Data Protection Declaration

 

The protection of your personal data is important to us. We process your personal data strictly in accordance with data protection regulations. These are the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other legal provisions. The following notes give you a simple overview of what happens to your personal data when you visit our website or our social media, contact us or how we process your personal data in the context of the business relationship.

 

1.   Contact data

1.1         Responsible

V-LINE EUROPE GmbH

Borsigring 11

31319 Sehnde

Phone: +49 5138 7008-0

Fax: +49 5138 7008-61

E-mail: v-line@v-line.com

 

1.2         Data protection officer

LGD Datenschutz GmbH

Rogätzer Straße 8

39106 Magdeburg

Phone: +49 391 5568632-5

Telefax: +49 391 5568632-7

E-Mail: datenschutz@lgd-data.de

 

2 General information

2.1 If you contact us

You can contact us with your concerns at any time. You can do this by phone, letter, e-mail or in person. We also provide a contact form for this purpose on our website.

 

Personal data:

  • Name
  • Company
  • Subject
  • E-Mail address
  • Phone number

 

Purpose of processing:

  • Reply to your request

 

Legal basis:

  • 6 para. 1 lit. b GDPR (contract or pre-contractual measures)
  • 6 para. 1 lit. f GDPR (protection of legitimate interests (reply to your request))

 

Data recipients:

  • Internal departments
  • Third parties to whom we send the data at your request

 

Data retention:

  • We archive the data after completion of processing
  • We delete data that is subject to the statutory retention obligation after 6 years

 

Right to object:

  • If the data processing serves the protection of our legitimate interests, you have the right to object to the processing. Please send your objection in writing to the above address or by e-mail to v-line@v-line.com. In case of an objection, however, no processing of your request can take place.

 

2.2 Whistleblower System

Compliance with legal regulations, internal rules and ethical behaviour is our top priority. It is important to us to be the first to learn of possible violations within the company. We have therefore introduced a whistleblower system that our Compliance Manager operates as an internal reporting office.

 

Personal data:

  • Subject
  • Message
  • Name (optional)
  • Phone number (optional)
  • E-mail address (optional)
  • Information about the reported incident or violation
  • Information about persons or parties involved
  • Any relevant documents, evidence or other records

 

Purpose of processing:

  • Plausibility check of reports
  • Clarifying reports
  • Taking follow-up measures

 

Legal basis:

  • 6 para. 1 lit. c GDPR in conjunction with § 10 HinSchG
  • 6 para. 1 lit. a GDPR for the optional declaration of data

 

Data recipients:

  • The reported data may be shared within the organisation with relevant departments or individuals responsible for investigating and taking action.
  • In certain cases, it may be necessary to share the data with external partners or authorities in order to deal with the reported offence appropriately.

 

Data retention:

  • We delete documentation three years after completion of the procedure.
  • Documentation may be retained for longer to fulfil the requirements of this Act or other legislation, as long as this is necessary and proportionate.

 

Right to object:

  • If the data processing is based on your consent, you have the right to withdraw your consent. Please send your withdrawal of consent in writing to the above address or by email to compliance@v-line.com. Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

 

3.   Data processing on our website

When you visit our website, we automatically process the following data:

 

3.1         Server log files

The web host automatically collects and stores information in so-called server log files, which your browser transmits to us. We processed your data as follows:

 

Personal data:

  • browser type and version
  • operating system used
  • referrer URL
  • Host name of the accessing computer
  • Date and time of server request
  • IP address

 

Purpose of processing:

  • Operation of the website
  • Evaluation of malfunctions

 

Legal basis:

  • 6 para. 1 lit. f GDPR (legitimate interest in the correct presentation of our website)

 

Data recipients:

  • Web host

 

Data retention:

  • 7 days

 

Right to object:

  • The collection of data for the provision of the website and the storage of data in server log files are mandatory for the operation of the website. You therefore have no right to object.

 

3.2         Cookies

Our website uses so-called “cookies”. Cookies are small data sets and do not cause any damage to your device. Your device stores the cookie for the duration of a session (session cookies). This is technically necessary.

 

Personal data:

  • Session cookies do not store any reference that serves to identify the website visitor.
  • The server generates a “session ID” that is transmitted to the client. This ID is a randomly generated number that the session cookie stores temporarily. We only use it to assign the website visitor to a specific session.

 

Purpose of processing:

  • Operation of the website
  • Evaluation of malfunctions

 

Legal basis:

  • 6 para. 1 lit. f GDPR (legitimate interest in the correct presentation of our website)

 

Data recipients:

  • None

 

Data retention:

  • Your device automatically removes the session cookie as soon as you leave our website.

 

Right to object:

  • Technical cookies are stored on your device and transmitted from it to our site. Therefore, you have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be removed at any time.

 

3.3         Borlabs Cookie

For the administration of your settings and the documentation of consents, we use the consent tool Borlabs Cookie from the provider Borlabs GmbH, Rübenkamp 32, 22305 Hamburg. We do not process personal data with Borlabs Cookie, i.e., we do not store your IP address in this regard and do not pass it on to the provider. To manage and document your consent behaviour, a cookie “borlabs-cookie” is set. The following information is stored in it:

 

  • Cookie lifetime
  • Cookie version
  • Domain and path of the website
  • Consents
  • UID (randomly generated ID)

 

Purpose of processing:

  • Obtaining, managing, and documenting consent behaviour

 

Legal basis:

  • 6 para. 1 lit. c GDPR

 

Data recipients:

  • Internal departments

 

Data retention:

  • 6 months

 

3.4         YouTube video integration

We have integrated YouTube videos on our website. Provider is YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube belongs to the Google Group, in this case Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in extended data protection mode. This means that YouTube stores no information about visitors before they watch the video. YouTube only processes the following data after your consent:

 

Personal data:

  • IP address
  • Information that your browser automatically transmits (operating system of your device, browser type and version, date, and time of server request).
  • Language settings, login information, location/circumference information

 

Purpose and legal basis of the processing:

  • The data processing is conducted in the interest of an appealing presentation of our website based on your consent pursuant to Art. 6 para. 1 lit. a GDPR.

 

Data recipients:

  • By integrating the video, a connection to Google servers is established after your consent, so that Google receives your personal data. Google also processes your personal data in the USA.
  • In addition, a connection is established to Google’s “DoubleClick” advertising network in the USA.

 

Data retention:

  • The lifetime of the cookies depends on their respective purpose. You can find the purpose and lifetime of the respective cookies in the cookie settings.

 

Right to object:

  • You can change your settings for the use of cookies and other services in the cookie settings at any time.

 

You can find further information on the purpose and scope of data collection and processing by YouTube in Google’s privacy policy. There you can find out about your rights against Google and setting options to protect your privacy: https://policies.google.com/privacy?hl=en-GB&gl=en

 

4.   Social Media

4.1         Facebook and Instagram

Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, (hereinafter referred to as Meta), as the operating company of Facebook and Instagram, is solely responsible for the processing of personal data when visiting our fan page. We would like to point out that you use our fan page and its functions on your own responsibility. This applies to the use of the interactive functions (e.g., commenting, liking, sharing). When visiting our fan page, your data will be processed as follows:

 

Personal data:

  • When you visit our fan page, we do not process any personal data. We do not operate the servers on which the contents of the fan page and the associated communication are stored and processed.
  • If you communicate with us via the fan page, we process your message and can view your username and current profile picture.
  • When you visit our fan page, your IP address is transmitted to Meta. According to information from Meta, this IP address is anonymized. Meta also stores information about the devices of the users (e.g., as part of the “registration notification” function). The data may also be transmitted by Meta to countries outside the European Union. It is conceivable that some of the personal data collected may also be processed outside the European Union by Meta Platforms, Inc. based in the USA. We ourselves do not pass on any personal data.
  • Meta describes which data it processes in detail, for what purposes and on what legal basis, and which contact and configuration options exist, in the legal basis for processing data at https://www.facebook.com/about/privacy/legal_bases. This applies to all Meta products.

 

Purpose and legal basis of the processing:

  • We use the fan page to present content to you so that you can communicate with us or to link you to other interesting online content. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR.

 

Data retention:

  • We delete the messages transmitted in connection with our fan page as soon as the purpose of storage has been fulfilled, you request us to delete them or the purpose for storage no longer applies. Messages that are subject to retention periods under commercial or tax law are stored for 6 years.

 

Processing of page insights:

  • Meta provides us with anonymized page summaries for our fan page (so-called page insights). Page insights are an overview of all key figures within a certain period. This allows us to learn more about our target group, for example, and to find out which content is best received.
  • With Insights, we can only conduct anonymous evaluations based on aggregated data on the use of our fan page. Beyond that, we do not collect any further data from the visit to our fan page. This processing of personal data is conducted by Meta and us as joint controllers.
  • If you are currently logged in to Facebook or Instagram, there is a cookie with your identifier on your device. This enables Meta to track that you have visited our fan page and how you have used it.
  • If you wish to avoid this, you should log out of Facebook or Instagram or deactivate the “stay logged in” function, remove the cookies present on your device, and exit and restart your browser. In this way, information through which you can be directly identified will be deleted. This will allow you to use our fan page without revealing your identifier. When you access interactive features of the page (like, comment, share, messages), a login screen will appear. After any login, you will again be recognizable to Meta as a specific user.

 

Purpose and legal basis of the processing:

  • The processing is conducted in accordance with Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in evaluating visits to our fan page and improving our fan page based on these findings.
  • We have reached an agreement with Meta on processing as joint controllers, which specifies the distribution of data protection obligations between us and Meta. It follows from the joint responsibility agreements with Meta that requests for information and the assertion of further data subject rights, in particular objections, are sensibly asserted directly with Meta. This is because as the provider of the social network, Meta alone has direct access to the necessary information and can also take any necessary measures and provide information directly. Should our support nevertheless be needed, we can be contacted at any time.
  • You can also assert claims against us.
  • For details about the processing of personal data to create Page Insights and the main contents of the agreement concluded between us and Meta, please refer to the information on Page Insights.

 

If you have any further questions regarding the processing of your personal data, please contact Meta’s data protection officer using the form provided or our data protection officer using the contact information above.

 

For more information, see Meta’s data policy.

 

4.2         YouTube

Responsible for our YouTube channel is YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube LLC belongs to the Google group and is represented by Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By visiting our YouTube channel, YouTube or Google process your personal data as follows:

 

Personal data:

  • We do not process any personal data when you visit our YouTube channel. We do not operate the servers on which the content of the channel and the associated communication are stored and processed.
  • If you communicate with us via the YouTube channel, we will receive your message including your username.

 

You can find more information on the processing of your personal data by YouTube or Google here: https://policies.google.com/privacy?hl=en-GB&gl=de

 

4.3         XING

For our XING page, we use the technical platform and services of News Work SE, Dammtorstraße 30, 20354 Hamburg, Germany, as the operator of XING. We would like to point out that you use our XING page and its functions on your own responsibility. This applies to the use of the interactive functions (e.g., commenting, sharing, rating). When you visit our XING page, your personal data is processed as follows:

 

Personal data:

  • We do not process any personal data when you visit our XING page. We do not operate the servers on which the contents of the page and the associated communication are stored and processed.
  • If you communicate with us via XING, we will receive your message including your name and profile picture.
  • When you visit our XING site, XING collects your IP address and other information in the form of cookies on your device. This information is used to provide us, as the operator of the XING pages, with statistical information about the use of the XING page. XING provides more detailed information on this at the following link: https://www.xing.com/terms?sc_o=navigation_footer
  • The data collected about you in this context will be processed by XING and may be transferred to countries outside the EU.
  • If you are logged in to XING, a cookie with your XING ID is placed on your device. This enables XING to track that you have visited this page and how you have used it. This also applies to all other XING pages. If you want to avoid this, you should log out of XING or deactivate the “stay logged in” function, remove the cookies present on your device and close and restart your browser. In this way, XING information by which you can be directly identified will be deleted. This allows you to use our XING site without revealing your XING identifier. When you access interactive features of the site (like, comment, share, messages), a XING login screen will appear. After any login, you will again be recognisable to XING as a specific user.

 

You can find out what information XING receives and how it is used in XING’s privacy policy: https://privacy.xing.com/en/privacy-policy

 

4.4         LinkedIn

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is solely responsible for the processing of personal data when you visit our LinkedIn page. When you visit our LinkedIn page, your personal data is processed by LinkedIn as follows:

 

Personal data:

  • We do not process any personal data when you visit our LinkedIn page. We do not operate the servers on which the contents of the profile and the associated communication are stored and processed.
  • If you communicate with us via LinkedIn, we receive your message including your profile.

 

Processing of Page Insights:

When you visit, follow, or engage with our LinkedIn page, LinkedIn provides us with anonymised statistics and insights for our page that help us gain insight into the types of actions people take on our page (called “Page Insights”). We do not receive any personal data through the Page Insights, nor can we attribute any information received to individual accounts. This processing of personal data is done by LinkedIn and us as joint controllers.

 

Purpose and legal basis of the processing:

  • The processing serves our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to evaluate the visit to our site and to improve our site based on these findings.

 

We have entered into a joint controller agreement with LinkedIn which sets out the allocation of data protection obligations between us and LinkedIn. Details about the processing of personal data for the creation of Page Insights and the main contents of the agreement concluded between us and LinkedIn can be found here: https://legal.linkedin.com/pages-joint-controller-addendum

 

You can find more information about LinkedIn’s processing of your personal data here: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

 

5.   Clients

The execution of our contractual relationship requires the processing of data of our customers and their employees. Due to your obligations to cooperate, it is unavoidable to provide the personal data requested by us, otherwise we will not be able to fulfil our contractual obligations. We process the data as follows:

 

Personal data:

  • Name
  • Company, address
  • Phone and fax number
  • E-mail address
  • Order

 

Purpose of processing:

  • Agreements on services/deliveries
  • Fulfilment of contractual obligations

 

Legal basis:

  • 6 para. 1 lit. b GDPR

 

Source of data:

  • Information by the contact person himself/herself
  • Information by another contact person

 

Data recipients:

  • Internal departments
  • If applicable, service providers who support us in the execution of the contract

 

Data retention:

  • After order fulfilment, we archive the data
  • We delete the data in the archive after 10 years

 

6.   Business partners, service providers and suppliers

Many business partners, service providers and suppliers nominate one of their employees as our contact person. There is no obligation to send this data. The processing is also not necessary for the service or delivery. However, the effort for agreements is disproportionately high without a defined contact person and there is a risk of misunderstandings. Therefore, there is a legitimate interest in this processing. We process the contact details of the contact persons as follows:

 

Personal data:

  • Name
  • Company, address
  • Phone and fax number
  • E-mail address
  • Order

 

Purpose of processing:

  • Agreements on services/deliveries

 

Legal basis:

  • 6 para. 1 lit. f GDPR

 

Source of data:

  • Information by the contact person himself/herself
  • Information by another contact person

 

Data recipients:

  • Internal departments
  • Subsidiaries, if applicable

 

Data retention:

  • We archive the data after order fulfilment,
  • We delete the data in the archive after 10 years

 

7.   Children

Persons under the age of 16 should not send any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people, do not collect it and do not pass it on to third parties.

 

8.   Your rights

You have the following rights regarding this processing of your personal data:

 

  • Access to the data stored about you (Art. 15 GDPR)
  • Rectification of incorrect data (Art. 16 GDPR)
  • Erasure, if legally allowed (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Receiving your data in a structured, common, and machine-readable format (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Complaint to a supervisory authority (Art. 77 GDPR)
  • Withdrawal of consent (Art. 7 para. 3 GDPR)