Menü

Privacy Policy

Data protection

Thank you for visiting our website and for your interest in our company. In the following you will find our data protection declaration, whereby we have decided to provide an introductory part with an explanation of the data protection-specific terms used for a better understanding. The data protection declaration also serves to provide you with information, the type, scope and purpose of the personal data collected, used and processed, and to clarify your rights.

1. Explanation of the terms used
The following terms defined in the European General Data Protection Regulation (Regulation (EU) 2016/679) are used in the data protection declaration:

a) Personal data
All information relating to an identified or identifiable natural person (hereinafter "data subject"); An identifiable person is a natural person who, directly or indirectly, in particular by assigning an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics, expresses the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.

b) Processing
Processing is any process or series of processes in connection with personal data, such as the collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, with or without the aid of automated processes. The use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

c) Affected person
Every identified or identifiable natural person, whose personal data are processed in the aforementioned sense, is referred to as a data subject.

d) restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

e) Profiling
Profiling is any type of automated processing of personal data, which consists in the fact that this personal data is used to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences To analyze or predict the interests, reliability, behavior, location or change of location of this natural person.

f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.

g) Responsible
The person responsible is the natural or legal person, public authority, agency or other body that alone or together with others decides on the purposes and means of processing personal data; If the purposes and means of this processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his naming can be provided according to union law or the law of the member states.

h) Processor
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible.

i) Recipient
The recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation mandate under Union law or the law of the member states are not considered recipients; the processing of this data by the aforementioned authorities is carried out in accordance with the applicable data protection regulations in accordance with the purposes of the processing.

j) third party
A third party is a natural or legal person, public authority, agency or other body, apart from the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or processor

k) Consent
The data subject's consent is any voluntary expression of will in the form of a declaration or other unequivocal confirmatory act for the specific case, in an informed manner and unequivocally, with which the data subject indicates that they are processing the personal data relating to them agrees.

2. Name and contact details of the person responsible
This data protection information applies to data processing by:
TOSS GmbH & Co. KG
Danziger Str. 15
D-35418 Alten-Buseck
info@toss-gmbh.de
Managing directors:
Gisela Toss, Ramon Toss, Thomas Schön

3. Name and contact details of the company data protection officer
The company data protection officer of TOSS GmbH & Co. KG is:
Mr. Heinz Fiebig
fiebig@albacon-media.de

4. Legal basis for the processing of personal data
Insofar as we obtain the data subject's consent for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis.
When processing personal data, which is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR as the legal basis for processing.

5. Visit the website
(1) When you visit our website http://www.toss-gmbh.de/, the browser used on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
• IP address of the requesting computer,
Date and time of access,
Name and URL of the file accessed,
Website from which access is made (referrer URL), including sub-websites,
• Browser used and, if applicable, the operating system of your computer as well as the name of your access provider
• similar data,
• which serve to avert danger in the event of attacks on our information technology systems.
(2) The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
(3) The data mentioned are processed by us for the following purposes:
• ensuring a smooth connection to the website,
• Ensuring comfortable use of our website, as well as optimizing the content and advertising,
• evaluation of system security and stability,
• for other administrative purposes as well
• To be able to provide law enforcement authorities with the information they need when cyber-attacks are attempted or attempted.
Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.
(4) The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that it is no longer possible to assign the calling client.
(5) The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is consequently no possibility for the user to object.

6. Use of our contact form, the request for quotation form and e-mail contact
(1) If you have any questions, we offer you the opportunity to contact us using the form provided on the website. It is necessary to provide the personal data required in the input mask. When using the contact form, these are: first name, last name, company, e-mail address, telephone. Number, and your address. When using the offer form, these are: first name, last name, email address and telephone number. At the time of registration, the following data is also stored: IP address, date and time of registration. Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted with the email will be saved. In this context, the data is not passed on to third parties. The data will only be used to process the conversation.
(2) The legal basis for the processing of the data is, with the consent of the user, Art. 6 Para. 1 lit. a GDPR. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 Para. 1 lit. f GDPR. If the email contact is aimed at the conclusion of a contract, then an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
(3) The purpose of data collection is to provide us with the knowledge of who sent the request and to be able to answer it. Further information can be provided voluntarily. If you contact us by email, this also includes the necessary legitimate interest in the processing of the data. The personal data processed in addition serves to prevent misuse, to ensure the security of our system and to enable any criminal prosecution.
(4) The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified. The additional personal data collected will be deleted after a period of seven days at the latest.
(5) The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot continue. In this case, all personal data saved in the course of contacting us will be deleted.

7. Registration on our website
(1) You have the option to register on our website. The personal data that we process in the process are those that you enter in the corresponding input screens. These are: username and password. The following data is also stored at the time of registration: IP address, date and time of registration. However, this personal data is processed exclusively by us and for our own purposes. However, there is a possibility that we will pass on the personal data to a client, for example a service provider used. However, this will also only process the data for its own purposes.
(2) The legal basis for the processing of the data is, with the consent of the user, Art. 6 Para. 1 lit. a GDPR. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 Para. 1 lit. f GDPR. If the email contact is aimed at the conclusion of a contract, then an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
(3) As the person responsible, we use the personal data voluntarily provided during registration to offer you, the person concerned, special content and services that can only be offered to registered persons. The purpose of data storage is also to prevent any misuse. For this purpose it is also necessary for us to save this data. With regard to the transfer of data to third parties, the following section. 10 are referred.
(4) The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the registration does not serve to conclude a contract, this applies to the data collected during the registration process if the registration on our website is canceled or changed. If registration is necessary to conclude a contract or to carry out pre-contractual measures, this applies to data that is no longer required for the execution of the contract. Even after the contract has been concluded, there may be a need to store the contractual partner's personal data in order to fulfill contractual or legal obligations. Permanent obligations require the storage of personal data during the contract period. In addition, warranty periods and the storage of data for tax purposes must be observed.
(5) Registered data subjects can at any time delete or change the data specified in the course of the registration. The data subjects also have the right to information about which personal data has been stored or processed at any time. You can contact any of our employees regarding deletion, modification or a request for information. If the data is required to fulfill a contract or to carry out pre-contractual measures, the data can only be deleted prematurely unless there are contractual or legal obligations to prevent deletion.

8. Disclosure of data
Your personal data will not be passed on to third parties for purposes other than those previously mentioned and those listed below.
We only share your personal information with third parties if:
You have given your consent pursuant to Art. 6 Para. a GDPR (legal basis) have given express consent to this the disclosure according to Art. 6 Para. 1 S. 1 lit. f GDPR (legal basis) is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data, in the event that for the transfer according to Art. 6 Para. 1 S. 1 lit. c GDPR (legal basis) there is a legal obligation, as well this is legally permissible and according to Art. 6 para. 1 sentence 1 lit. b GDPR (legal basis) is necessary for the processing of contractual relationships with you.

9. Google Web Fonts
(1) Google Web Fonts are implemented for the uniform display of fonts. When called up, the required fonts are saved in your browser cache. For this purpose, the browser you are using does not have to establish a connection to the Google servers. We have integrated the web font into our local server. In this context, only those already described in para. 6 shown data transmitted. If your browser does not support web fonts, a standard font will be used by your computer. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's data protection declaration: https://www.google.com/policies/privacy/.
Since the IP address is part of the personal data, the processing of which is already described in para. 6 is dealt with, reference may be made at this point with regard to the purpose of data processing, storage, deletion and the right to object to the explanations given there.

10. Cookies
We do not use cookies.

11. Google Maps
(1) We use the "Google Maps" function from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA on our website. Each time the "Google Maps" function is called, Google sets a cookie (see Section 12) to process user settings and data. In order to use Google Maps, it is necessary to process your IP address.
(2) The legal basis for processing Art. 6 Para. 1 lit. f GDPR.
(3) Google Maps is used to make it easier to find the location we have specified on our website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
(4) When the browser is closed, this cookie is usually not deleted, but expires after a certain time, unless you delete it manually beforehand. The data is usually sent to a Google (USA) server and stored. We have no influence on this data transmission.
(5) By using this website, you consent to the use of cookies and the transfer of your IT address to the Google server. If you do not agree to this processing of your data, you can deactivate the "Google Maps" service by deactivating the JavaScript function in your browser. In this case you cannot use the "Google Maps" function or only to a limited extent.
The use of "Google Maps" and the information obtained via "Google Maps" is in accordance with the Google terms of use:
http://www.google.de/intl/de/policies/terms/regional.html


and the additional terms and conditions for "Google Maps":
https://www.google.com/intl/de_de/help/terms_maps.html.

12. Data protection for applications and in the application process
(1) In the course of an application process, we collect and process personal data, including electronically.
(2) The legal basis for processing is Art. 6 para. 1 lit. b or f GDPR.
(3) The purpose is to carry out the application process.
(4) If a contract is concluded with an applicant, the personal data already processed is stored for the purpose of processing the employment relationship. The legal regulations are observed.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, i.e. H. as long as the subscription to your newsletter is active. If, on the other hand, the contract is not concluded with the applicant, the controller will delete the personal data obtained in the course of the advertisement two months after he has announced the cancellation. This is only subject to other legitimate interests that prevent the deletion. Such a legitimate interest is to be assumed if we need the personal data in order to fulfill an obligation to provide evidence in a procedure under the General Equal Treatment Act (AGG).
(5) The user has the option at any time to end the application process and thus the processing of personal data. In this case, all personal data that was saved in the course of the application process will be deleted, unless the user has a specified interest in the storage.

13. Deletion, blocking and storage
We only process and store your personal data for as long as is necessary to pursue our stated purposes or as specified by the GDPR. If the purpose of data processing or a legally prescribed period has expired, your personal data will be blocked or deleted accordingly.

14. Obligation to provide personal data (by law or contract); Necessity for the conclusion of a contract; any consequences of the non-provision
We would like to point out that you are partially obliged to provide us with personal data. Such an obligation may arise, for example, from legal regulations (tax regulations) or from a contractual agreement (information about the contractual partner). If the person concerned does not provide the personal data required for the conclusion of the contract, the contract cannot be concluded. If there is an aforementioned obligation to provide personal data, you can contact our staff who will inform you whether there is an obligation to provide personal data and the consequences of not providing it.

15. Rights of data subjects
You have the right:
• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or opposition, the existence of a Right to lodge a complaint, the origin of your data, unless it was collected by us, and the existence of automated decision-making, including profiling and, if necessary, meaningful information about its details;
• to request the correction of incorrect or incomplete personal data stored by us without delay in accordance with Art. 16 GDPR;
• to request the deletion of your personal data stored by us, in accordance with Art. 17 GDPR, unless the processing for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for asserting, exercising or defending Legal claims is required;
To request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, provided that the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need this to assert, You need to exercise or defend legal claims or you have objected to processing in accordance with Art. 21 GDPR;
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible;
• to revoke your consent given to us at any time in accordance with Art. 7 Para. 3 GDPR. As a result, we are no longer allowed to continue the data processing based on this consent and
• to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters.

16. Right to object
If your personal data is based on legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR (legal basis), you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a particular situation. If you would like to exercise your right of withdrawal or objection, an email to info@toss-gmbh.de is sufficient

17. Data security
We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level, which is supported by your browser. As a rule, this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

18. Profiling and automated decision making
There is neither profiling nor automated decision making in our company.

19. Up-to-dateness and change of this data protection declaration
This data protection declaration is currently valid and was last updated in May 2018.
Due to the further development of our website and offers about it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at http://www.toss-gmbh.de/de/datenschutzerklaerung.html.