We, the aura optik gmbh, are pleased about your visit to our website and your interest in our company. The protection of your personal data is very important to us. Since your data enjoy special protection, they are only collected by us to the technically necessary extent. Below, we would like to explain in accordance with our duty, which information we collect during your visit to our website and how it is used.

Our data protection practice is in accordance with the regulations of the Federal Data Protection Act (BDSG) and the EU General Data Protection Regulation (GDPR).

 

I. name and address of the responsible person

The person responsible in terms of the EU General Data Protection Regulation and other national data protection laws of the EU member states, as well as other data protection regulations is:

responsible person:
Dr. Roland Kilper
managing director

aura optik gmbh
Hans-Knöll-Str. 6
07745 Jena
Germany
telephone: +49 3641 – 5758 0
e-Mail: info(at)aura-optik.de
website: www.aura-optik.de

 

II. general information about data processing

1. extent of processing of personal data

In principle, we process personal data of our users only insofar as this is necessary for the provision of a functional website and its contents and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for factual reasons and the processing of the data is permitted by law.

2. legal basis for the processing of personal data

Insofar as we obtain the consent of the affected persons for processing of personal data, Article 6 (1a) EU General Data Protection Regulation (GDPR) serves as legal basis.

In the processing of personal data necessary for the fulfilment of a contract to which the person concerned is a party, Article 6 (1b) GDPR serves as legal basis. This also applies to processing required to carry out pre-contractual actions.

Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Article 6 (1c) GDPR serves as legal basis.

In the event that vital interests of the person concerned or another natural person require the processing of personal data, Article 6 (1d) GDPR serves as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the person concerned do not prevail over the first named interest, Article 6 (1f) GDPR serves as legal basis for processing.

3. data deletion and storage period

The personal data of the person concerned will be deleted or blocked as soon as the specific purpose is no longer pursued. In addition, a storage may result, if this is required by European or national legislator in EU regulations, laws or other rules to which the person responsible is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion or fulfillment of a contract.

 

III. website provision and log files creation

1. description and extent of processing of personal data

Each time you visit our website, the system that provides the website automatically collects data and information from the computer system of the calling computer.

The following data will be collected:

(1)   logging of user activities
(2)   user IP address

The data is also stored in the log files of our system. Not affected are the IP addresses of the user or other data that allow the assignment of the data to a user. A storage of this data together with other personal data of the user does not take place.

2. legal basis for the processing of personal data

Legal basis for temporary storage of the data is Article 6 (1f) GDPR.

3. purpose of data processing

The temporary storage of the user IP address by our system is necessary for delivering our website to the users computer. Therefor the IP address needs to be stored for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

In these purposes is also our legitimate interest for processing of personal data according Article 6 (1f) GDPR.

4. duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.

In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. opposition and removal possibility

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.

 

IV. use of cookies

1. description and extent of processing of personal data

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

The cookie used by us is technically necessary. This is a session cookie, which is deleted after closing the browser.

2. legal basis for the processing of personal data

The legal basis for the processing of personal data by using cookies is Article 6 (1f) GDPR.

3. purpose of data processing

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website can not be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break.

The user data collected through technically necessary cookies will not be used to create user profiles.

In these purposes is also our legitimate interest for processing of personal data according Article 6 (1f) GDPR.

4. duration of storage, opposition and removal possibility

Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

 

V. E-mail contact

1. description and extent of processing of personal data

On our website, contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.

In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.

2. legal basis for the processing of personal data

Legal basis for processing of the data, which will be transmitted by sending a E-mail, is Article 6 (1f) GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Article 6 (1b) GDPR.

3. purpose of data processing

The processing of personal data from the contact via e-mail serves us only to process the contact. This is also the necessary legitimate interest in the processing of the data.

The processed personal data serve to prevent misuse of contact and to ensure the security of our information technology systems.

4. duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

5. opposition and removal possibility

The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue.

We accept the revocation of the consent and the objection of the storage by post or by e-mail to the address mentioned above.

All personal data stored in the course of contacting will be deleted in this case.

 

VI. rights of the person concerned

If your personal data is processed, you are concerned by GDPR and you have the following rights to the person responsible:

1. right of access

You may ask the person in charge to confirm if personal data concerning you is processed by us.

If such processing exists, you can request information from the person responsible about the following information:

(1)   the purposes for which the personal data is processed;

(2)   the categories of personal data that are processed;

(3)   the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;

(4)   the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;

(5)   the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to opposition to such processing;

(6)   the existence of a right of appeal to a supervisory authority;

(7)   all available information on the source of the data if the personal data is not collected from the data subject;

(8)   the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal data will be transmitted to a third country or an international organization. In this context, you can request the appropriate guarantees in accordance with Article 46 GDPR in context with the transfer.

2. right of rectification

You have a right to rectification and / or completion to the person responsible, if the personal data concerning you is incorrect or incomplete. The responsible person must make the correction without delay.

3. right of restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

(1)   if you contest the accuracy of your personal information for a period of time that enables the person responsible to verify the accuracy of your personal information;

(2)   the processing is unlawful and you refuse to deletion the personal data and instead demand the restriction of the use of personal data;

(3)   the person responsible no longer needs your personal information for the purposes of processing, but it is needed for assertion, exertion or defence of legal claims, or

(4)   if you objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible prevail over your reasons.

If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be notified by the person responsible before the restriction is lifted.

4. right of deletion

a) obligation of deletion

You may demand the person responsible to delete your personal information without delay, and the person responsible will be obligated to erase that information immediately if any of the following reasons is applicable:

(1)   Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

(2)   You revoke your consent, on which the processing referred to Article 6 (1a) or Article 9 (2a) GDPR was based, and there is no other legal basis for processing.

(3)   You appeal against the processing referred to Article 21 (1) GDPR and there are no priority legitimate reasons for the processing, or you appeal against the processing referred to Article 21 (2) GDPR.

(4)   Your personal data has been processed unlawfully.

(5)   The deletion of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.

(6)   The personal data concerning you were collected in relation to services offered by the information society pursuant to Article 8 (1) GDPR.

b) information to third parties

If the person in charge has made the personal data concerning you public and is according Article 17 (1) GDPR obligated to deletion, he shall take appropriate measures considering available technology and implementation costs, including technical means, to inform the responsible person who process the personal data that you as person concerned have been requesting deletion of all links to such personal data or of copies or replications of such personal data.

c) execptions

The right to deletion does not exist insofar as the processing is necessary

(1)   to exercise the right to freedom of expression and informationn;

(2)   to fulfill a legal obligation which requires processing under the law of the Union or of the Member States to which the person responsible is subject, or to perform a task of public interest or in the exercise of public authority delegated to the person responsible;

(3)   for reasons of public interest in the field of public health according Article 9 (2h, i) and Article 9 (3) GDPR;

(4)   for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes according Article 89 (1) GDPR, insofar as the right referred to in subdivison (a) is likely to render impossible or seriously prejudice the achievement of the objectives of that processing, or

(5)   for assertion, exercise or defense of legal claims.

5. right of information

If you have asserted the right of rectification, deletion or restriction of processing against the person responsible, he / she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to the person responsible to be informed about these recipients.

6. right to data portability

You have the right to receive the relevant personal data you provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person responsible without hindrance by the person responsible which you provided the personal data in the first place, insofar

(1)   the processing is based on Article 6 (1a) or Article 9 (2a) GDPR or a contract referring to Article 8 (1b) GDPR and

(2)   the processing is done using automated procedures.

In exercising this right, you also have the right to obtain that your personal data concerning you are transmitted directly from one person responsible to another, insofar as this is technically feasible. Liberty and rights of other persons may not be affected hereby.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the person responsible.

7. right of objection

Sie haben das Recht, aus Gründen, die sich aus ihrer besonderen Situation ergeben, jederzeit gegen die Verarbeitung der Sie betreffenden personenbezogenen Daten, die aufgrund von Art. 6 Abs. 1 lit. e oder f DSGVO erfolgt, Widerspruch einzulegen; dies gilt auch für ein auf diese Bestimmungen gestütztes Profiling.

Der Verantwortliche verarbeitet die Sie betreffenden personenbezogenen Daten nicht mehr, es sei denn, er kann zwingende schutzwürdige Gründe für die Verarbeitung nachweisen, die Ihre Interessen, Rechte und Freiheiten überwiegen, oder die Verarbeitung dient der Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen.

Werden die Sie betreffenden personenbezogenen Daten verarbeitet, um Direktwerbung zu betreiben, haben Sie das Recht, jederzeit Widerspruch gegen die Verarbeitung der Sie betreffenden personenbezogenen Daten zum Zwecke derartiger Werbung einzulegen; dies gilt auch für das Profiling, soweit es mit solcher Direktwerbung in Verbindung steht.

Widersprechen Sie der Verarbeitung für Zwecke der Direktwerbung, so werden die Sie betreffenden personenbezogenen Daten nicht mehr für diese Zwecke verarbeitet.

Sie haben die Möglichkeit, im Zusammenhang mit der Nutzung von Diensten der Informationsgesellschaft – ungeachtet der Richtlinie 2002/58/EG – Ihr Widerspruchsrecht mittels automatisierter Verfahren auszuüben, bei denen technische Spezifikationen verwendet werden.

8. Recht auf Widerruf der datenschutzrechtlichen Einwilligungserklärung

Sie haben das Recht, Ihre datenschutzrechtliche Einwilligungserklärung jederzeit zu widerrufen. Durch den Widerruf der Einwilligung wird die Rechtmäßigkeit der aufgrund der Einwilligung bis zum Widerruf erfolgten Verarbeitung nicht berührt.

9. Automatisierte Entscheidung im Einzelfall einschließlich Profiling

Sie haben das Recht, nicht einer ausschließlich auf einer automatisierten Verarbeitung – einschließlich Profiling – beruhenden Entscheidung unterworfen zu werden, die Ihnen gegenüber rechtliche Wirkung entfaltet oder Sie in ähnlicher Weise erheblich beeinträchtigt. Dies gilt nicht, wenn die Entscheidung

(1)   für den Abschluss oder die Erfüllung eines Vertrags zwischen Ihnen und dem Verantwortlichen erforderlich ist,

(2)   aufgrund von Rechtsvorschriften der Union oder der Mitgliedstaaten, denen der Verantwortliche unterliegt, zulässig ist und diese Rechtsvorschriften angemessene Maßnahmen zur Wahrung Ihrer Rechte und Freiheiten sowie Ihrer berechtigten Interessen enthalten oder

(3)   mit Ihrer ausdrücklichen Einwilligung erfolgt.

Allerdings dürfen diese Entscheidungen nicht auf besonderen Kategorien personenbezogener Daten nach Art. 9 Abs. 1 DSGVO beruhen, sofern nicht Art. 9 Abs. 2 lit. a oder g DSGVO gilt und angemessene Maßnahmen zum Schutz der Rechte und Freiheiten sowie Ihrer berechtigten Interessen getroffen wurden.

Hinsichtlich der in (1) und (3) genannten Fälle trifft der Verantwortliche angemessene Maßnahmen, um die Rechte und Freiheiten sowie Ihre berechtigten Interessen zu wahren, wozu mindestens das Recht auf Erwirkung des Eingreifens einer Person seitens des Verantwortlichen, auf Darlegung des eigenen Standpunkts und auf Anfechtung der Entscheidung gehört.

10. Recht auf Beschwerde bei einer Aufsichtsbehörde

Unbeschadet eines anderweitigen verwaltungsrechtlichen oder gerichtlichen Rechtsbehelfs steht Ihnen das Recht auf Beschwerde bei einer Aufsichtsbehörde, insbesondere in dem Mitgliedstaat ihres Aufenthaltsorts, ihres Arbeitsplatzes oder des Orts des mutmaßlichen Verstoßes, zu, wenn Sie der Ansicht sind, dass die Verarbeitung der Sie betreffenden personenbezogenen Daten gegen die DSGVO verstößt.

Die Aufsichtsbehörde, bei der die Beschwerde eingereicht wurde, unterrichtet den Beschwerdeführer über den Stand und die Ergebnisse der Beschwerde einschließlich der Möglichkeit eines gerichtlichen Rechtsbehelfs nach Art. 78 DSGVO.