1. Collection and storage of personal data as well as the type and purpose of the processing
The protection of personal data and their confidential treatment is a major concern for Puracast. We would therefore like to explain which data we collect and how these data are processed and stored.
a) Visiting the website
When you visit the website www.puracast.co.uk, the browser on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is automatically recorded and stored until it is automatically deleted:
• IP address of the requesting computer
• Date and time of the access
• Name and URL of the retrieved file
• Website from which the access is made (referrer URL)
• The browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The specified data will be processed by us for the following purposes:
• Ensuring a smooth connection to the website
• Guaranteeing convenient use of our website
• Evaluation of the system security and stability as well as
• For other administrative purposes.
Data processing is carried out on the basis of Article 6 (1)(1)(f) of the General Data Processing Regulation (GDPR). We collect the data solely for the purposes mentioned above, from which our legitimate interest arises.
You have the opportunity to subscribe to our newsletter, enabling us to inform you regularly about our products and promotions/events.
Subscribing to our newsletter utilises the so-called double opt-in procedure, i.e. we will only send you newsletters by email if you confirm in our notification email by clicking on a link that you are the owner of the specified email address. Should you confirm your email address, we will store your data until you unsubscribe from the newsletter. The purpose of this storage is to send you the newsletters and other advertising material relevant to you and to be able to prove your registration. The legal basis for this processing is your consent as per Article 6(1)(a) of the GDPR.
In order to provide you with the best possible and personalised information, we may collect additional information other than your email address, such as your country of origin and the background of your activity, depending on the form of newsletter registration.
Optionally, we may ask you for further information such as your first name and surname, form of address, title, language, company name, address, telephone number, areas of interest and details of your company (e.g. exhibition size). Insofar as you have expressed consent as per Article 6(1)(1)(a) of the GDPR, we will utilise your data for the further personalisation of our newsletters and for sending you other advertising material, should you expressly wish for this. Furthermore, your data will be compared with our existing customer data.
You may unsubscribe at any time, for example via a link at the end of each newsletter. A message to the above or the contact data stated in the newsletter (e.g. by email or letter) will of course also be sufficient.
If you send us data under the headings Product, Contact, Service, Inspiration or Career (e.g. when ordering information material), we ask you to provide your name, address or email address and other personal data. We save these data in order to comply with your request.
Not all information is mandatory. Mandatory fields are marked with an *.
The data processing for the purpose of contacting us will take place on the basis of your voluntary consent as per Article 6(1)(1)(a) of the GDPR.
The personal data collected by us for use of the contact form will be automatically deleted once your request has been processed (within a maximum of 60 days), unless you have consented to further processing for the purpose of sending out newsletters/advertising materials.
You can apply to us for available jobs via our application management system. The purpose of the data collection is the selection of applicants for the possible establishment of an employment relationship. In particular, we collect the following data for the receipt and processing of your application: First name and surname, address and other contact details, date of birth, application documents (e.g. references, CV), date of earliest possible start and expected salary. The legal basis for the processing of your application documents is Article 6(1)(1)(b) and Article 88(1) of the GDPR in conjunction with Section 26(1)(1) of the German Data Protection Act (BDSG).
We will delete the data collected during the application process immediately upon completion of the application process, but no later than 6 months after submission, unless you have given your separate consent to the retention of your data.
e) Surveys and competitions
Should you take part in one of our surveys, we use your data for market and opinion research. In principle, we evaluate the data anonymously for internal purposes. If, in exceptional cases, surveys are not evaluated anonymously, the data will be collected exclusively with your consent. In the case of anonymous surveys, the GDPR does not apply and in the case of exceptional personal evaluations, the legal basis is the aforementioned consent as per Article 6(1)(1)(a) of the GDPR.
In the context of competitions, we use your data for the purpose of conducting the competition and notifying you of your win. Detailed information can be found in the terms and conditions of participation for the respective competition. The legal basis for the processing is the competition agreement as per Article 6(1)(1)(b) of the GDPR.
You have the opportunity to register for our login area in order to utilise our website’s full range of functions. The data you are obliged to provide (company, category, name, address, email address) are marked as mandatory fields. Without these data, registration is not possible. The legal basis for the processing is Article 6(1)(b) of the GDPR.
2. Disclosure of data
Your personal data will not be transmitted to third parties for purposes other than those listed below.
We will only pass on your personal data to third parties if:
• You have given your express consent as per Article 6(1)(1)(a) of the GDPR
• Disclosure as per Article 6(1)(1)(f) of the GDPR is necessary in order to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
• A statutory obligation exists for such transfer as per Article 6(1)(1)(c) of the GDPR, or
• This is legally permissible and is necessary for the processing of contractual relationships with you as per Article 6(1)(1)(b) of the GDPR.
In addition, a transfer of your data may occur in connection with official enquiries, court orders and legal proceedings if they are deemed necessary for legal prosecution or enforcement.
Under certain circumstances, we may store small amounts of information on your PC in the form of “cookies” so that we can optimise our website according to your preferences.
Cookies are small text files generated by a web server and stored on the user’s computer system by means of the web browser used. Most of the cookies we use are deleted from your hard drive after the end of the browser session (so-called session cookies). Other cookies remain on your PC and enable us to recognise your computer on the basis of the logged data (visit of our website including date and time, browser type, operating system, Puracast products which you have viewed on our website) on your next visit (so-called ID cookies).
They are used to recognise your computer on other websites participating in Google’s advertising network in order to show you Puracast product recommendations tailored to your presumed interests based on the data logged. These cookies are automatically deleted after a defined period of time.
Cookies do no damage to your end device and do not contain viruses, Trojans or other malware.
The cookie contains information that results in connection with the specific device used in each case. However, this does not mean that we immediately become aware of your identity.
The usage profiles made possible by this so-called retargeting technology are created in accordance with the statutory provisions such that a personal reference is not readily possible when surfing the Internet.
You can object to the use of ID cookies for interest-based advertising at any time by clicking on the links below on the following pages:
Should you object to interest-based advertising, this information will be stored on your computer in an opt-out cookie for as long as you do not delete these cookies.
You can control whether cookies are stored at all via the security settings of your browser, for example by accepting no cookies from the outset or only upon request, or by specifying that cookies are to be deleted every time your browser is closed. Please note that this may limit the availability of certain services or the availability of the portal and that certain services or parts of the portal may only function correctly in connection with the setting of cookies.
The data processed by cookies is required for the specified purposes in order to safeguard our legitimate interests and those of third parties as per Article 6(1)(1)(f) of the GDPR.
4. Analytical tools
a) Tracking tools
The tracking measures listed below and used by us are executed based on Article 6(1)(1)(f) of the GDPR. We want to use the tracking measures to meet our justified interest in a demand-oriented design and the continued optimisation of our website. We also use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer.
In the following list of technologies use by us, you will also find information on the possibilities for objections with regard to our analysis measures using a so-called opt-out cookie. Please note that after deleting all the cookies in your browser or the subsequent use of another browser and/or profile, an opt-out cookie must be set again.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
b) Google Tag Manager
c) Google Analytics
Google will process the information obtained by the cookies in order to evaluate your use of the website, to compile reports on the website activities for the website operators and to provide further services associated with the use of the website and the Internet.
As an alternative to this browser add-on, or for browsers on mobile devices, please click this link to prevent the future collection of your data by Google Analytics when visiting this website (the opt-out only works in this browser and only for this domain). In this case, an opt-out cookie will be stored on your device. If you delete the cookies in this browser, you will have to click this link again.
d) Google Adwords Conversion Tracking
Should you use a Google Account, depending on the settings in your Google Account, Google can link your web and app browsing history to your Google Account and use information from your Google Account to personalise ads. If you do not wish to be linked with your Google Account, you must log out of Google before visiting our contact page.
e) Newsletter tracking
We use common newsletter tracking methods such as the opening of emails, clicks on links, etc. to provide you with target group-specific information and to optimize our content for you. The legal basis for this is our above-mentioned legitimate interests as per Article 6(1)(1)(f) of the GDPR. We want to offer our customers the most relevant content possible and therefore want to better understand what readers are actually interested in. If you do not want the analysis of usage behaviour, you cannot use the newsletter service.
5. Advertising tools
The legal basis for the data processing described in the following section is Article 6(1)(1)(f) of the GDPR, based on our legitimate interest in advertising our products and services in personalised form.
In the following section, we would like to explain these technologies and the providers used for them in more detail.
6. Social media plug-ins
We use social plug-ins from the social networks Facebook, YouTube, Twitter and Google+ on our website on the basis of Article 6(1)(1)(f) of the GDPR in order to increase familiarity with our company by sharing content on social networks. The underlying promotional purposes are to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for operation which is compliant with data protection is to be guaranteed by the respective provider.
To protect your data, we rely on the implementation of the “Shariff” solution. This means that these buttons are integrated on the website only as a graphic which contains a link to the corresponding website of the button provider. The intended functions of the social plug-ins, in particular the transmission of information and user data to these providers, are therefore not already activated by visiting the websites of our service, but only after you have activated the social plug-ins by clicking on the intended button.
We have integrated the social media buttons of the following companies on our website:
7. Integrated content
On our website we use videos from YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a company owned by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We have integrated YouTube videos into our online offering. These are stored at http://www.youtube.com and can be played directly from our website. The integration of YouTube videos increases the attractiveness of our website. The legal basis for this is Article 6(1)(1)(f) of the GDPR.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified in the section “Collection, processing and use of personal data” are transmitted. This takes place irrespective of whether YouTube provides a user account via which you are logged in or whether there is no user account. If you are logged into Google, your information will be directly assigned to your account. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data in user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (even for users who are not logged in) for the provision of demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Contact YouTube to exercise this right.
b) Google Maps
Our website uses the map service Google Maps provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). In order for the Google map material we use to be integrated and displayed in your web browser, your web browser must connect to a Google server, which may also be located in the United States, when visiting the contact page. In the event that personal data are transferred to the USA, Google has acceded to the EU-US Privacy Shield. This gives Google the information that the contact page of our website has been accessed from the IP address of your device. The legal basis is Article 6(1)(1)(f) of the GDPR, based on our legitimate interest in the integration of a map service to establish contact.
If you access the Google Maps service on our site while logged in to your Google profile, Google may also link this event to your Google profile. If you do not wish to be linked with your Google profile, you must log out of Google before visiting our contact page. Google stores your data and uses them for the purposes of advertising, market research and personalised presentation of Google Maps. You may object to this data collection with Google.
8. Storage duration
Principally, we only store personal data for as long as they are necessary to fulfil the contractual or statutory obligations for which we have collected the data. We then immediately delete the data unless we need them until the end of the statutory limitation period for purposes of proof for civil law claims or due to statutory retention obligations.
For evidence purposes, we must keep contractual data for another three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred after the statutory period of limitation, at the earliest at this point in time.
9. Rights of the data subject
You have the right:
• To request information about the processing of your personal data by us in accordance with Article 15 of the GDPR. In particular, you may request information about the purposes of processing, the category of the personal data, the categories of recipients to whom your data have been or will be disclosed, the planned duration of storage, the existence of a right to correction, deletion, restriction of processing or objection, the right to lodge an appeal, the origin of your data, if they have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
• As per Article 16 of the GDPR to request the rectification of inaccurate personal data or the completion of personal data stored by us without undue delay;
• To request the deletion of your personal data stored with us in accordance with Article 17 of the GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
• In accordance with Article 18 of the GDPR, to demand the restriction of the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but you need them to assert, exercise or defend legal claims or you have filed an objection to the processing in accordance with Article 21 of the GDPR;
• In accordance with Article 20 of the GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission of this data to another controller;
According to Article 7(3) and Article 21 of the GDPR, a right of revocation and objection (see 10. Right of revocation and objection). In order to assert your rights described here, you may contact the above-mentioned contact data at any time. This also applies should you wish to obtain copies of guarantees to prove an adequate level of data protection.
Finally, you have the right to file a complaint with the data protection supervisory authority. You may exercise this right before a supervisory authority in the Member State in which you are staying, working or in the place of the alleged infringement. The responsible supervisory authority in Ahlen (Westphalia) is: State Commissioner for Data Protection in North Rhine-Westphalia, Kavalleriestr. 2-4, DE-40213 Düsseldorf, Germany.
10. Right of revocation and objection
In accordance with Article 7(2) of the GDPR, you shall have the right to revoke a consent once given to us at any time. As a result, we shall not continue to process data based on this consent in the future. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent prior to revocation.
Insofar as we process your data on the basis of legitimate interests in accordance with Article 6(1)(e) or (f) of the GDPR, you shall have the right under Article 21 of the GDPR to file an objection to the processing of your data and to give us reasons which arise from your particular situation and which, in your opinion, indicate that your interests worthy of protection should predominate. Should you object to data processing for purposes of direct advertising, you have a general right of objection, which we shall implement without stating reasons. Should you wish to exercise your right of revocation or objection, simply send an e-mail to email@example.com or an informal letter to the above address.
11. Data security
Within the website visit, we use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. Should your browser not support 256-bit encryption, we revert to 128-bit v3 technology instead. You can determine whether a single page of our website is transmitted in encrypted form by the closed display of the key or padlock symbol in the lower status bar of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
Our website uses Google reCAPTCHA, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. reCAPTCHA prevents automated software (so-called bots) from carrying out improper activities on the website, i.e. it checks whether the entries made are actually from a human being.
To determine this, the following data are processed:
Google also reads cookies from other Google services such as Gmail, Search and Analytics. If you do not wish to be linked with your Google Account, you must log out of Google before visiting our contact page.
The specified data are sent to Google in encrypted form. Google’s analysis determines the form in which the captcha is displayed on the page. In the event that personal data are transferred to the USA, Google has acceded to the EU-US Privacy Shield (https://www.privacyshield.gov/welcome).