PRIVACY POLICY
PRIVACY POLICY

Privacy Policy

The protection of your personal data is important to us. Therefore we would like to inform you as simply and as accurately as possible of contact details and the data subjects’ data.

In the following, we provide you the contact details of our data protection officer as well as information on how to contact us in encrypted form. Then we will define the legal and technical terms used in the following text. Afterwards you will get an overview of the data subject’s rights. Following this, you will find information on the controller. Last we will detail the technologies and services used as well as our handling.

1 Contacting the data protection officer

Should you have any questions or wish to obtain information, please do not hesitate to contact our external data protection officer at any time. The contact details are:

Oliver Offenburger, M.Sc.

E-mail: dataprotection@pajunk.com

eye-i4 GmbH
Abteilung Datenschutz
Mönchweilerstraße 12
78048 Villingen-Schwenningen
Telefon: 07721 69724 00
Fax: 07721 69724 01
Web: https://eye-i4.de

Our preferred form of contact is via e-mail. However, you can also contact our data protection officer by post or by telephone.
If you wish to encrypt your e-mail to our data protection officer, we advise you to read the following section.

Notes on enquiries:

Should you send an enquiry via e-mail within the usual business hours, we will confirm receipt of the message still on the same day. If you do not receive any confirmation, please contact us by telephone.

Should you send an enquiry by post, we will send you the confirmation of receipt still on the day we receive it, at the latest, however, one day after receipt. If you do not receive any confirmation, please contact us by telephone. For any enquiries by telephone, we ask you to use the telephone number of our data protection partner eye-i4 GmbH directly.

1.1 Encryption of e-mails to our data protection officer

Before going into details on legal issues we would first like to define the associated terms:

2 Terms in the legal context

Before going into details on legal issues we would first like to define the associated terms:

2.1 EU-GDPR (also called GDPR)

The term “EU-GDPR” (in the following referred to as “GDPR”) refers to the General Data Protection Regulation. This is a general regulation of the European Union which stipulates how personal data may be processed. For information, the legislative text of the GDPR can be viewed using the following link:

https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679

2.2 Controller

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

2.3 Personal data and data subject

“Personal data” means any information relating to an identified or identifiable natural person hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.4 Processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.5 Restriction of processing

“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

2.6 Processor

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

2.7 Recipient

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

2.8 Third party

“Third party” means a natural or legal person, public authority, agency or other body than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

2.9 Consent

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2.10 Personal data breach

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

2.11 Data concerning health

“Data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.

2.12 Enterprise

“Enterprise” means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.

2.13 Supervisory authority

“Supervisory authority” means an independent public authority which is established by a Member State pursuant to Article 51 GDPR.

2.14 Relevant and reasoned objection

“Relevant and reasoned objection” means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union.

3 Terms in the technical contex

Before going into details on technical issues we would first like to define the associated terms:

3.1 File management

“File management system” means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

3.2 Cookies

Cookies are text files a website stores on your end device by means of your browser. These text files may be intended to realise technical matters like shopping cart mechanisms or to identify your visitor behaviour. For this purpose, the text files can be provided with identification features and additional information.

You have the possibility to inhibit the browser of your end device from saving any cookies. If cookies are deactivated, there may be technical restrictions when using a website.

3.3 Server logs

Server logs are log files which are created by the web server and document the access to a website. A log entry may contain a large amount of information, such as access time, browser type, the visitor’s IP address, etc.

3.4 Referrer

The referrer designates the URL that linked to the controller’s page. Server logs serve to read out the referrer, for instance.

4 Rights of the data subject

The data subject’s rights arise from the GDPR as well as the relevant national legal provisions on data privacy. If you want to assert your rights, please contact our data protection officer using the contact details specified at the beginning. In the following we would like to inform you of your rights arising from the GDPR, particularly from chapter III:

4.1 Right to information

The data subject shall have a right to obtain information on the personal data stored, if the data were collected from the data subject or if the data were not obtained from the data subject. This is regulated by Chapter III Article 13 and 14 GDPR.

4.2 Right of access

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and further information pursuant to Art. 15 GDPR.

4.3 Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4.4 Right to erasure

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the grounds pursuant to Art. 17 GDPR applies.

4.5 Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the prerequisites pursuant to Art. 18 GDPR applies.

4.6 Notification obligation

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

The controller shall inform the data subject about those recipients if the data subject requests it.

4.7 Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

4.8 Right of objection

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

4.9 Right to lodge a complaint with a supervisory authority

Pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority. For this purpose you can approach the supervisory authority of your habitual residence, place of work or the controller’s place of business.

Our competent supervisory authority is:
Landesbeauftragte für den Datenschutz und die Informationsfreiheit, Stuttgart

5 Information on the controller

The controller pursuant to Art. 24 GDPR is:

PAJUNK GmbH
Karl-Hall-Strasse 1
78187 Geisingen


Further information on the controller is provided under Imprint.

6 Web technologies used

6.1 Encryption of the data transmission

We use the SSL (Secure Socket Layer) method to encrypt the transmission and request of data to our website. For this purpose we use a 128-bit key with SHA256 hash.

Besides we employ suitable technical and organisational safety measures to protect your data against any accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our safety measures are continuously improved in accordance with the technological evolution.

6.2 Server logs

If you use our website merely to obtain information, i.e. if you do not register or transfer information to us in any other way, we only collect personal data your browser transmits to our server. If you want to visit our website, we collect the following data, which is technically required for us in order to show you our website and to guarantee stability and security (legal basis is point (f) of Article 6(1) GDPR):
- Anonymised IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Contents of request (precise page)
- Access status / HTTP status code
- Amount of data transferred in each case
- Website from which the request is sent (referrer)
- Browser
- Operating system and its interface
- Language and version of the browser software.

6.3 Cookies

Cookies are stored on your computer when using our website. You can configure your browser settings according to your wishes and reject the acceptance of third-party cookies, for instance, or all cookies. We would like to point out that you might not be able to use all the functions of this website.

This website uses the following types of cookies; their extent and way of functioning are explained in the following:
- Transient cookies
- Persistent cookies

6.3.1 Transient cookies

Transient cookies are automatically deleted when you close the browser. These include particularly the session cookies. They store a so-called session ID by which different requests from your browser can be matched with the joint session. In this way your computer can be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

6.3.2 Persistent cookies

Persistent cookies are automatically deleted after a specified period which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

6.4 Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google in member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link:
http://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension "_anonymizeIp()". This allows IP addresses to be processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you contains a personal reference, this is immediately excluded and the personal data is immediately deleted.

We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f DS-GVO.

Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. user terms and conditions: http://www.google.com/analytics/terms/de.html, privacy overview:
http://www.google.com/intl/de/analytics/learn/privacy.html, and the privacy policy:
http://www.google.de/intl/de/policies/privacy.

You can prevent the use of Google Analytics by activating the opt-out: Click here to opt-out of Google Analytics.

7 Further online presences

In addition to our website, we use other online presences and digital channels such as social media to get in touch with our prospects and customers. We list these below.

7.1 Facebook

We use Facebook (Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) and its functionality for a social media site and groups to present the company and communicate with various interested parties. In the case of Facebook, there is a shared responsibility between Facebook and us. Information about this can be found here:
https://www.facebook.com/legal/terms/page_controller_addendum.

We would like to point out that the rights of affected parties can be asserted directly against Facebook. Only Facebook holds the direct data of the users and can give a full statement about this.

Please note the Facebook privacy policy:https://www.facebook.com/about/privacy/ .

Information on fan pages can be found especially at this link:
https://www.facebook.com/legal/terms/information_about_page_insights_data.

Please use the following link for the opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.

Facebook has submitted to the EU-US Privacy Shield. Please refer to this link for more information:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

7.2 Instagram

We use Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) to present our company and to interact with prospects and customers. The company's privacy policy and opt-out options are available at:
http://instagram.com/about/legal/privacy/.

7.3 Xing

We use Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) to establish contacts and to present the Company.
The privacy policy and the possibility to opt-out can be found at: https://privacy.xing.com/de/datenschutzerklaerung.

7.4 LinkedIn

We use LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) to present our company. The LinkedIn privacy policy can be found at the following link: https://www.linkedin.com/legal/privacy-policy.

7.5 Twitter

We use the Twitter service (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) as a means of communication. Further information on data protection can be found at the following link: https://twitter.com/de/privacy.

The opt-out can be done on this page: https://twitter.com/settings/personalization.

Twitter has submitted to the EU Privacy Shield, please see the following link for further information:
https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO.

8 Newsletter

8.1 Dispatch service Inxmail

To send our newsletter we use the offer of the provider Inxmail (Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg). Information on the provider's data protection can be found at the following link: https://www.inxmail.com/data-conditions

9 YouTube

We have included YouTube videos in our online offerings; the videos are stored at https://www.youtube.com and can be played directly from our website.

When visiting our website, YouTube obtains information to the effect that you have called up the corresponding subpage on our website. Additionally, the data mentioned in § 3 of this declaration will be transmitted. This happens regardless of whether YouTube provides a user account via which you are logged in or whether there is no user account. If you are logged in with Google, your data is directly assigned to your account. If you do not want YouTube to assign this information to your profile, you must log out before activating the button. YouTube saves your data as a usage profile and uses them for the purpose of advertising, market research and/or need-based design of their website. Such an evaluation is done in particular (even for users who are not logged in) to need- provide based advertising and to inform other users of the social network about their activities on our website. You have a right to object to the creation of these user profiles; you have to address yourself to YouTube in order to assert this right.

For further information on the purpose and scope of data collection and data processing by YouTube, please read the privacy policy. There, you will also find further information about your rights and setting options to protect your privacy:
https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU US Privacy Shield,
https://www.privacyshield.gov/EU-US-Framework.

10 Contact form

We use contact forms on our website. The processing of the data is based on the fulfilment of the contract according to art. 6 para. 1 lit. b DSGVO. If your inquiry is not in connection with an assignment on our part, we may also process your data on the basis of a legitimate interest in accordance with Art. 6 para. 1 lit. f DSGVO.

11 Duration of storage

Unless specifically stated, we store personal data for as long as it is necessary to fulfil the purposes pursued. If the legislator prescribes retention periods, the data will continue to be stored by us for verification purposes, but will not be processed in any other way and will be deleted after expiry of the statutory retention period.

12 Transfer to third parties

Your personal data will not be transferred to third parties other than for the following purposes.

We only transfer your data to third parties if:
- you have given your explicit consent pursuant to point (a) of Article 6(1) GDPR,
- transfer is necessary according to point (f) of Article 6(1) GDPR for the establishment, exercise or defence of legal claims provided there is not any reason to believe that you have compelling legitimate grounds not to transfer your data which override these interests,
- in case that transfer is necessary for compliance with a legal obligation according to point (c) of Article 6(1) GDPR and
- it is permitted by law and necessary for the performance of a contract with you according to point (b) of Article 6(1) GDPR.

Other Interesting Topics

Read More
PAJUNK® PRODUCTS
Read More
PAJUNK® STORIES
Read More
PAJUNK® COMPANY