Protection of your personal data is important to us.
In the following, we would like to inform you that we ask for personal data from you and store it electronically. Your data will be stored and processed in accordance with the applicable provisions of the national data protection laws, as well as the General Data Protection Regulation (GDPR).
Controller within the provision of aforementioned regulations is:
Phototherm Dr. Petry GmbH
Altenkesseler Str. 17 C1
Tel: +49 681 – 97 62 300
Fax:+49 681 – 97 62 302
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The data subject is an identified or identifiable natural person, whose personal data is processed by the person responsible.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Data is collected and processed when you access our website or retrieve a file stored on our website. As a rule, this does not take place unless it’s necessary to provide a functional website or its contents and services. Furthermore, personal data is regularly collected and used only after appropriate consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by legal provisions.
If personal data is processed for fulfilling the contracts entered into with us, Art. 6 Para 1 lit. b GDRP serves as a legal basis. This also applies to processing operations, which are necessary to carry out pre-contractual actions.
If we obtain consent of the concerned person for processing operations of personal data, Art. 6 Para 1 lit. a GDRP serves as a legal basis.
If processing of personal data is required to fulfill a legal obligation, which our company is subject to, Art. 6 Para 1 lit. c GDRP serves as a legal basis.
In case vital interests of the concerned person or any other natural person require the processing of personal data, Art. 6 Para 1 lit. d GDRP serves as a legal basis.
If processing of data is required to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the concerned person do not outweigh the above-mentioned interest, then Art. 6 Para 1 lit. f GDRP serves as a legal basis for the processing.
The personal data collected by us is deleted as soon as the purpose for storing the data ends.
Data is stored if there is a law, a Union regulation or other provisions authorizing such storage.
Furthermore, data is deleted when the retention period prescribed by the norms mentioned expires, unless there is a necessity for storing data further for concluding a contract or for the fulfillment of a contract.
When you access our website
Legal basis for storing data and the log files is Art. 6 Para 1 lit. f GDRP.
Storing data in log files ensures that our website is functioning properly. It further helps in optimization and security of our systems. Therein also lies our legitimate interest in the processing of data according to Art. 6 Para 1 lit. f GDRP. In accordance with this use, we do not evaluate data for marketing purposes.
The data stored by us is deleted as soon as we do not need it anymore for achieving the purpose for which it was collected. This happens at the latest after seven days. Storing data longer than that is possible. In this case, the users’ IP addresses are deleted or anonymized, in order to make identifying the user impossible.
Recording the data mentioned is absolutely necessary for the operation of the website. As a result, there is no option for the user to object to it.
The following data, for example, is stored and transmitted in the cookies:
The data obtained from this is pseudonymized by us. Therefore, it is not possible to link data back to the visitor. Furthermore, this data is not stored together with other personal data.
You can set your browser in such a way that you are informed about the setting of cookies and individually decide on their acceptance or refuse the acceptance of cookies for specific cases or in general. If you do not accept cookies, the functionality of our website may be limited.
The legal basis for the processing of personal data by using cookies is Art. 6 Para 1 lit. f GDRP. The legal basis for the processing of personal data by using cookies for analysis purposes is Art. 6 Para 1 lit. a GDRP if the user has consented to using cookies.
Visitors to our website are provided with a contact form for fast, electronic contact. The data entered in the input screen is transmitted to and stored by us. In addition, the IP address of the user as well as the date and time of transmission are stored at the time of sending. Alternatively, contact is possible via the email address provided. In this case, the user’s personal data transmitted via email is stored. Data is never transferred to third parties. The data is only used for processing the request.
The legal basis for processing the data, if the user has consented to it, is Art. 6 Para 1 lit. a GDRP.
The legal basis for processing the data, which is transmitted while sending an email, is Art. 6 Para 1 lit. f GDRP. If contact via email aims to conclude a contract, then additional legal basis for the processing is Art. 6 Para 1 lit. b GDRP.
Processing of personal data serves the sole purpose of processing contact. In case of contact via email, this also includes the required legitimate interest in the processing of the data. Other personal data processed in the sending process serves the purpose of preventing misuse of the contact form and to ensure the security of our information technology systems.
The data is deleted as soon as we do not need it for achieving the purpose for which it was collected. For personal data from the input screen of the contact form and that which has been sent via email, this is the case when the respective conversation with the user has ended. The conversation ends when it is clear from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process is deleted at the latest after a period of seven days.
At any given time, the user has the option to revoke his consent to the processing of personal data. For this purpose, the user can contact the person responsible via the contact options provided on the website. If the user contacts us by email, then he/she may object to the storage of his personal data at any time. The conversation cannot continue in such a case.
To protect our website from brute force attacks, we use the Limit Log In Attempts service. The service stores the IP addresses logged when our website is called up in an encrypted form in the WordPress database.
The legal basis for the processing of users’ personal data is Art. 6 para. 1 lit. f DSGVO.
The legitimate purpose of using the service is to protect the website from unauthorised access. This is also the legitimate interest.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
The user has the rights listed in the section “Rights of data subjects”.
When you place an order, we collect and use your personal data only to the extent necessary to fulfil and process your order and to deal with your enquiries. The data entered by you during the ordering process will be passed on to service partners that we require to process the contractual relationship or to service providers that we use as part of order processing, insofar as this is necessary for the fulfilment of the contract or if you have given your consent.
In addition to the recipients named in the respective clauses of this data protection declaration, these are, for example, recipients of the following categories:
Shipping service providers, payment service providers, merchandise management service providers, service providers for order processing, web hosts, IT service providers and dropshipping merchants.
The processing described above serves to fulfil a contract to which the user is a party. The legal basis for the processing of the data Art. 6 para. 1 lit. b DSGVO.
The transfer serves the fulfilment of our contractual obligations.
Your data will be deleted when it is no longer required for the performance of the contract, unless there are contractual or statutory retention obligations to the contrary.
The user has the possibility at any time to revoke the consent given to the person responsible or the provider. A revocation with regard to the processing of data that is absolutely necessary for the fulfilment of the contract is not possible.
We have integrated components from YouTube on our website. YouTube is an Internet video portal that enables video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programs, as well as music videos, trailers or videos made by users themselves can be accessed via the Internet portal.
The service on YouTube is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The website does not embed YouTube videos directly in the website. Profiling by third parties is therefore excluded.
In order to still be able to view our videos, users must first click on the preview image. The video can only be viewed after clicking away the message or logging in. Only at this point will data be transferred.
You can find more information on this at http://www.youtube.com/t/privacy_guidelines and under the data protection provisions published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/. These provide information about the collection, processing and use of personal data by Google.
After clicking away the note, the legal basis is Art. 6 Para. 1 lit. a GDPR.
Data subjects have the right to be provided with a confirmation if personal data is processed by a controller.
If personal data is collected, data subjects shall be provided with the following information:
Where the provision of such information proves impossible or would involve a disproportionate effort, in particular for processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, the access to data processed can be restricted
The data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning him or her. The controller has to inform the data subject without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Where the provision of such information proves impossible or would involve a disproportionate effort, in particular for processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, the right to rectification can be restricted
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
Where the provision of such information proves impossible or would involve a disproportionate effort, in particular for processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, the right to restriction of processing can be restricted
The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
Where the controller has made the personal data public and is obliged to erase personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erase shall not apply, if the processing is necessary
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Articles 16, 17(1) and 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on points (e) or (f) of Article 6(1), including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
This shall not apply if the decision
In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Decisions shall not be based on special categories of personal data referred to in Article 9(1), unless suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.