Voigtländer Kriminaltechnik

Protection of Privacy and Data
We take the protection of your personal data very seriously and treat your personal data confidentially and according to the legal data protection regulations. Personal data will only be collected according to the technically necessary extent. Those data will not be sold to others or passed on to third parties.

The following statement will show you how we protect your data and what kind of data are collected for what reason.

Responsible for the data processing:
Voigtländer GmbH
Alemannenstr. 42a
78176 Blumberg
Telefon: +49 (7702) 47915-0
E-Mail: info@voigtlaendertechnik.de

Represented by:
Managing Director: Dieter Meister
Alemannenstr. 42a
78176 Blumberg

Contact details of the Data Protection Officer:
Voigtländer GmbH
Data Protection Officer
Alemannenstr. 42a
78176 Blumberg
E-Mail: datenschutz@voigtlaendertechnik.de

Recording of Data
We use and store personal data which we obtain by you for the purpose of processing your request. The data is given to us directly by you, for example in the context of enquiries, purchase orders, newsletter subscriptions or via the direct contact with our employees. Moreover, we process – as far as necessary for our services – your personal data, which we obtain from publicly available sources, such as commercial register, register of associations, telephone book, your website, the press and the internet.

Precisely, we process the following data, among other things:

- Master data: Name, address, contact details, where necessary additional billing and delivery address
- Order and delivery data, billing data, payment data (in the context of order transactions)
- Paperwork (for example memos, minutes, notes when visiting customers)
- Data for the initiation and execution of our business relationship
- Correspondence
- Promotional and sales data (for example potentially interesting products for you)

The processing of these data is based on Article 6 (1) lit a and b GDPR, i.e. you provide us with the data, based on the respective contractual relationship between us (for example to keep your customer account, to process a sales contract). We are bound by law (BGB and Article 6 (1) lit c GDPR), to process your E-Mail-Address and send an electronic order confirmation in case of a purchase, using our website / applications.
As far as we do not use your data for advertising purposes (see 3.3), we do file the necessary data for the fulfilment of the contract for the duration of the contract and up to the end of the implied/ express warranty respectively the period of guarantee. Once this period has expired, we store the statutory necessary information of the contractual relationship according to commercial and tax law to comply with statutory retention periods. During this statutory period the data will only be reprocessed if there is an inspection by the fiscal authority.
For the processing of a sales contract via our website / applications, the following data processing is additionally needed:
Your payment data is handed over to the financial institution tasked with the processing of payments. Your delivery address, E-Mail-Address and, if necessary, your telephone number is handed over to the companies entrusted with the shipment of goods, to ensure the delivery according to your wishes.
The shipment company may contact you beforehand to agree upon details on delivery. The data is only handy over for this specific purpose and deleted after delivery is completed.

Data Processing on this Website
We automatically collect and store information in so-called server log files which your browser automatically transmits to us, such as:

- browser type/version
- used operating system
- referrer URL
-host name of the accessing computer
- time of query

Those data cannot be associated with individual persons. We do not merge this data with other sources. After a statistical evaluation the data will be deleted.

The use of our website is generally possible without providing personal data.
Personal data will only be collected if you provide them on a voluntary basis when opening an account and placing an order. We use your personal data, without your explicit permission, only for the processing of you order. When the order is completed, and the purchase price is paid, your personal data will be blocked for further use and after the expiration of fiscal and commercial law regulations deleted, provided you did not explicitly agree to a further use of your data.

Your name and address will only be passed on to the shipping company, which we contracted to make the delivery. Beyond that your personal data will not be passed on to third parties.

Online-Shop
We point out that we, the Voigtländer GmbH and the operator of our online shop Oxid-esales Germany, use – with the help of cookies - your IP address and the stored user data for online orders (name, address, telephone number and E-Mail Address) for the purpose of processing your order.
The data provided by you is necessary to fulfill the contract (lawfulness of processing: Article 6 (1) b GDPR). You have the right to revoke your consent, regarding our use of your online shop data, at any time. Up to your revocation, your user data will be stored and the processing which has taken place up to your revocation is lawful (Article 7 (3) GDPR).
Your name and address, as well as the name of a contact person and in exceptional cases, your telephone number (if the customer wishes so) will be passed on to the shipping company, contracted by Voigtländer GmbH to make the delivery.
We process and use personal data necessary for the fulfilment of a contract, respectively for the duration of the business relationship. We comply with regulations concerning mandatory statutory provisions - in p.icular statutory retention periods, documentation and reporting obligations.

Newsletter
You have the possibility to subscribe to our newsletter offered on this website, where we inform you of current and interesting changes and improvements of our products. We use the so-called double opt-in procedure for the subscription to our newsletter.
After your subscription you will receive a confirmation E-Mail, sent to your E-Mail-Address. In this E-Mail you will be asked to confirm the subscription of the newsletter once again. If the confirmation is not made within a few hours, your information will be blocked and automatically deleted after one month.
Moreover, we store in each case the IP address used for registration and the time of registration and confirmation. The purpose of the storage is to provide proof for your subscription and to prevent a possible data misuse of your personal data. It is recorded, at what time you read our newsletter, and which links you follow. You may revoke your consent to this tracking at any time.
You can unsubscribe from the newsletter at any time. Please send the cancellation of your consent to the following E-Mail-Address: datenschutz@voigtlaendertechnik.de After your cancellation, we delete all data connected with the newsletter mailing. This shall not affect data we have been archiving for other purposes.

Cookies
This website uses at several places so-called cookies. Cookies allow us to make our product more user-friendly, more efficient and more secure. Cookies are small text files, stored by your browser on your computer. Most cookies that we use are so-called "session cookies". They will be deleted automatically after the end of your visit. Cookies do not cause damage to your computer and do not contain viruses. You can adjust your browser to generally exclude cookies.

Processing of data
We process your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). In the following section, we inform you on the statutory source / legal foundation, on which basis we process your data.
Fulfillment of Contractual Commitments Article 6 (1) lit. b GDPR)
The processing of your data is based on Article 6 (1) lit. b GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. The data processing is linked to the concrete business relationship or the concrete assignment by you.
The processing is based on our legitimate interests (Article 6 (1) f GDPR), since we have a legitimate interest in the effective processing of requests addressed to us.
If required, we process your data beyond the actual fulfilment of the contract to protect our legitimate interests as well as the interests on the part of any third parties. This is carried out, among other things, for the following purposes:
- General Business Management
- Testing, improvement and further development of products and services
- Requirement analysis: Use of our products, services and website for the purpose of a direct communication with our customers.
- Advertising, as far as you have not objected to it
- Enforcement of rights and defence in case of legal disputes
- Ensure IT-Security and IT-Operation
- Prevention and detection of criminal action
- Data transfer within our company

Our interest in processing your data is based on the particular purpose and always related to economic reasons (efficient task fulfillment, sales and distribution, avoiding legal risks). If the concrete purpose allows it, we process your data in an anonymized or pseudonymized way.
If you have given your consent to the processing of your personal data for specific purposes, according to Article 6 (1) a GDPR, then this consent is the legal basis for the processing of your data for this specific purpose.

This applies especially to:
- Promotional addressing via E-Mail and/or phone, as well as the development and provision of customised promotional material
- Shipment of samples, products and information
- Registration for programs or offers
- Provision of other services, which we offered to you
- Surveys on our web site
- Transfer of data within our company
- Transfer of data to third parties

You have the right to revoke at any time any consent you have already given us. This is also applicable, if you have given us your consent before the new EU general data protection regulation has taken effect on 25. Mai 2018. The revocation shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

According to Article 6 (1) c GDPR, we are obliged to fulfil different legal obligations, e.g. trade or commercial law regulations. The processing of your data is necessary for the following purposes, among other things:
- Enforcement of our Terms and Conditions
- Administration/Management of our Business
- Fulfilment of Mandatory Statutory Provisions

Data Security / Data Transfer
The access to your account is only possible with the use of your personal username and password. Please handle your login details with care and confidential and close the browser window, when you want to end our conversation, especially when you share your computer with others.
However, we would like to point out that data transmissions via internet (e.g. email communication) cannot be entirely secure and may have security vulnerabilities. A complete protection of personal details against unauthorized access by third parties is not possible.

We process your data within the Voigtländer GmbH to fulfill our contractual and statutory duties, or if our organisation requires the processing (e.g. financial accounting, sales and distribution, logistics). We have put in place appropriate security measures, complying with legal or regulatory obligations, to protect your personal data. Your personal data will not be passed on to third parties (outside of Voigtländer GmbH), unless you have previously given us your express consent or the passing on is based on a legal obligation. For the following third parties a legal obligation may be applicable:
- Public Authorities, Committees, Supervisory Bodies, e.g. Tax Authorities
- Jurisdiction/ Law Enforcement Agencies, like Police, Prosecution, Law Courts
- Lawyers, Notaries, for example in Insolvency Proceedings
- Financial Auditors

Furthermore, we employ different service providers (processor according to Article 28 GDPR) which we obligate according to GDPR specifications by contract and we monitor whose compliance. These are companies in the field of IT services, printing services, telecommunications, collection, consultancy or sale and marketing. Processors may only use personal data in accordance with our instructions and for a specific purpose.
Exceptions to this is the disclosure of personal data to service partners, such as parcel services or forwarding agents, as far as the transfer of personal data is required for order processing or delivery of goods. Logistics service providers receive the personal data which is required for delivery for autonomous use. In this, we only transfer the necessary data which is needed for delivery.

Data Transfer to a Third Country or an International Organisation
We only transfer your personal data in countries out of the European Economic Area (third countries), if
- it is required to carry out your order,
- it is required by law or
- you have provided your approval.
In case we transfer your personal data in a third country or an international organisation, it occurs according to GDPR specifications. In addition, we exclusively transfer personal data, which are limited to the necessary minimum. In that regard, the principle of data minimization is respected.
We partly employ service providers, whose registered office, parent group or sub service provider is located in a third country. A transfer of your personal data to a third country only takes place where the European Commission has decided that the third country has an adequate level of protection (Article 45 GDPR), suitable warranties are provided (e.g. standard contractual clauses that are issued by the European Commission) and enforceable rights and effective remedies are available to you as the affected party.
These include PayPal Holdings, Inc. based in California, USA (privacy statement by PayPal) and Shopify Inc. based in Ontario, Canada (privacy statement by Shopify) as part of our order processing.

Duration of Data Storage
We process your personal data for the duration of the business relation, this includes the initiation and processing, and the storage due to legal retention period where required. In case the personal data is no longer required for contractual or legal obligations, they are deleted. Unless legal obligations of the responsible person are arguments against deletion. This may occur for the following purposes:
- Fulfilment of obligation to preserve records relating to commercial law and tax law according to e. g. German Commercial Code (Handelsgesetzbuch, HGB), Tax Code (Abgabenordnung, AO), Money Laundering Act (Geldwäschegesetz, GwG). The given periods for retention or documentation are two up to ten years.
- Preservation of evidence within the statute of limitations by law. According to §§ 195 ff. of the German Civil Code (Bürgerliches Gesetzbuch, BGB) these statutes of limitations can be up to 30 years, whereby the regular statute of limitation is three years.

Obligation to provide information
Within our business relation you have to provide your personal data, which are necessary to commencing and implementing the respective business relation and to fulfil the associated obligations by contract or we are legally bound for their elicitation. Without these data we usually are not in the position to enter the business relation and to fulfill the obligations required.

Profiling
We process personal data partially automated with the aim to evaluate certain personal aspects (profiling). We use profiling for example in the following cases: - Target-oriented provision of products relevant to you

Your rights
You can request information about your personal data processed by us according to Article 15 GDPR. In case your information is not applicable (anymore), you can request a correction (Article 16 GDPR). If your personal data is incomplete, you can request a completion. If we give your information to third parties, we inform these third parties about your corrections– in case it is required by law.
According to Article 17 GDPR you can request the deletion of your personal data, if
- your personal data is no longer required for the purposes for which they have been obtained
- you revoke your consent and a further legal basis is missing
- you contradict the processing and there are no legitimate reasons for processing your personal data
- your personal data have been unlawfully processed
- your personal data must be deleted to comply legal requirements

Please note that, statutory obligations of the responsible person can cause that your personal data can not or only after the expiry of a period be deleted.
You also have the right to restriction of processing according to Article 18 GDPR, the right to object according to Article 21 GDPR and the right to data portability according to Article 20 GDPR. With regard to the right to information and deletion, the limitations according §§ 34 and 35 Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) apply. Furthermore, there is a right of appeal by the responsible data protection authority (Article 77 GDPR in connection with § 19 Federal Data Protection Act).

Your Rights according to Article 21 GDPR
You have the right due to reasons, that occur out of your specific situation, to object the processing of your personal data according to Article 6(1)(f) GDPR (data processing on the basis of balance of interest) at any time; this also applies for a profiling based on this provision according to Article 4 No. 4 GDPR. In case you object your personal data are no longer processed, unless we can prove compelling legitimate reasons for processing which prevail your interests, rights and freedoms or the processing is necessary for assertion, exercise or defence of legal claims.

Right of Objection against Processing of Data for the Purpose of Direct Advertising
We can also use your personal data within the limits of the statutory provisions for direct advertising. You have the right to object against processing of your personal data for the purpose of direct advertising at any time; this also applies for profiling as long as it is related to direct advertising. If you object the processing for purposes of direct advertising, your personal data is no longer processed for these purposes. The contradiction can take place form-free. You can find our contact information at number 1.

* Should difficulties of interpretation arise, the German text of this information shall be binding.