Effective date: September 2019
We are delighted that you are interested in our website http://www.taconova.com/ (hereinafter the “Website”) and in our products and services. In accordance with the applicable data protection provisions, we will hereby inform you about which personal data we or the service providers engaged by us collect in the context of
- your visit to our Website,
- the use of the contact form,
- newsletter mailouts,
- job advertisements,
and for what purposes and upon what legal bases we will use this data.
1. Name and contact details of the data controller and the data protection officer
(1) Joint controllers for data protection purposes within the meaning of Article 4(7) GDPR are
Taconova Group AG
8050 Zurich, Switzerland
Tel. +41 (0)44 735 55 55
Tel. +49 7731 98 28 80
(hereinafter also referred as “we” or “us” for short). For further details please refer to the site notice at: https://www.taconova.com/en/site-notice/..
(2) Taconova GmbH is the EU representative as per Article 27 GDPR of Taconova Group AG, Neunbrunnenstrasse 40, 8050 Zurich, Switzerland.
(3) You may contact the data protection officer of Taconova GmbH by post at the above address by adding “For the attention of the data protection officer” or by email to datenschutzbeauftragter[at]taconova.com.
2. Types of processed data, categories of data subjects
2.1 Types of processed data
- Inventory data (e.g. customer data such as names and addresses)
- Contact details (e.g. email, telephone numbers)
- Content data (e.g. text entries, images, videos)
- User data (e.g. websites visited, interest in content, access times)
- Metadata/communication data (e.g. device information, IP addresses)
- Tracking data
2.2 Categories of data subjects
- Visitors and users of the Website
- Customers, interested parties, suppliers and specialist trade partners
- Service providers, in particular payment service providers and logistics partners
(Hereinafter, the data subjects are also jointly referred to as “Users”.)
3. Purpose of the processing
We use your personal data
- to provide the Website and the online offering, its functions and content
- to create and manage your personal customer account
- to respond to any contact enquiries and communications with Users
- to assert, enforce, exercise or defend against any legal claim(s) and legal disputes, and to
detect, investigate and prevent any criminal offences
- to implement security measures
- to measure audience reach
- for purposes of direct marketing, e.g. in the form of an email newsletter or postal advertising
4. Provision of the Website and log files
(1) If you use the Website purely for purpose of obtaining information, i.e. if you do not register or transmit information to us in any other way, we will only collect personal data that your browser
automatically transmits to our server. If you want to look at our Website, we will collect the following data, which is technically required in order to display our Website to you and ensure that it is stable and secure (the legal basis is Article 6(1)(f) GDPR):
- IP address
- date and time of the request
- time zone difference compared to Greenwich Mean Time (GMT)
- requested content (specific page)
- access status/http status code
- data volume transmitted in each case
- website from which the request originated
- operating system and its interface
- language and version of the browser software
- communications protocol
(2) The IP address of Users will be deleted or anonymised after use. Data is rendered anonymous by modifying the IP addresses so that the individual details concerning personal or material circumstances can no longer be attributed to an identified or identifiable individual or that they can only be so attributed using a disproportionately large amount of time, expense and labour.
(1) When you use our Website, cookies will be stored on your computer in addition to the aforementioned log file data. Cookies are small text files that are stored on your hard drive and matched to the browser used by you and through which the entity that has placed the cookie (in this case us) receives certain information. Cookies are not able to run any programs or transfer viruses onto your computer. They are aimed at making the overall internet offering more user friendly and more
a) This Website uses the following types of cookies, whose scope and functionality are explained in the following:
- session cookies (see b below)
- permanent cookies (see c below).
b) Session cookies store what is known as a session ID which can be used to match different
requests made by your browser to the same session. Session cookies are automatically deleted
after 1 hour if you log off or close the browser. If you restart your browser or return to the Website, the Website will not recognise you. You need to log in again (if a login is required) or you need to reset any templates and preferences if the Website offers such functions. A new session cookie will then be generated, which will store your information and remain active until you leave the site and close your browser.
c) Permanent cookies are automatically deleted after a defined period of time, which may differ depending on the cookie. You may delete cookies at any time in the security settings of your browser.
media functionality and to analyse access to our Website. In addition, we pass on information about your use of our Website to our partners to be used in social media, and for purposes of
advertising and analysis. Our partners may combine this information with other data that you have provided to them or that they have collected in the context of your use of the services. By continuing to use our Website you are deemed to have consented to our cookies.
Duration of storage
Technically required cookies allow you to use our Website by enabling basic functions such as website navigation and access to secure parts of the Website. In the absence of such cookies our Website cannot be properly accessed.
Session cookies – are deleted once the browser is closed.
When using our Website, cookies are used (e.g. to recognise the browser) to improve performance (e.g. to load content faster). When you visit our Website, the country and language selection detected or made by you will be stored in cookies in order to save you the trouble of having to make these selections again on any subsequent visits. Checks are made in advance to see whether your browser supports cookies, and this information will be stored in another cookie. After that you will be shown contact information that has been localised in terms of country and language, which will also be stored. The legal basis for this is Article 6(1)(f) GDPR.
Session cookies – are deleted once the browser is closed.
Analysis cookies (statistics)
We use third party analysis cookies in order to establish how visitors use our Website. This helps us to improve the quality and content of our Website. The aggregated statistical information comprises data such as the total number of visitors. We obtain information, for instance, on how often and in what order the individual pages were accessed and how much time visitors spent on our pages on average. We also learn whether Users have already visited our Website in the past. The legal basis for this is Article 6(1)(f) GDPR. For further details, please refer to clause 12 (Web analysis services).
Permanent cookies – remain but will be automatically deleted after 26 months if the Website was not visited again, unless shorter storage times apply in certain cases.
We use advertising cookies in order to assess the efficiency of our advertising measures and to identify scope for improvement. The legal basis for this is Article 6(1)(f) GDPR.
Permanent cookies – remain but will be automatically deleted after 26 months at the latest if the Website was not visited again, unless shorter storage times apply in certain cases.
(5) Controlling cookies
You can set your browser so that you will be notified about the placing of any cookies and in order to allow cookies only in particular cases, to exclude the acceptance of cookies in certain cases or generally, and to activate the automatic deletion of cookies when the browser is closed. The deactivation of cookies may restrict the functionality of this Website.
6. Contact form, email contact
(1) Our Website contains a contact form that you can use to get in touch with us electronically in an easy and convenient way. If a User uses this contact form, the data entered on the contact form will be transferred to us and stored. The data in question, in particular data pertaining to the person, address details, contact details and messages (free text field) can be seen directly on the
respective contact form. When the form is sent, the following additional data will be stored:
- the User’s IP address
- date and time the form is sent
process the request.
(3) The legal basis for the processing of the data transferred in the context of using the contact form or sending an email is Article 6(1)(f) GDPR. If email contact is made with a view to entering into a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.
(4) We only process personal data from the contact form in order to deal with the contact request. If contact is made by email, this also constitutes the required legitimate interest in the processing of the data. The other personal data processed when the contact form is sent is used to prevent a misuse of the contact form and to safeguard the security of our IT systems.
(5) The data will be deleted as soon as it is no longer required for the purposes for which it was collected. With regard to the personal data from the contact form and the data transmitted by email, this is the case if the respective communication with the User has ended. A conversation is deemed to have ended if circumstances suggest that the matter at hand has been conclusively resolved. The additional personal data collected when the contact form is sent will be deleted no later than after seven days.
(6) We can also be contacted via the email addresses provided on the Website. In this case, the User’s personal data as transmitted in the email will be stored. The data will only be used to process the request. The legal basis for the processing of the data transferred in the context of sending an email is Article 6(1)(f) GDPR. If email contact is made with a view to entering into a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.
(7) The data will be deleted as soon as it is no longer required for the purposes for which it was collected. With regard to the personal data from the contact form and the data transmitted by email, this is the case if the respective communication with the User has ended. A conversation is deemed to have ended if circumstances suggest that the matter at hand has been conclusively resolved.
7.1 Newsletter subscription
(1) You may consent to a subscription to our email newsletter (hereinafter referred to as the “Newsletter”), which we use to inform you about our products, services and promotions
(2) We use a double-opt-in procedure for subscriptions to our Newsletter. That means that, following your registration, we will send you an email to the email address you have provided, in which we ask you to confirm that you wish to subscribe to the Newsletter. If you do not confirm your registration within 14 days, your information will automatically be deleted. In addition, we store your IP addresses used at the time of registration and confirmation, and the time of registration and confirmation. The purpose of the procedure is to have a record of your registration and, where required, be able to investigate a possible misuse of your personal data.
(3) The only mandatory detail required for the mailing of the Newsletter is your email address. The provision of any other details is voluntary and will be used to address you in person. Once you have confirmed your subscription, we will store your email address for purpose of mailing you the Newsletter.
(4) The legal basis for the aforementioned processing operations in the context of the Newsletter subscription is your consent pursuant to Article 6(1)(a) GDPR.
7.2. Newsletter mailout following product purchase
(1) If you have purchased products or services, we will send you our Newsletter even if you have not previously registered to subscribe to the Newsletter; we will use the email address you provided when you made the purchase. This relates to Newsletters promoting similar products to those that you purchased.
(2) We will store this email address in our Newsletter address database for this purpose. In order to establish that the Newsletter mailout is legitimate, we also store the IP address used when making the purchase and the time of the purchase.
(3) The legal basis for the aforementioned processing operations in the context of the Newsletter mailout following a purchase is Article 6(1)(f) GDPR. Our legitimate interest in the data processing is the direct promotion of our products to our customers as well as their interest in offers and promotions.
(4) You may object to the mailout of the Newsletter at any time. You can submit your objection by clicking on the link provided in every Newsletter email, or by sending a message to one of the
7.3. Newsletter tracking
(2) The legal basis for the tracking as described above is Article 6(1)(f) GDPR. Our legitimate interest in the data processing in the context of tracking is our desire to better tailor our Newsletter to the interests of our customers.
(4) Tracking is also not possible if you have disabled the display of images as standard in your email program. In this case you will not see all of the Newsletter and you may not be able to use all the functionalities of the Newsletter. If you manually choose to have images displayed, the aforementioned tracking will take place.
8. Job advertisements
(1) We use our Website to advertise jobs. We collect, process and use your personal data in order to process your online application. The legal basis is Article 6(1)(b) GDPR in conjunction with section 26 Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). Your online application data will be transferred directly to the executive board. We have taken suitable technical and organisational measures to ensure that your personal data is treated confidentially in accordance with statutory provisions.
(2) Please note that data transfer by email is not encrypted and that the data may come to the attention of unauthorised persons or may be falsified. You are welcome to send us your documents by post. If you have applied for a specific position and this position happens to have already been filled or if we consider you to also be suited, or to be even better suited, to another position, we would like to forward your application within our company. The legal basis for this is Article 6(1)(f) GDPR for purpose of protecting your and our legitimate interests. Please let us know if you are not happy for us to proceed in this way. Once the application process has ended and no later than after 6 months, your personal data will be automatically deleted unless you expressly consent to storage for a longer period.
9. Duration of storage
We process and store your personal data for as long as this is necessary to meet our contractual and statutory obligations. We will delete your personal data as soon as it is no longer required for the purposes set out above. There may be occasions where personal data is stored for a period of time during which claims may be asserted against our companies (statutory limitation periods of between three and thirty years). Moreover, we will store your personal data if we are required to do so by statute. Provisions of commercial law, tax law and social security law may contain such accountability and retention obligations.
10. Automated decision making
We do not use any fully automatic decision making processes pursuant to Article 22 GDPR in order to establish and process the business relationship.
In order to be able to inform and advise you about our products and services in a targeted way, we may use service providers who act on our behalf, and potentially web analysis tools, in particular tracking technology. These allow us to communicate and advertise in a needs-based manner. In this regard, please refer to clause 12 Web analysis services and advertising .
B. B. Data processing by third parties
12. Web analysis services
(2) You can prevent cookies being stored by adjusting your browser software accordingly; however, please note that in this case you may not be able to make use of the full scope of functions available on this Website. In addition, you can prevent the data generated by the cookie relating to your use of the Website (including your IP address) being sent to Google and the processing of this data by Google, by downloading and installing the browser plugin made available by Google: https://tools.google.com/dlpage/gaoptout?hl=en-GB
(3) This Website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP address are truncated before they are processed further; this means that they cannot be linked to a particular individual. If the data collected about you may be linked to you, this is thus immediately ruled out and the personal data is therefore immediately deleted.
(5) This Website uses the online advertising program “Google AdWords” and, as part of that, conversion tracking. This involves Google AdWords placing a cookie on your computer if you have accessed our Website via a Google advert. These cookies become invalid after 30 days and are not used for personal identification. If the User visits certain pages of our Website and the cookie has not yet expired, we and Google are able to see that the User has clicked on the advert and was redirected to this page. Each AdWords customer receives a different cookie. It is therefore not possible to track cookies via the websites of AdWords customers.
(6) The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who opted for conversion tracking. The customers know the total number of Users who clicked on their advert and were redirected to a page with a conversion tracking tag. They will not, however, receive any information that can be used to identify Users personally.
13.1 Google Maps
(1) The Website uses Google Maps to display interactive maps and prepare travel directions. Google Maps is a map services provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about the use of this Website including your IP address and the (starting) address entered into the route planner may be transferred to Google in the USA. If you access one of our web pages that contains Google Maps, your browser establishes a direct connection with the servers of Google. Google will send the content of the map directly to your browser and will be integrated from there into the Website. We therefore cannot influence the scope of the data collected by Google in this way. According to our current information this includes at least the following data:
- data and time of the visit to the respective Website,
- internet address or URL of the Website accessed,
- IP address, (starting) address entered into the route
(2) We have no influence over the further processing and use of the data by Google and we therefore cannot be held responsible for this.
(4) For details regarding the purpose and scope of the collection of data and its further processing and use by Google as well as your rights and settings options to protect your privacy, please refer to: http://www.google.de/policies/privacy/
13.2. Google Fonts
(1) This Website uses web fonts provided by Google to ensure a uniform display of fonts. When accessing a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
14. Links to other websites
(2) We check any links to external websites before putting them in place. We are not able, however, to ensure that their operators comply with data protection provisions. When we become aware of breaches or violations of the law, we will remove such links.
C. Rights of the data subjects
15. Your rights
a) Rights under Article 15 et seq. GDPR
The data subject has the right to request confirmation from the controller as to whether or not personal data concerning him or her is being processed. If this is the case, the data subject has a right of access to this personal data and to the information listed in detail in Article 15 GDPR. Provided certain statutory conditions are met, you have a right to rectification pursuant to Article 16 GDPR, the right to restriction of processing pursuant to Article 18 GDPR and the right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR. Moreover, you have the right to receive the personal data provided by you in a structured, commonly used and machine-readable format (right to data portability) pursuant to Article 20 GDPR if the processing is carried out by automated means and is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) GDPR.
b) Withdrawal of consent pursuant to Article 7(3) GDPR
Where processing is based on consent, you may withdraw your consent to the processing of personal data at any time by notifying us. Please note that such withdrawal is only effective for the future and not retrospectively. Any processing that has taken place prior to the withdrawal is not affected by this.
c) Right to lodge a complaint
You have the opportunity to lodge a complaint with us or with a supervisory authority (Article 77 GDPR). The supervisory authority responsible for the EU representative in the German state of Baden-Wuerttemberg is: the Landesbeauftragter für den Datenschutz und die Informationsfreiheit, PO Box 10 29 32, 70025 Stuttgart, Germany, tel.: +49 711/615541-0, fax: +49 711/615541-15, email: firstname.lastname@example.org.
d) Right to object pursuant to Article 21 GDPR
In addition to the aforementioned rights, you have a right to object, as follows:
Right to object in a particular situation
You have the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) GDPR (processing of data in the public interest) and Article 6(1)(f) GDPR (data processing based on a weighing up of interests); this also applies to any profiling within the meaning of Article 4(4) GDPR that is based on those provisions. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the data is processed for reasons of asserting, exercising or defending against legal claims.
Right to object to the processing of data for marketing purposes
In some cases we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
D. Final provisions
(1) We have taken technical and organisational security measures pursuant to Articles 24, 32 GDPR in order to protect your personal data against loss, destruction, manipulation and unauthorised
access. All our employees and all third parties involved in the processing of data have been placed under an obligation to comply with the requirements of the GDPR and the confidential treatment of personal data.
(2) SSL or TLS encryption: For reasons of security and in order to protect the transfer of confidential content, for instance any order or requests you send to us in our capacity as the site operator, this Website uses SSL or TLS encryption. You can ascertain whether a connection is encrypted by checking whether the address bar of the browser has changed from “http://” to “https://” and whether there is a padlock icon in the address bar of the browser. If SSL or TLS encryption has been enabled, any data you transmit to us cannot be read by third parties.
17. Changes to our data protection provisions