Data protection policy information for customers, visitors to our website and other interested parties
How does P.A. Jansen GmbH u. Co., KG (called 'Jansen' in the following) deal with your personal data and what rights do you have in this connection? The following information is provided in accordance with the requirements of sections 13, 14 and 21 of the GDPR.
We here inform you how we process data that is 'personal' as defined in Art. 4. No. 1 of the GDPR and of your rights and entitlements as defined in data protection legislation. The data that we use and process is determined by which of our offers and/or services that we provide online and offline you take advantage of, be it in connection with products or services that you acquire from us. It is thus possible that not all the information provided here applies to you.
1. Who is responsible for processing my data and who can I contact in this connection?
The controller as defined in the GDPR is:
P. A. Jansen GmbH u. Co.,KG
Phone number: +49 2641 38970
You can contact our data protection officer at:
Phone number: +49 541 506160
2. What sources of information and data are used by Jansen?
We 'process' as defined in Art. 4. No. 2 of the GDPR personal data that we receive from you in connection with a business relationship or your use of our online services. We also process personal data that we obtain from third parties with your consent and from publicly accessible sources, such as the commercial register or insolvency register, and are allowed to process.
In this case, the term 'personal data' covers information in the form of your name, address, date of birth, legitimisation information such as ID data, data related to our performance of contractual obligations (e.g. turnover data), promotional and sales data and data on your use of our online services (e.g. time you accessed our website, pages clicked on and other similar data).
3. Why does Jansen process your data (processing purpose) and what is the legal basis for this?
It is necessary for us to process your personal data in order to comply with our contractual responsibilities towards you. We also need to process this data in order to comply with our duties of disclosure and documentation that, for example, are specified under German commercial and tax laws. It is also possible in some circumstances that processing may be necessary to meet the requirements of anti-money laundering legislation. All processing is undertaken in compliance with the stipulations of the GDPR and the German Federal Data Protection Act (BDSG).
3.1. Processing in order to comply with contractual responsibilities. In this case, the legal basis is defined in Art. 6, No. 1 (b) of the GDPR.
We process your personal data for the purposes of the performance of any contract to which you are a party, to fulfil your orders and the management of all our commercial, development and production activities. The primary objective of our data processing is to ensure the quality of the services you require (supply of products, advice, production of paints, etc.)
3.2. Processing for the purposes of our legitimate interests. In this case, the legal basis is defined in Art. 6, No. 1 (b) of the GDPR.
When necessary, we may need to process your data for reasons other than complying with our contractual responsibilities when we or third parties have a related legitimate interest. Such legitimate interests include the review and optimisation of needs analysis processes for the direct contact with customers for promotional or survey purposes (assuming you have not prohibited the use of your data in this connection), the establishment, exercise or defence of legal claims in cases of legal disputes, the safeguarding of the operation and security of the Jansen IT system, the prevention and investigation of offences, the maintenance of building and plant security (e.g. access controls), the safeguarding of domiciliary rights, measures for business management and the improvement of products and services, and risk management.
3.3. Processing in order to comply with legal obligations or as a matter of public interest. The legal basis for this is defined in Art. 6, No. 1 (c) of the GDPR.
Because of the products we sell and the services we provide, we may in some circumstances be subject to specific legal requirements, such as those stipulated in anti-money laundering legislation. In addition, we are required under commercial and tax legislation to retain certain data in order to meet our control, reporting and documentation obligations.
3.4. Processing on the basis of your given consent. The legal basis for this is defined in Art. 6, No. 1 (a) of the GDPR.
If you have consented to allow us to process your personal data for particular purposes (e.g. in connection with promotional or marketing purposes, photos of you taken at events, your Jansen ID/newsletter subscription), the legality of processing is based on your consent. Please note that you can withdraw your given consent at any time. Withdrawal of consent to data processing cannot be made retrospective.
4. Who gets to see your data?
Within Jansen, this will be the personnel who need your data to complete their assignments and duties. Your data may also be revealed to processors (Art. 28 GDPR) commissioned by us. These may be an IT or telecommunication service provider or a printer employed by us (e.g. when you order our catalogue). Under certain circumstances, we may be legally required to reveal your data to public offices and institutions (such as law courts or tax authorities). In addition, we also reveal your data to payment service providers and shippers whose cooperation we require in order to comply with our contractual obligations towards you (supply of our products). Please note that Jansen uses payment service providers who are located in a country outside the EU. Personal data is only forwarded to these when this is necessary in order to comply with contractual obligations.
5. Duration of data retention
We will only process your data for as long as this is necessary for us to comply with our obligations towards you. Data is regularly deleted as soon as retention is no longer required for contractual or legal reasons. In addition, we are required to retain certain data for periods of 2 - 11 years by the German Commercial Code (HGB), Fiscal Code (AO) and anti-money laundering legislation.
6. Transfer of data to third countries
We do not transfer data to third countries (i.e. countries outside the EU or EEA) unless the payment service provider you have nominated is located there.
7. Your rights under the GDPR
In accordance with the requirements of the GDPR, all data subjects have the right to be provided with information per Art. 13, the right to rectification per Art. 16, the right to erasure per Art. 17, the right to restriction of processing per Art. 18 and the right to data portability per Art. 20. There are restrictions on the rights to information and erasure as specified in Arts. 34 and 35 of the German Federal Data Protection Act (BDSG). You also have the right to lodge a complaint with a supervisory authority per Art. 77 GDPR in connection with Art.19 BDSG.
8. Obligation to provide your data
In connection with any business relationship with Jansen, you are required to provide only the data necessary for the establishment, maintenance and termination of that relationship or that data which Jansen is obligated to obtain. Without this data, we will be unable to conclude contracts or execute orders and may be forced to withdraw from or terminate any existing contract.
In order to comply with anti-money laundering legislation, we may be compelled to identify you with the help of an ID document and to record your name, place of birth, date of birth, nationality and address. To enable us to comply with this requirement, it will be necessary for you to provide this information. If you are unwilling to do so, we will be unable to enter into the desired business relationship with you.
9. Automated individual decision-making per Art. 22 GDPR.
We do not undertake automated individual decision-making as defined in Art. 22 GDPR.
We do not undertake scoring.
Information on your right to object per Art. 21, No. 1 GDPR
Right to object in individual situations
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data in our interests per Art. 6 No. 1 GDPR. We shall then desist from processing your data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or this is necessary for the establishment, exercise or defence of legal claims.
Information on your right to object per Art. 21, No. 2 GDPR
Right to object to processing for direct marketing purposes
In certain circumstances, we will process your data for direct marketing purposes. You have the right to object at any time to processing of your personal data for such marketing purposes. If you object to this, we will desist from using your personal data for this purpose.
You can submit your objection online through email@example.com or by mail to the address above. Please use the subject line 'Objection' as this will make it easier for us to process
Special data protection information relating to the use of our online services, including our website
The following apply in addition to the above when you use our online services in the form of our website or other of our telemedia services.
1. Scope of the processing of personal data
We also process personal data of the users of our website for reasons other than those specified in section 3 above only where this is necessary to ensure the functioning of the website and the provision of content and services. We are also required to provide this information to our webhost.
2. Provision of the website and preparation of log files
Each time our website is accessed our system automatically records information relating to the computer system of the accessing processor. The following information is recorded:
(1) Your operating system
(2) Your internet service provider
(3) Your IP address
(4) The date and time of access
(5) Websites from which your system has been directed to our website
(6) Websites that are accessed by your system from our website
(7) Name of accessed file(s)
(8) Browser type
This information is also stored in the log files of our system. This information is not stored together with your other personal data. The temporary storage of your IP address by the system is necessary in order to enable your system to access our website. In this case, your IP address is stored for the duration of the session. Information is stored in log files in order to ensure the correct functioning of our website. In addition, the information is used to optimise our website and to safeguard the security of our technical information systems. In this connection, this information is not processed for marketing purposes. It is also analysed for statistical purposes. In this case, we have a legitimate interest in processing.
The legal basis for the temporary storage of this information and use of log files is defined in Art. 7, No. 1 (f) of the GDPR.
3. SSL encoding
In order to protect your data during transmission, we use a state-of-the-art encoding technique (such as SSL) via HTTPS.
5. Duration of data retention
Your data will be deleted as soon as there is no longer a reason for its collection. In the case of collection of data for the purposes of use of our website, this will be the case when the session ends.
Data stored in log files is deleted after 7 days at the latest. It may be the case that certain data needs to be stored for a longer period, in which case your IP address will be deleted or pseudonymised so that it will no longer be possible to associate it with you.
6. Email marketing without newsletter subscription
When you supply us with your email address in connection with the purchase of products and you do not explicitly prohibit this, we reserve the right, in accordance with Paragraph 7, section 3 UWG to send you regular offers by email relating to products from our range similar to those you have purchased. In this case, we have a legitimate interest in contacting you for marketing purposes that overrides your interests, rights and freedoms. You have the right to prohibit the use of your email address for this purpose at any time; simply contact firstname.lastname@example.org or use the corresponding link in the marketing email. There will be no charges for you except costs associated with your transmission of messages.
7. Contact form and email contact
You will find a contact form on our website (https://www.jansen.de/en/finding-us-1/); please use this to contact us online. If you use this form, the data entered by you in the input window will be transmitted to us and stored. Also stored when you send your message will be your IP address and the data and time. If you use the contact form, you will be asked to supply your consent to the above and a link to this data protection policy text will be provided when you click on 'Send'. Alternatively, you can also contact us using any email address we have already supplied to you. In this case, any personal data supplied with the email will be stored. The legal basis for processing of your data is your given consent as defined in Art. 6, No. 1 (a) of the GDPR. We process the data entered in the input window solely for the purposes of contacting you. Where you contact us by email, we have a legitimate interest in the processing of this data. Personal data is also processed during transmission in order to prevent misuse of the contact form and to safeguard the security of our IT systems, The legal basis for the processing of data supplied with an email is defined in Art. 6, No.1 (f) of the GDPR. Where email contact is related to the conclusion of a contract, the legal basis is also defined in Art. 6, No. 1 (b) of the GDPR. Your message sent to us using our contact form or by email is automatically stored in our mail archive. This is to ensure we comply with the documentation and control obligations of the German Commercial Code (HGB) and Fiscal Code (AO) The maximum duration of storage in our mail archive is 11 years.
8. Use of script and font libraries
In order to display the content of our website correctly and clearly, we use the script and font libraries of Google Webfonts (www.google.com/webfonts). These will be transferred to the cache of your browser to avoid the necessity for repeated uploading. When the script and font libraries are activated, a connection to Google is automatically established. It is thus theoretically possible that Google may collect data on usage (although as yet unclear whether this is the case or for what purpose this might be undertaken).
9. Use of Google Maps. The legal basis for the use of Google Maps is defined in Art. 6 No. 1 (a) of the GDPR. Transmission to third countries
We use the services of Google Maps. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (called 'Google' in the following). This enables us to display interactive maps on our website and facilitates your use of our map features. For more information on how Google processes data, see the Google data protection policy. You can also modify your personal data protection setting in their data protection centre. For more information on the use of your personal data in connection with Google products click here. We collect no personal data through or during the use of Google Maps. When you visit our website, Google is notified that you have accessed the corresponding website page. This will be the case even if you have no Google user account through which you have logged-in. If you are logged-in to Google, the data will be directly assigned to your account. If you do not wish this information to be assigned to your profile, you must log out of Google before clicking on the corresponding button. Google saves your data to a user profile, which it employs for the purposes of marketing, market research and/or the improvement of its website design. This data (even that of non-logged-in users) is processed for the purposes of the provision of appropriate advertising and to inform other users of the social network of your activity on our website. You have the right to forbid the formation of such a user profile; to do so, you will need to contact Google directly. Google processes your data in the USA and has registered for the EU_US Privacy Shield Framework self-certification process.
10. Embedding of YouTube videos. The legal basis for the use of YouTube videos is defined in Art. 6 No. 1 (a) of the GDPR. Recipients. Duration of retention and withdrawal of consent
YouTube videos are embedded in some of our website pages. The operator of the corresponding plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (called 'YouTube' in the following). When you access a page with a YouTube plug-in, a link to YouTube servers is set up. YouTube is informed which pages you are accessing. If you have a YouTube account and are logged-in, YouTube will be able to assign your surfing behaviour to you personally. You can avoid this by first logging-out of your YouTube account. The provider employs cookies in connection with activated YouTube videos that supply information on user behaviour. For more information on the purpose and scope of data collection and processing by YouTube, see the provider's data protection policy. There you will also find information on your related rights and options for protecting your private sphere (https://policies.google.com/privacy). Google, the operator of YouTube, processes your data in the USA and has registered for the EU_US Privacy Shield Framework self-certification process. https://www.privacyshield.gov/EU-US-Framework/ The legal basis is provided by your given consent. Accessing YouTube automatically sets up a link to Google. If you have already disabled Google advertising cookies, YouTube cookies will also automatically be disabled when you view YouTube videos. YouTube also collects non-personal data using other cookies. To prevent this, you will need to set your browser so that it does not accept these cookies. For more information, see the YouTube data protection policy at: https://www.google.de/intl/de/policies/privacy/
Transmission to third countries Google processes your data in the USA and has registered for the EU_US Privacy Shield Framework self-certification process. https://www.privacyshield.gov/EU-US-Framework/
11. Use of Facebook and Facebook Fanpage
Jansen maintains a Facebook Fanpage to communicate with its customers, users and other interested parties, where they can find out about the services it offers.
We should like to point out that your data may also be processed outside the European Union. This may pose risks to your data because e.g. it may be more difficult to enforce your rights. In respect of US-based providers certified under the Privacy Shield, Jansen draws your attention to the fact that these providers are under an obligation to comply with the data protection standards of the EU.
Your data is used regularly for market research and advertising purposes. User profiles may be created on the basis of your user behaviour and the interests that it indicates. In turn, these may be used to e.g. place advertisements within and outside Facebook which it is hoped match your interests. To that end, cookies are regularly stored on your device. They store your user behaviour and interests. Moreover, the user profiles may also store data independently of the devices used (in particular if you are a member of Facebook and logged into it).
The processing of your data takes place on the basis of our legitimate interests in effective information and communication with you pursuant to Art. 6(1) letter f GDPR. If you are asked for a consent to the aforementioned data processing by the respective providers of the platforms, the legal basis for processing is Art. 6(1) letter a, Art. 7 GDPR.
For a detailed description of the respective processing and the possibilities to object (opt-out), we refer you to the following linked information from the providers.
If you wish to request information and assert your user rights, Jansen would like to point out that this can be done in the most effective way by contacting Facebook. Only Facebook has access to your data in this regard and can adopt corresponding measures and provide information. If you nonetheless require assistance, you can contact us.
-Facebook, -Pages, -Groups (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the basis of an agreement on shared processing of personal data - privacy statement: https://www.facebook.com/about/privacy/ , opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com , Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
12. Marketing by post and your right to object
We reserve the right to use your forename, surname and address for our own marketing purposes (e.g. in order to send you our catalogues). In this case, we have a legitimate interest in contacting you for marketing purposes as defined in Art. 6, No. 1 (f) of the GDPR that overrides your interests, rights and freedoms. Marketing material will be sent to you in connection with order processing by a service provider to whom we will supply your data. We have entered into a processing contract per Art. 28 of the GDPR with this service provider.
You can at any time object to the use of your data for this purpose: please contact email@example.com or send your objection by mail to the above specified address.