The protection of your personal data is very important to us.
We process your personal data (“data” for short) exclusively on the basis of the legal requirements. The aim of this data privacy statement is to inform you about how your data is processed in our company and to provide you with comprehensive information about your data protection rights in terms of Art 13 of the European General Data Protection Regulation (GDPR).
1. Who is responsible for the data processing and whom can you contact?
The data controller is
primus line GmbH
Kammerdorfer Straße 16
The company data protection officer is
Projekt 29 GmbH & Co. KG
2. What data is processed and what are the sources of this data?
We process the data that we have received from you during the preparation or execution of a contract, on the basis of consents or within the framework of your application to us or your employment with us, as well as data that we receive through your use of our online services or that accrues for technical reasons.
The personal data includes:
- For customers: your master/contact data, e.g. forename and surname, address, contact details (e-mail address, telephone number, fax), bank details.
- For business partners: your master/contact data, e.g. the name of your legal representative, company name, commercial register number, VAT ID No., company number, address, contact details of contact person (e-mail address, telephone number, fax), bank details.
- For applicants and employees: e.g. forename and surname, address, contact details (e-mail address, telephone number, fax), date of birth, data from the CV and employer references, bank details, religious affiliation.
- For users of our online services: IP address, date and duration of the visit; the web page that is accessed on our website; the website from which one of our web pages is accessed (referrer); if a contact form is used - forename and surname, address, contact details (e-mail address, telephone number fax).
We shall also process the following personal data:
- Information about the nature and content of contract data, order data, sales and receipt data, customer and supplier history and consultation documents
- Advertising and sales data
- Information from your communications with us (e.g. IP address, log-in data)
- Other data which we have received from you during our business relationship (e.g. in customer meetings)
- Data that we generate ourselves from master/contact data and other data, e.g. by means of customer requirements and customer potential analyses
- Photos of events and operative activities
Automatically saved data
The provider of the web pages collects information and automatically saves it in so-called server log files, which your browser transmits to us automatically. The information saved in these server log files includes:
- The date and time of the request
- The name of the requested file
- The page from which the file was requested
- The access status (file transferred, file not transferred, etc.)
- The web browser and operating system used
- The complete IP address of the requesting computer
- The data volume transferred
This data is not merged with other data sources. The processing takes place in accordance with Art. 6 (1) f GDPR, on the basis of our legitimate interest in the improvement of the stability and functionality of our website.
For reasons of technical security, especially to defend against attempts to hack into our web server, this data is stored by us for a short time. It is not possible for us to identify individual people on the basis of this data. After no more than seven days, the data is anonymised by shortening the IP address at a domain level so that it is no longer possible to establish a connection to an individual user. In an anonymised form, the data is also processed for statistical purposes; it is not compared with other data sets or passed on to third parties, even in part. The number of page views is only presented as part of our server statistics which we publish every two years in our activity report.
3. For which purposes and on what legal basis is the data processed?
We process your data in accordance with the provisions of the valid version of the General Data Protection Regulation (GDPR) and of the German Federal Data Protection Act of 2018:
For the fulfilment of (pre-)contractual obligations (Art. 6 (1) b GDPR):
Your data is processed online or in one of our branches for the execution of a contract, or in our company for the execution of your employment contract. The data is processed, in particular, during the preparation of the contract and during the implementation of the contracts with you.
For the fulfilment of legal obligations (Art. 6 (1) c GDPR):
The processing of your data is necessary for the fulfilment of various legal obligations, e.g. arising from the German Commercial Code or the German Fiscal Code.
For the protection of legitimate interests (Art. 6 (1) f GDPR):
Due to a balancing of interests, data processing for the protection of our own legitimate interests and those of third parties can take place beyond the actual performance of the contract. Data processing for the protection of legitimate interests takes place in the following cases, for example:
- advertising or marketing (see No. 4),
- measures for business management and the further development of services and products;
- management of a group-wide customer database to improve customer service
- within the framework of a prosecution.
Within the framework of your consent (Art. 6 (1) a GDPR):
If you have granted us consent to process your data, e.g. to send our newsletter or to use photos for publication.
4. Processing of personal data for advertising purposes
You can object to your personal data being used for advertising purposes at any time in the form of an overall objection or an objection to individual measures, without incurring any costs other than the transmission costs at the basic rates.
Under the legal conditions of Section 7 (3) German Act Against Unfair Competition, we are entitled to use the e-mail address that you provided when concluding the contract for the direct advertising of similar goods and services. You will receive these product recommendations from us irrespective of whether you have subscribed to a newsletter.
If you do not want to receive such recommendations from us by e-mail, you can object to the use of your e-mail address for this purpose at any time, without incurring any costs other than the transmission costs at the basic rates. A communication in text form is sufficient for this. An “unsubscribe” link is, of course, always included in every e-mail.
5. Who receives my data?
If we use a service provider for data processing, we remain responsible for the protection of your data. All the data processors are contractually obliged to treat your data as confidential and to process it only within the framework of the provision of services. The data processors commissioned by us receive your data if they require the data for the fulfilment of their respective service. These are e.g. IT service providers which we need for the operation and security of our IT system.
Your data is processed in our customer database. The customer database supports the increase in the data quality of the available customer data (duplicate cleansing, moved/deceased indicator, address correction) and allows it to be enriched by data from public sources.
This data will be made available to the group companies if necessary for the execution of the contract. The customer data is stored separately and with relation to the company, whereby our parent company acts as a service provider for the individual participating companies.
If a statutory obligation exists and within the framework of a legal prosecution, authorities, courts and external auditors may be the recipients of your data.
In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of the preparation and performance of the contract.
6. For how long will my data be stored?
We will process your data until the end of the business relationship or until the expiry of the applicable statutory storage periods (e.g. from the German Commercial Code, the German Fiscal Code or the German Working Hours Act); or beyond these periods until the end of any legal disputes for which the data is needed as evidence. In all other cases, your personal data will be deleted immediately after the end of its purpose.
7. Will personal data be transmitted to a third country?
No data will be transmitted to a third country. In the individual case, a transmission shall only take place on the basis of an adequacy decision of the European Commission, standard contractual clauses, suitable guarantees or your express consent.
8. What data protection rights do I have?
At any time, you have a right of access and a right to rectification, to erasure or to restriction of the processing regarding your saved data, as well as a right to object to the processing, a right to data portability and a right to lodge a complaint, in accordance with the conditions of data protection law.
Right of access (Art. 15 GDPR):
You may demand information from us concerning whether and to what extent we are processing your data.
Right to rectification (Art. 16 GDPR):
If we are processing your data that is incomplete or incorrect, you may demand at any time that we rectify or complete it.
Right to erasure (Art. 17 GDPR):
You may demand that we delete your data if we are processing it unlawfully or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons opposing an immediate erasure, e.g. in the event of statutory storage obligations.
Independently of you exercising your right to erasure, we will delete your data immediately and in full if there is no contractual or statutory storage obligation that contradicts this.
Right to restriction of processing (Art. 18 GDPR):
You may demand from us a restriction of the processing of your data if
- you are disputing the accuracy of the data, for a period which allows us to verify the accuracy of the data;
- the processing of the data is unlawful and you refuse a deletion, instead demanding a restriction of the use of the data;
- we no longer require the data for the intended purpose, but you still require this data for the assertion or defence of legal claims, or
- you have objected to the processing of the data.
Right to data portability (Art. 20 GDPR):
You may demand that we make your data, which you provided to us, available to you in a structured, commonly used and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that
- we process this data on the basis of revocable consent granted by you or for the performance of a contract between us, and
- this processing is carried out by automated means.
Where technically feasible, you may demand that your data be transmitted directly from us to another controller.
Right to object (Art. 21 GDPR):
If we are processing your data on the basis of a legitimate interest, you may object to this processing at any time; this would also apply to profiling based on these provisions. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims. You can object to the processing of your data for direct marketing at any time without providing reasons.
Right to lodge a complaint (Art. 77 GDPR):
If you believe that we are infringing German or European data protection law in the processing of your data, please get in touch with us to resolve matters. You also, of course, have the right to contact the competent supervisory authority, the relevant state office for data protection supervision.
If you want to assert one of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
9. Am I obliged to provide data?
It is necessary to process your data for the conclusion or for the performance of the contract that you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will be unable to continue to implement an existing contract and will consequently have to terminate it. You are, however, not obliged to grant your consent to the processing of data that is not relevant or not required by law for the performance of the contract.
10. Use of our online services
Only the IP address is stored here – no other personal information. This information that is stored in the cookies allows us to automatically recognise you on your next visit to our website, which makes it easier for you to use our website.
Cybot relies on the following subcontractors:
- Microsoft Ireland Operations Ltd, Dublin, Ireland (main contractor for the operation of the main infrastructure)
- E-conomic International A/S, Copenhagen, Denmark (accounting for Cybot A/S)
- Fujitsu A / S, Ballerup, Denmark (hosting of the accounting system of E-conomic International A/S)
No data is forwarded to other third parties.
You can find additional information on data privacy at Cybot here: https://www.cookiebot.com/en/privacy-policy/
Cookies in use and cookie settings
We use the service "Cloudflare". The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter "Cloudflare).
We have signed a Data Protection Addendum with Cloudflare.
We base the use of Cloudflare on our legitimate interest in providing our website error-free and secure (Art. 6 (1) f GDPR).
You may find further information on the subject security and privacy at Cloudflare here: https://www.cloudflare.com/privacypolicy/.
On our website we use a so-called on-premise installation of the web analytics software Matomo Analytics ("Matomo") (matomo.org), a software by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. In case you gave us permission, Matomo generates a visitor ID based on your operating system, browser, browser plugins, browser language and IP address in order to differentiate between simultaneously occuring sessions. Sessions older than 30 minutes are not used for comparison. Recognition at a later date does not occur.
When viewing pages on our website the following data is stored:
- IP address of the user, shortened by the last two bytes (anonymised)
- pages viewed and time of the view
- the website the user came from when visiting our website (referrer)
- browser name, browser plugins, operating system and display resolution of the user
- time on website
- pages that were opened from other pages on our website.
The data collected by Matomo is stored on our own servers. Transfer of data to third parties does not occur. We use the data to anaylise the browsing behaviour of our users and gather information about the use of particular components of our website. This enables us to continuously improve the usability of our website. Our legitimate interests according to Art. 6 (1) f GDPR are based on these purposes. By anonymising the IP address we provide for our users' interest in the protection of their personal data. At no time the data is used to identifiy the users of our website personally or merged with other data. The data is deleted as soon as it is no longer required for our purposes.
As an additional service we offer our newsletter. We use the Germany-based provider CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede ("CleverReach") for the distribution of our newsletter.
The data collected during registration is transfered to and stored by CleverReach within the framework of an agreement for comissioned data processing. CleverReach uses PlusServer GmbH for sending e-mails and Amazon Web Services, Inc. for storing and processing order data as sub-processors. Data entered during registration is not transfered to other third parties. After registration CleverReach sends you an e-mail for confirmation. In addition CleverReach offers various possibilities for analysis about how the sent newsletters are opened and used, e.g. how many users the e-mail was sent to, whether e-mails were rejected or users have unsubscribed from the list. However, these analyses are strictly group-based and are not used for individual evaluation. Furthermore CleverReach uses the analytics tool Google Analytics by Google, Inc. and possibly embeds it in newsletters.
You may find further information about privacy protection on CleverReach's site: https://www.cleverreach.com/en/privacy-policy/
You may withdraw your consent to the storage of your data and their use for the newsletter at any time. You may send your revocation via e-mail to newsletter(at)primusline(dot)com or rather via clicking the link contained in every newsletter at any time .
Use of YouTube in the advanced data protection mode
We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and the service providers who work for us are committed to the valid data protection laws.
Whenever we collect and process personal data, this is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our data privacy statements are constantly being revised. Please ensure that you have the latest version.
12. Changes to this data privacy statement
We reserve the right to change our data privacy statements if this should be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this data privacy statement, we shall announce this on our website.