We, the aura optik gmbh, are pleased about your visit to our website and your interest in our company. The protection of your personal data is very important to us. Since your data enjoy special protection, they are only collected by us to the technically necessary extent. Below, we would like to explain in accordance with our duty, which information we collect during your visit to our website and how it is used.

Our data protection practice is in accordance with the regulations of the Federal Data Protection Act (BDSG) and the EU General Data Protection Regulation (GDPR).

 

I. name and address of the responsible person

The person responsible in terms of the EU General Data Protection Regulation and other national data protection laws of the EU member states, as well as other data protection regulations is:

responsible person:
Dr. Roland Kilper
managing director

aura optik gmbh
Hans-Knöll-Str. 6
07745 Jena
Germany
telephone: +49 3641 – 5758 0
e-Mail: info(at)aura-optik.de
website: www.aura-optik.de

 

II. general information about data processing

1. extent of processing of personal data

In principle, we process personal data of our users only insofar as this is necessary for the provision of a functional website and its contents and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for factual reasons and the processing of the data is permitted by law.

2. legal basis for the processing of personal data

Insofar as we obtain the consent of the affected persons for processing of personal data, Article 6 (1a) EU General Data Protection Regulation (GDPR) serves as legal basis.

In the processing of personal data necessary for the fulfilment of a contract to which the person concerned is a party, Article 6 (1b) GDPR serves as legal basis. This also applies to processing required to carry out pre-contractual actions.

Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Article 6 (1c) GDPR serves as legal basis.

In the event that vital interests of the person concerned or another natural person require the processing of personal data, Article 6 (1d) GDPR serves as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the person concerned do not prevail over the first named interest, Article 6 (1f) GDPR serves as legal basis for processing.

3. data deletion and storage period

The personal data of the person concerned will be deleted or blocked as soon as the specific purpose is no longer pursued. In addition, a storage may result, if this is required by European or national legislator in EU regulations, laws or other rules to which the person responsible is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion or fulfillment of a contract.

 

III. website provision and log files creation

1. description and extent of processing of personal data

Each time you visit our website, the system that provides the website automatically collects data and information from the computer system of the calling computer.

The following data will be collected:

(1)   logging of user activities
(2)   user IP address

The data is also stored in the log files of our system. Not affected are the IP addresses of the user or other data that allow the assignment of the data to a user. A storage of this data together with other personal data of the user does not take place.

2. legal basis for the processing of personal data

Legal basis for temporary storage of the data is Article 6 (1f) GDPR.

3. purpose of data processing

The temporary storage of the user IP address by our system is necessary for delivering our website to the users computer. Therefor the IP address needs to be stored for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

In these purposes is also our legitimate interest for processing of personal data according Article 6 (1f) GDPR.

4. duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.

In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. opposition and removal possibility

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.

 

IV. use of cookies

1. description and extent of processing of personal data

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

The cookie used by us is technically necessary. This is a session cookie, which is deleted after closing the browser.

2. legal basis for the processing of personal data

The legal basis for the processing of personal data by using cookies is Article 6 (1f) GDPR.

3. purpose of data processing

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website can not be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break.

The user data collected through technically necessary cookies will not be used to create user profiles.

In these purposes is also our legitimate interest for processing of personal data according Article 6 (1f) GDPR.

4. duration of storage, opposition and removal possibility

Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

 

V. E-mail contact

1. description and extent of processing of personal data

On our website, contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.

In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.

2. legal basis for the processing of personal data

Legal basis for processing of the data, which will be transmitted by sending a E-mail, is Article 6 (1f) GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Article 6 (1b) GDPR.

3. purpose of data processing

The processing of personal data from the contact via e-mail serves us only to process the contact. This is also the necessary legitimate interest in the processing of the data.

The processed personal data serve to prevent misuse of contact and to ensure the security of our information technology systems.

4. duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

5. opposition and removal possibility

The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue.

We accept the revocation of the consent and the objection of the storage by post or by e-mail to the address mentioned above.

All personal data stored in the course of contacting will be deleted in this case.

 

VI. rights of the person concerned

If your personal data is processed, you are concerned by GDPR and you have the following rights to the person responsible:

1. right of access

You may ask the person in charge to confirm if personal data concerning you is processed by us.

If such processing exists, you can request information from the person responsible about the following information:

(1)   the purposes for which the personal data is processed;

(2)   the categories of personal data that are processed;

(3)   the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;

(4)   the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;

(5)   the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to opposition to such processing;

(6)   the existence of a right of appeal to a supervisory authority;

(7)   all available information on the source of the data if the personal data is not collected from the data subject;

(8)   the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal data will be transmitted to a third country or an international organization. In this context, you can request the appropriate guarantees in accordance with Article 46 GDPR in context with the transfer.

2. right of rectification

You have a right to rectification and / or completion to the person responsible, if the personal data concerning you is incorrect or incomplete. The responsible person must make the correction without delay.

3. right of restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

(1)   if you contest the accuracy of your personal information for a period of time that enables the person responsible to verify the accuracy of your personal information;

(2)   the processing is unlawful and you refuse to deletion the personal data and instead demand the restriction of the use of personal data;

(3)   the person responsible no longer needs your personal information for the purposes of processing, but it is needed for assertion, exertion or defence of legal claims, or

(4)   if you objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible prevail over your reasons.

If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be notified by the person responsible before the restriction is lifted.

4. right of deletion

a) obligation of deletion

You may demand the person responsible to delete your personal information without delay, and the person responsible will be obligated to erase that information immediately if any of the following reasons is applicable:

(1)   Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

(2)   You revoke your consent, on which the processing referred to Article 6 (1a) or Article 9 (2a) GDPR was based, and there is no other legal basis for processing.

(3)   You appeal against the processing referred to Article 21 (1) GDPR and there are no priority legitimate reasons for the processing, or you appeal against the processing referred to Article 21 (2) GDPR.

(4)   Your personal data has been processed unlawfully.

(5)   The deletion of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.

(6)   The personal data concerning you were collected in relation to services offered by the information society pursuant to Article 8 (1) GDPR.

b) information to third parties

If the person in charge has made the personal data concerning you public and is according Article 17 (1) GDPR obligated to deletion, he shall take appropriate measures considering available technology and implementation costs, including technical means, to inform the responsible person who process the personal data that you as person concerned have been requesting deletion of all links to such personal data or of copies or replications of such personal data.

c) execptions

The right to deletion does not exist insofar as the processing is necessary

(1)   to exercise the right to freedom of expression and informationn;

(2)   to fulfill a legal obligation which requires processing under the law of the Union or of the Member States to which the person responsible is subject, or to perform a task of public interest or in the exercise of public authority delegated to the person responsible;

(3)   for reasons of public interest in the field of public health according Article 9 (2h, i) and Article 9 (3) GDPR;

(4)   for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes according Article 89 (1) GDPR, insofar as the right referred to in subdivison (a) is likely to render impossible or seriously prejudice the achievement of the objectives of that processing, or

(5)   for assertion, exercise or defense of legal claims.

5. right of information

If you have asserted the right of rectification, deletion or restriction of processing against the person responsible, he / she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to the person responsible to be informed about these recipients.

6. right to data portability

You have the right to receive the relevant personal data you provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person responsible without hindrance by the person responsible which you provided the personal data in the first place, insofar

(1)   the processing is based on Article 6 (1a) or Article 9 (2a) GDPR or a contract referring to Article 8 (1b) GDPR and

(2)   the processing is done using automated procedures.

In exercising this right, you also have the right to obtain that your personal data concerning you are transmitted directly from one person responsible to another, insofar as this is technically feasible. Liberty and rights of other persons may not be affected hereby.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the person responsible.

7. right of objection

You have the right at any time, for reasons that arise from your particular situation, to appeal against the processing of your personal data according Article 6 (1e or f) GDPR; this also applies to profiling based on these rules.

The person reponsible will no longer process the personal data concerning you unless he can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of assertion, exercising or defending legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of services of the information society, of exercising your right to object through automated procedures that use technical specifications.

8. right to appeal the data protection consent declaration

You have the right tp appeal your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. automated decision on a case-by-case basis including profiling

You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or severely affect you in a similar manner. This does not apply if the decision

(1)   to conclude or fulfill a contract between you and the person responsible is required,

(2)   is admissible on the basis of Union or Member State legislation to which the person responsible is subject and if such legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or

(3)   is made with your expressed consent.

However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2 a or g) GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to express his / her own position and heard on challenge of the decision.

10. right to complain to a supervisory authority

Irrespective of other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of suspected infringement, if you believe that the processing of the personal data concerning you violates GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.