information retrieved via the conversion cookies makes it possible to compile conversion statistics for AdWords customers who have elected to employ conversion tracking. The customers are informed of the total number of users who have clicked on their advert and been forwarded to a page furnished with a conversion tracking tag. They are not, however, provided with any information allowing personal identification of users. If you do not wish to be included in tracking, you can object to its use by simply disabling the Google conversion tracking cookie in the user settings of your Internet browser. You will then not be included in the conversion tracking statistics.
“Conversion cookies” are stored on the basis of Art. 6 1. f) of the GDPR. The website operator has a legitimate interest in the analysis of the user behaviour for the purpose of optimising both its online offering and advertising.
We employ “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
The aim of reCAPTCHA is to verify whether the data entered on our websites (e.g., via the contact form) is entered by a human or an automated program. To do so, reCAPTCHA analyses the behaviour of the visitor to the website on the basis of a range of features. This analysis is initiated automatically as soon as the website visitor accesses the website. For the analysis, reCAPTCHA evaluates different information (e.g., the IP address, period of time spent on the website and mouse movements effected by the user). The data collected for said analysis are transmitted to Google.
The reCAPTCHA analyses largely run unnoticed behind the scenes. Website visitors are not informed that the analysis is being performed.
This data processing is performed on the basis of Art. 6 1. f) of the GDPR. The website operator has a legitimate interest in protecting its online offering against illegal automated unauthorized use and SPAM.
This page uses ‘Google Fonts’ provided by Google for the standardised display of fonts. When you open a page, your browser loads the required Google Fonts in your browser cache so as to be able to display the texts and fonts correctly.
For this purpose, the browser you use needs to connect to Google’s servers. This provides Google with the information that you have visited our website using your IP address. Google Fonts are employed in the interest of making the presentation of our online offers standardised and appealing. This constitutes a legitimate interest as defined by Art. 6 1. f) of the GDPR.
If your browser does not support Google Fonts, your computer will utilise a standard font.
For this purpose, the browser you use needs to connect to Cloudflare’s servers. This provides Cloudflare with the information that you have visited our Website using your IP address. Cloudflare is employed in the interest of making the presentation of our online offers standardised and appealing. This constitutes a legitimate interest as defined by Art. 6 1. f) of the GDPR.
Further information can be found in Cloudflare’s data security policy at: https://www.cloudflare.com/security-policy/
This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Use of the Google Maps functions requires saving of your IP address. This information is generally sent to a Google server in the USA and saved there. The provider of this site has no influence on this data transmission.
The use of maps is included in the interest of the appealing display of our online offering and making it easier to find the locations we refer to on the website. This constitutes a legitimate interest as defined by Art. 6 1. f) of the GDPR.
3. Recipients of personal data
Your personal data are not provided, sold or otherwise made available to third parties unless necessary for conclusion of a contract or you have freely given your consent.
If the provision of personal data to an external service provider is essential to the performance of a service or answering of an enquiry, we employ technical and organisational measures to ensure compliance with the legal data privacy provisions in accordance with Art. 28 EU GDPR and additionally oblige the external service providers to comply with the pertinent legal data protection regulations, to treat all personal data confidentially and to delete the personal data as soon as it is no longer required.
Within the scope of applications sent to us online, we employ the applicant management software PERSY for the documentation and management of applicants. Within the scope of commissioned order processing, the service provider is obliged to comply with the legal data privacy provisions in accordance with Art. 28 EU GDPR.
4. Personal data concerning children
As protection of children's privacy is of the utmost importance, we do not wish to collect, process or utilise personal data concerning individuals under 18 years of age. If you as a legal guardian become aware of the fact that your children have provided us with personal data, you may contact us at the address included in our site notice if you would like us to delete said data.
5. Security aspects
We implement all the technical and organisational security measures necessary to protect your personal data against loss and misuse. Accordingly, your data are stored in a secure operating environment not accessible to the public.
This page also employs SSL/TLS encryption for security reasons and to protect the transfer of confidential content such as orders and enquiries sent to us as the operator of the website. You can identify an encrypted connection by the fact that “http://” changes to “https://” in the address bar of your browser and a padlock symbol appears alongside it.
If the SSL/TSL encryption is enabled, the data that you send to us cannot be read simultaneously by third parties.
6. Period of storage
Your data are generally deleted upon completion of the purpose for which they were saved, unless legally prescribed periods of storage prohibit such deletion. Such periods are prescribed for example by the German Civil Code (BGB), German Commercial Code (HGB) and German Fiscal Code (AO) and range from 2 to 30 years.
The data are then permanently deleted upon expiry of the legally prescribed period of storage.
7. Rights of the data subjects
You have the right to request information about the personal data concerning you and to rectify the data, have the data erased or restrict processing of the data. In addition, you also have a right to object to processing of the data and the right to data portability. You can read more about this in Chapter 3 of the EU GDPR.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the EU GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR. However, before you contact the supervisory authority, we kindly ask you to grant us the opportunity to respond to your question/concern directly. To do so, please contact the following office/individual:
Miss Larissa Schwarz
MERENTIS DataSec GmbH
Phone: 0421 / 23804-0