Name and contact details of the controller pursuant to Article 4(7) GDPR
ONYX GmbH
Baaderstrasse 41
80469 München, Deutschland
info@onyx-europe.com
www.onyx-europe.de
Security and Protection of your Personal Data
Keeping your personal data confidential and protecting them from unauthorised access is of the utmost importance to us. We are therefore applying both due diligence and technological standards at the highest level to guarantee maximum protection of your personal data.
As a company under German private law we are subject to the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act. As such, we have implemented technical and organisational measures to ensure compliance with all applicable data protection provisions by us and our third-party service providers.
Definitions
Applicable legislation provides for a lawful and fair processing of personal data to make it transparent for every data subject ("lawfulness, fairness and transparency"). In order to comply with this principle, we have listed the legal definitions of terms that you will find in the present privacy statement:
- Personal Data
"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. - Processing
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. - Restriction of Processing
"Restriction of processing" means the marking of stored personal data with the aim of limiting their processing in the future. - Profiling
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. - Pseudonymisation
"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. - Filing System
"Filing system" means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis. - Controller
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. - Processor
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. - Recipient
"Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing. - Third Party
"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data. - Consent
"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Information about the collection of personal data
- Below we have compiled information on the collection of personal data during your use of our website. Personal data inter alia include name, address, e mail address and user behaviour.
- Upon contacting us by e mail any data you submit to us (e.g. e mail address and, if applicable, name and phone number) will be stored in order to respond to your request and answer your questions. Any so-submitted data will be erased when no longer required or their processing will be restricted if law requires them to be further maintained.
Collection of Personal Data Upon Visiting our Website
During any visit to our website for strictly informational purposes, i.e. without you registering or otherwise submitting information to us, we exclusively collect those data that are transmitted to our server by your browser. However, if you wish to view our website, we will collect the following data as they are technically required to display our website correctly and to ensure its stability and security (legal basis pursuant to Article 6(1), first sentence, point (f) GDPR):
- IP address
- Data and time of access
- Greenwich Mean Time Zone (GMT)
- Content of the request (specific webpage)
- Access status/HTTP status code
- Amount of transferred data
- Originating website of the request
- Browser
- Operating system and interface
- Language and version of browser software.
Cookies
In addition to the data collection referred to above, cookies will be stored on your device as you use our website. Cookies are small text files that will be associated with your browser and stored on your hard drive to submit certain information back to the sender. However, cookies cannot run programmes or load viruses to your computer. Cookies have been designed to increase user friendliness and effectiveness of website services. You may change your browser settings according to your preferences, e.g. you can disable acceptance of third-party and other cookies. Third-party cookies are cookies sent by a third party who is not the operator of the website you are visiting. However, please be advised that by disabling cookies you may not be able to make full use of all website functions.
Flash cookies will not be stored by your browser but your flash plug-in. Moreover, we will store HTML5 storage objects on your device. These objects will store data independently from your browser and do not expire automatically. To disable these flash cookies, please install the corresponding add-on for your browser, such as the "Privacy Badger" plug-in for Mozilla Firefox (https://addons.mozilla.org/en/firefox/addon/privacy-badger17) or the "Adobe Flash Killer" cookie for Google Chrome. You may disable the use of HTML5 storage objects by enabling private browsing. Furthermore, we recommend to delete your cookie and browser history in regular intervals.
Rights of Data Subjects
- Withdrawal of Consent
Where your consent is required by law for the processing of your personal data, you shall be entitled to withdraw your consent at any time. However, the lawfulness of any processing activity prior to your withdrawal shall remain unaffected.
Please contact us directly if you wish to withdraw your consent. - Right of Information
You shall be entitled to request information on whether or not we are processing your personal data. Please contact us directly if you wish to enquire whether or not we are processing your personal data. - Right of Access
Where your personal data is processed, you shall have the right to access your personal data and the following information at any time:- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
- Right to Rectification
You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. - Right to Erasure ("Right to be Forgotten")
You shall have the right to obtain from us the erasure of personal data without undue delay and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
The right to erasure ("right to be forgotten") shall not apply to the extent that processing is necessary:- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph (1) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
- Right to Restriction of Processing
You shall have the right to obtain from us restriction of processing where one of the following applies:- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
- the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
- Right to Data Portability
You shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and you further have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:- the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
- the processing is carried out by automated means.
- Right to Object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for the purposes of direct marketing, you have the right to object to such processing, including profiling to the extent that it is related to such direct marketing. Where you object to the processing of your personal data for direct marketing purposes, your personal data shall not be processed for these particular purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, you, on grounds relating to your particular situation, shall have the right to object to processing of your personal data, unless the processing is necessary for the performance of a task carried out for reasons of public interest. Please contact us directly if you choose to exercise your right to object. - Automated Individual Decision-Making, Including Profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning yourself or similarly significantly affects you. However, this shall not apply if the decision:- is necessary for entering into, or performance of, a contract between the data subject and a data controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
- is based on the data subject's explicit consent.
- Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes this Regulation. - Right to an Effective Judicial Remedy
Without prejudice to any available administrative or non judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR, you shall have the right to an effective judicial remedy where you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data in non-compliance with this Regulation.
Use of Google Analytics
- Our website uses Google Analytics, a web analysing service of Google Inc. ("Google"). Google Analytics uses so-called "cookies". Cookies are text files that will be stored on your computer to allow for analysing your use of our website. The information collected by such cookies will be sent for storage to one of Google's servers in the United States of America. However, if IP anonymisation is enabled, Google will shorten your IP address within the European Union's Member States or in other countries that are parties to the European Economic Area Agreement before transmitting it. Your full IP address will be transmitted and shortened on a Google server in the United States in exceptional cases only. Google will use such information on our behalf to analyse your use of our website, to compile reports on website activities and to provide further online services to the operator of this website.
- Google will not associate your IP address with any other data held by Google.
- You may disable cookies in your browser settings, however, please be advised that you may not be able to make full use of all website functions. Further more, you can prevent Google from collecting and processing any data transmitted by their cookie (including your IP address) by downloading and installing the following plug-in for your browser: https://tools.google.com/dlpage/gaoptout?hl=en.
- This website uses the Google Analytics feature "_anonymizeIp()" to anonymise and shorten IP addresses so they cannot be used to identify specific individuals, i.e. your personal data will be erased instantly and therefore cannot be used to identify you.
- We are using Google Analytics to analyse and continuously improve the user friendliness of our website. These statistics will help us to improve our services and to adapt them to your preferences. Where Google transmits personal data to the United States of America, it shall be subject to the EU U.S. Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. The applicable legal basis for our use of Google Analytics shall be Article 6(1), first sentence, point (f) GDPR.
- Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001.
Terms of use: https://www.google.com/analytics/terms/us.html
data security and privacy: https://support.google.com/analytics/answer/6004245?hl=en
privacy statement: https://policies.google.com/privacy?hl=en&gl=en - Furthermore, this website uses Google Analytics to analyse series of visits by assigning user IDs across multiple devices. Under your account you may disable this analysis by going to "my data" and then "personal data".
Use of Google Maps
- This website uses Google Maps to provide you with an interactive map which you can directly and easily use on our website.
- Upon your visit, Google will receive the information that you have accessed the corresponding page of our website. Furthermore, the information pursuant to Section 3 of this statement will be transmitted. The transmission of this information does not require you to have a Google account or to be logged in. However, if you are logged in, the information will be associated with your account. If you do not wish this information to be associated with your account, please log out before activating the respective button. Google will create a user profile based on your personal data for the purposes of marketing, market research and customising their website in order to show personalised advertisement (also for users who are not logged in to their accounts) and inform other users about your activities on our website. However, you have the right to object to the creation of a user profile. Please contact Google directly to exercise your rights.
- For further information on purpose and scope of each social media provider's collection and processing of personal data please refer to their respective privacy statements and policies listed below where you will also find more information on your rights and available privacy settings: https://policies.google.com/privacy?hl=en&gl=en. Google processes your personal data inter alia within the territory of the United States of America and is subject to the EU US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.