Data Protection Declaration(GDPR) 2018
We appreciate your visit to www.firstclimate.com and your interest in our offers for information, products and services within the world of climate protection.
This policy explains how we gather, save and handle your data, and your options regarding personal data.
The party responsible for the collection, processing and use of your personal data, in accordance with Article 4 Nr. 7 GDPR is
First Climate AG
61118 Bad Vilbel
Telefon: + 49 (0) 6101 55658-0
Telefax: + 49 (0) 6101 55658-77
Registered at Amtsgericht Frankfurt am Main
Registration number: HR B 80273
Tax-ID Number (§ 27a UStG): DE 236577232
Represented by: Olaf Bachert
2. Data Security
First Climate greatly values the protection of your personal data. Therefore, to ensure the confidentiality of your data, we collect, use and store data solely on the basis of existing laws and in accordance with the data protection principles mentioned here.
Our website uses the encryption protocol TLS (Transport Layer Security). This encrypts any personal data that you provide over our website. Please note, however, that data transmission over the internet (e.g. when communicating via email) may have security vulnerabilities. A complete protection of data from access by third parties is not possible.
To protect your data, we maintain technical and organizational security measures in accordance with Article 32 GDPR, which we always adapt to state of the art technology.
We do not guarantee that our website is permanently available; disturbances, interruptions or failures cannot always be avoided. The servers we use are regularly and carefully backed up.
3. What Data We Use and Why
We use your personal data only as far as it is necessary for operating and optimizing our website, and for providing the services offered.
When you visit our website, the following data may be gathered:
3.1 General Access Data
When you visit our site, data about your usage and interaction with us is automatically transmitted and technical information about the computer or device that you are using is also registered. This data includes the following:
- Name and URL of the data retrieved
- Time and date of the retrieval
- Volume of data transmitted
- Report on successful recall (HTTP response code)
- Type and version of browser
- Operating system
- Referring URL (i.e. the site you used to reach us)
- Websites that are accessed by the user’s system via our website
- Your internet service provider
- Your IP and the requesting provider
We use this protocol data, without any association with yourself and without creating a user profile of any kind, to make statistical evaluations of the operation, security and optimization of our online services, but also to anonymously record the number of visitors to our site as well as how and to what extent our website is used. Based on this information, we can analyze data traffic, find and amend errors, and improve our website.
This is our legitimate interest and is in accordance with Article 6 paragraph 1 p. 1 of the GDPR.
3.2 Contact Data (communication)
When you get in contact with us (e.g. via contact form or email), we save your details to process the request as well as for the event in which follow-up questions arise.
This is also our legitimate interest which is in line with Article 6 paragraph 1 sentence 1 of the GDPR.
We will only use any further saved personal data with your consent, or if we are permitted by law to do so without special consent.
3.3 Contact Data (News and Newsletters)
It is important to us that you enjoy reading our news and our newsletters. That is why we strive to only include topics that might be relevant to you.
When subscribing to the free First Climate Newsletter, the sign up process will require certain information. The subscription to the newsletter is logged. After subscribing, you will receive a message to the email address that you provided, in which you are asked to confirm your subscription (“double opt-in”). This is necessary so that third parties cannot register with their email address. You are able to withdraw and unsubscribe from the newsletter at any time. We keep your subscription for as long as it is required for sending out the newsletter.
We save the logged registrations and recipient addresses as long as an interest in the proof of original consent exists; as a rule, these are the statutes of limitation for a civil claim, which is a maximum of three years.
Sending a newsletter upon your consent is in accordance with the legal basis of Article 6 (1) sentence 1, in conjunction with Article 7 of the GDPR in conjunction with § 7 (2) No. 3 UWG.
Independent from the newsletter, we are able to also infrequently send selected news, invites to potentially interesting events, etc. for informative purposes.
You are able to withdraw your subscription to the newsletter, and thus also the aforementioned information, at any time. To do this, you can find an unsubscribe link on our website, in every newsletter and every informative email.
4. Disclosure of Data to Third Parties, No Data Transfer to Non-EU Countries
We fundamentally only use your personal data within our company.
If and insofar as we engage third parties for contracted services, only the data required for the corresponding service is transmitted, so that services can be completed.
Should it be the case that we outsource specific aspects of data processing (order processing), the data processor is contractually obliged to use personal data in accordance with the requirements of the general data protection regulation, and to guarantee the protection of rights of the parties involved.
We rely on external hosting services to provide the following services:infrastructure and platform services, computing capacity, memory and database services, security services and technical maintenance services, which are used for the operation of the website. We thus process the following data respectively: our hosting provider’s inventory data, contact data, content data, contract data, usage data, and the metadata and communication data of customers and visitors of the site. We do this, because it is necessary for our legitimate interests in providing an efficient and secure website, following Article 6, paragraph 1, sentence 1 of the GDPR, in conjunction with Article 28 of the GDPR.
The data is not transmitted to agencies or persons outside the EU, nor do we plan to do so in the future.
4.1 Embedded content from other websites
Posts on this site may contain embedded content (eg videos, pictures, posts, etc.). Embedded content from other websites behave just as if the visitor had visited the other website.
5. Storage Time of Information
Unless specifically stated, the time period for which we keep personal data depends on the purpose for which we collected it. In all cases, we keep it for as long as necessary to fulfill the purposes for which it was collected.
In some cases, legislative authorities stipulate the storage of personal data, for purposes such as tax and accounting. In these cases, the data is only retained by us for the statutory purposes, but will not be otherwise processed and, after the legal retention period expires, will be deleted.
To optimize our online services, we use what are known as ‘session cookies’. A session cookie is a small text file, which is sent by the respective servers when visiting a website and is stored temporarily on your hard drive. Such files contain a so-called session-ID, with which various enquiries from your browser can be assigned to the shared session. Through this, your computer can be identified, when if you return to our website. This enables us to provide our services in a more user-friendly, effective and secure manner. These cookies are automatically deleted once you close your browser.
Persistent cookies save the following data and information:
- Login Information
- Language settings
- Entered search terms
- Information on the number of visits to our website and the use of individual features of our website.
When a cookie is activated, it will be assigned an identification number. Your personal data will not be assigned to it. Your name, IP address, or similar data that would associate a cookie with you, will not be included in the cookie. Based on the cookie technology, we merely receive psydonymized information, such as what pages of our site were visited, what products were viewed, etc.
You can adjust your browser settings so that you are notified about the usage of cookies and can decide on a case-by-case basis whether you allow the cookies for specific cases or in general, or whether they are disabled entirely. This can, however, limit the functionality and services offered on our website.
7. Google Analytics
We use Google Analytics, which is a website analysis service provided by Google Inc. Google has submitted to the Privacy Shield Agreement between the European Union and the United States, and is certified. Through this, Google obliges to comply with the standards and requirements of the European data protection act. For more information, please click on the following link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
This complies with the lawful interest of Article 6, paragraph 1, sentence 1 of the GDPR.
The information about the usage of this website by the site visitors is produced via these cookies and is, transmitted to a Google server in the USA, where it is then stored.
We have activated IP anonymization for this website. As a result, those in member states of the EU or other contracting states of the agreement within the European Economic Area will have their IP address shortened by Google beforehand.
Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity, and to provide us with other services related to website activity and internet usage. The IP addresses provided from your browser as part of Google Analytics will not be merged with other Google data. You can prevent the saving of cookies through the corresponding settings of your browser software; please note, however, that should you do this, you may not be able to use all the features of this website to the fullest extent possible. You can also prevent cookies from transmitting the data generated from your use of the website (inc. your IP address) to Google as well as preventing Google from processing this data by clicking the link below and installing the following plugin:http://tools.google.com/dlpage/gaoptout?hl=de.
8. Your Rights as a Person Affected by Data Processing
As someone affected by data processing, you are entitled to various rights in accordance with the GDPR and other legal authorities, which you can hold against us.
If you wish to claim one of these rights, just send a message to:
Fax: (+49 6101 55658 7950)
In the following, you will find an overview of your rights.
8.1 Right of Access by the Data Subject (Article 15 GDPR)
You always have the right at any time to obtain from the controller confirmation as to whether or not personal data concerning yourself is being processed. Should this be the case, you have the right to gratuitously ask us for information about this stored data along with a copy of it. This includes for what purposes the data was collected, where it came from, if the data did not come directly from you, and, if applicable, to which recipients the personal data has either been disclosed or is yet to be disclosed.
8.2 Right to Rectification (Article 16 GDPR)
You have the right to demand immediate correction of incorrect data which concerns you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
8.3 Right to Erasure (Article 17 GDPR)
According to Article 17 (1) GDPR, you have the right to demand that personal data concerning you to be immediately deleted, and we are obligated to delete your personal data immediately, should one of the following reasons apply:
- The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
- The data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Article 9 (2), and where there is no other legal ground for processing
- The data subject objects to the processing pursuant to Article 21 (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2)
- The personal data has been unlawfully processed.
- The personal data has to be erased for compliance with legal obligation in Union or Member State Law to which the controller is subject
- The personal data has been collected in relation to the offer of information society services referred to in Article 8 (1)
If we have published personal data we are obligated, according to Article 17 (1) GDPR to delete them, taking responsible steps based on the available technology and cost of implementation. This includes technical measures and informing controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
8.4 Right to Restriction of Processing (Article 18 GDPR)
You have the right to demand the restriction of processing, should any of the following conditions apply:
- The accuracy of the personal data is contested by the subject, for a period enabling the controller to verify the accuracy of the personal data
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
- The data subject has objected to processing pursuant to Article 21 (1) pending the verification whether the legitimate grounds of the controller override those of the data subject
8.5 Right to Data Portability (Article 20 GDPR)
You have the right to receive the personal information that you provide to us in a structured, common and machine-readable format, and you have the right to submit that information to another controller, provided that
- The processing is based on consent pursuant to point (a) of Article 6 (1), or point (a) of Article 9 (2) or on a contract pursuant to point (b) of Article 6 (1)
- The processing is carried out by automated means
In exercising your right to data portability in accordance with paragraph 1, you have the right to obtain the personal data transmitted directly from one controller to another, where technically feasible.
8.6 Right to Object (Article 21 GDPR)
You have the right, at any time for reasons arising from your particular situation, to object to the processing of personal data concerning you pursuant to Article 6 (1) sentence 1 (e) or (f) GDPR.
We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
If personal data is processed by us in order to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is associated with such direct mail.
8.7 Right to lodge a Complaint to a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you is unlawful.
The Hesse Data Protection Commissioner
Street address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden
Post Box 31 63, 65021 Wiesbaden
Telephon: 0611 14080
Fax: 0611 1408 – 900