Privacy Policy / Legal Notice

The privacy policy of Credo Handelsgesellschaft mbH is based on the terminology used in the General Data Protection Regulation (GDPR). Our privacy policy is designed to be easily readable, understandable, and transparent for the public and our customers and business partners. To ensure this, we would like to first explain the terms used below in accordance with Article 4 of the GDPR.

We use the following terms in this privacy policy, among others:

a) Personal Data
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter "data subject"). A natural person is considered identifiable if they can be directly or indirectly identified, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c) Processing
Processing means any operation or series of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of Processing
Restriction of processing is the marking of stored personal data for the purpose of limiting their future processing.

e) Profiling
Profiling is any form of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.

f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure that personal data are not attributed to an identified or identifiable natural person.

g) Controller
The controller is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided by Union or Member State law.

h) Processor
A processor is a natural or legal person, public authority, institution, or other entity that processes personal data on behalf of the controller.

i) Recipient
A recipient is a natural or legal person, public authority, institution, or other entity to whom personal data is disclosed, regardless of whether it is a third party or not. However, public authorities that may receive personal data in the course of a particular investigation mandate under Union law or Member State law are not considered recipients.

j) Third Party
A third party is a natural or legal person, public authority, institution, or other entity other than the data subject, the controller, the processor, and the persons who, under the direct responsibility of the controller or the processor, are authorized to process personal data.

k) Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes expressed in the form of a statement or other clear affirmative action, by which the data subject signifies their agreement to the processing of personal data concerning them.

The controller within the meaning of the General Data Protection Regulation (see Art. 24 EU GDPR), other data protection laws applicable in the European Union (EU), and other regulations with data protection content/applicability is:

Credo Handelsgesellschaft mbH
Rheinische Str. 36
42781 Haan

Phone: +49 (0) 2129 37561 – 0
Email: info@credo-solingen.de
Fax: +49 (0) 2129 37561 – 15
Managing Director: Gabriele Kracht
VAT ID: DE 815 625 517
Court of Registration: Solingen
Commercial Register Number: HRB 14775

The data protection officer of the controller is:

Christoph Bykowski
edv2go GmbH
Henriettenstr. 18
42719 Solingen
Germany

Phone +49 212 380 81 27-0
Email: info@edv2go.de
Website: www.edv2go.de

When we obtain consent from the individual whose data is being processed, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for such processing.

When processing personal data is necessary to fulfill a contract to which the individual is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing activities that are necessary to carry out pre-contractual measures.

When processing personal data is required to comply with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis. In cases where processing is necessary to protect vital interests of the individual or another natural person, Article 6(1)(d) GDPR serves as the legal basis.

When processing is necessary to pursue a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the individual do not outweigh this purpose, Article 6(1)(f) GDPR serves as the legal basis for the processing.

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.

The following can be collected:

(1) the browser types and versions used,
(2) the operating system used by the accessing system,
(3) the website from which an accessing system reaches our website (known as the "referrer"),
(4) the subpages accessed on our website via the accessing system,
(5) the date and time of access to the website,
(6) an Internet Protocol address ("IP address"),
(7) the Internet Service Provider of the accessing system, and
(8) other similar data and information used for threat prevention in the event of attacks on the information technology systems of Credo Handelsgesellschaft mbH.

 

When using these general data or information, Credo Handelsgesellschaft mbH does not draw any conclusions about the affected person. Rather, this information is needed in order to

(1) to deliver the content of our website correctly,
(2) to optimize the content of our website and advertising for it,
(3) to ensure the continuous functionality of Credo Handelsgesellschaft mbH's information technology systems and the technology of our website, and
(4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

This anonymously collected data and information is therefore evaluated by Credo Handelsgesellschaft mbH both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. This data is not stored together with other personal data of the user.

You have the right to object. You can send us your objection or notify us at any time (for example, by email to info@credo-solingen.de).

The controller responsible for processing, Credo Handelsgesellschaft mbH, deletes or blocks the personal data of the affected person once the purpose of storage no longer applies. Storage may also continue if this is provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted once any storage period prescribed by these regulations expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

According to the EU GDPR, affected persons have the following rights:

a) Right to confirmation and information
Every affected person has the right granted by the European legislature to request confirmation from the controller responsible for processing (i.e., Credo Handelsgesellschaft mbH) as to whether personal data concerning them is being processed. If an affected person wishes to exercise this right to confirmation, they may contact an employee of the controller responsible for processing (i.e., Credo Handelsgesellschaft mbH) at any time. If such processing is taking place, you have the right to obtain the following information free of charge from the controller (and a copy of this information):

– the purposes of processing (i.e., the purposes for which personal data is being processed)
– the categories of personal data being processed
– the recipients or categories of recipients to whom personal data has been or will be disclosed, particularly to recipients in third countries or international organizations
– where possible, the intended period for which personal data will be stored, or, if this is not possible, the criteria used to determine this period
– the existence of a right to request rectification or deletion of personal data concerning you, or a right to restrict processing by the controller, or a right to object to such processing
– the existence of a right to lodge a complaint with a supervisory authority
– if personal data was not collected from you: all available information about the origin of the data
– the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR, and — at least in these cases — meaningful information about the logic involved and the significance and intended effects of such processing for you.

You have the right to request information as to whether personal data concerning you is being transferred to a third country or an international organization. In this connection, you may request to be informed about the appropriate safeguards in accordance with Article 46 of the GDPR relating to the transfer.

b) Right to erasure (right to be forgotten)
Every person affected by the processing of personal data has the right granted by the European legislature to request that the controller (i.e., Credo Handelsgesellschaft mbH) erase personal data concerning them without undue delay, provided that one of the following grounds applies and to the extent that processing is not necessary:

– The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed
– You withdraw your consent on which the processing was based in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing
– The data subject objects to the processing in accordance with Art. 21 para. 1 GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Art. 21 para. 2 GDPR
– The personal data has been processed unlawfully
– The deletion of the personal data is necessary to comply with a legal obligation under EU law or the law of the member states to which the controller is subject
– The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR

If any of the above grounds apply and a data subject wishes to request the deletion of personal data stored by our company, Credo Handelsgesellschaft mbH, they can contact an employee of the controller (= Credo Handelsgesellschaft mbH) at any time. An employee of our company will promptly ensure that the deletion request is fulfilled without delay.

If the personal data has been made public by our company and our company as the controller is obligated to delete the personal data in accordance with Art. 17 (1) GDPR, Credo Handelsgesellschaft mbH will take appropriate measures (including technical measures), taking into account available technology and implementation costs, to inform other controllers responsible for data processing who are processing the published personal data that the affected person has requested the deletion of all links to this personal data or copies/replications of this personal data from these other controllers responsible for data processing, insofar as the processing is not required. The employee of Credo Handelsgesellschaft mbH will take the necessary steps in each individual case.

The right to deletion does not apply insofar as processing is necessary
– for the exercise of the right to freedom of expression and information
– to comply with a legal obligation that requires processing under EU law or the law of the member states to which the controller is subject, or to perform a task in the public interest or in the exercise of official authority vested in the controller
– for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR
– for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) would be likely to render impossible or seriously impair the achievement of the objectives of that processing, or
– for the establishment, exercise or defense of legal claims

c) Right to rectification
You have the right to rectification and/or completion vis-à-vis the controller if the personal data concerning you that is being processed is inaccurate or incomplete. The controller shall make the correction without delay.

d) Right to restrict processing
Under the following conditions, you may request the controller (= Credo Handelsgesellschaft mbH) to restrict the processing of your personal data:

– The accuracy of the personal data is contested by the data subject for a period that enables the controller to verify the accuracy of the personal data
– The processing is unlawful, the data subject objects to the deletion of the personal data and instead requests the restriction of its use
– The controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the establishment, exercise or defense of legal claims
– The data subject has objected to the processing in accordance with Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate grounds of the controller outweigh those of the data subject

If any of the aforementioned conditions are met and a data subject wishes to request the restriction of personal data stored at our company, Credo Handelsgesellschaft mbH, they can contact an employee of the controller at any time. The employee of Credo Handelsgesellschaft mbH will arrange for the restriction of processing. If processing of your personal data has been restricted, these data may – apart from storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction of processing has been restricted according to the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

e) Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

– the processing is based on consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract in accordance with Art. 6 para. 1 lit. b GDPR and
– the processing is carried out by automated means

The freedoms and rights of other persons must not be impaired by this.

The right to data portability does not apply to processing of personal data that is necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller. To exercise the right to data portability, the data subject may contact an employee of our company, Credo Handelsgesellschaft mbH, at any time.

Every individual affected by the processing of personal data has the right to object at any time to the processing of personal data concerning them that is carried out on the basis of Article 6(1)(e) or (f) of the EU GDPR, for reasons arising from their particular situation; this also applies to profiling based on these provisions.

In the event of an objection, Credo Handelsgesellschaft mbH will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the affected person, or the processing serves to assert, exercise or defend legal claims.

If Credo Handelsgesellschaft mbH processes personal data for direct marketing purposes, the affected person has the right to object at any time to the processing of personal data for the purpose of such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the affected person objects to our company, Credo Handelsgesellschaft mbH, to the processing for the purposes of direct marketing, we will no longer process the personal data for these purposes.

Furthermore, the affected person has the right, for reasons arising from their particular situation, to object to the processing of personal data concerning them that is carried out by our company (= Credo Handelsgesellschaft mbH) for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, unless such processing is necessary to fulfill a task carried out in the public interest.

To exercise the right to object, the affected person can contact any employee of Credo Handelsgesellschaft mbH directly. You have the option to exercise your right to object in connection with the use of information society services – notwithstanding Directive 2002/58/EC – by means of automated procedures using technical specifications.

g) Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the controller,
(2) is permissible under Union or Member State law to which the controller is subject, and that law includes appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
(3) is made with your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and appropriate measures have been implemented to protect your rights and freedoms as well as your legitimate interests.

With regard to the cases mentioned in (1) and (3), the controller (= Credo Handelsgesellschaft mbH) takes appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, which include at least the right to obtain intervention by a person on the part of the controller, the right to state your own position and the right to contest the decision.

h) Right to withdraw data protection consent
Every individual affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to the withdrawal. If you wish to exercise your right to withdraw consent, you may contact an employee of the controller responsible for processing (= Credo Handelsgesellschaft mbH) at any time.

Our website uses so-called social plugins ("Plugins") from the social network Facebook. Facebook is a social network. A social network is a social meeting place operated on the Internet – an online community that typically allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for exchanging opinions and experiences or enables the Internet community to share personal or business-related information. Facebook allows users of the social network to create private profiles, upload photos, and network through friend requests, among other features.

Facebook is operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The data controller responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, if the affected person lives outside the USA or Canada.

When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Facebook's servers. The plugin content is transmitted directly by Facebook to your browser and embedded in the page. Through this embedding, Facebook receives information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged into Facebook. This information (including your IP address) is transmitted directly by your browser to a Facebook server in the USA and stored there. If you are logged into Facebook, Facebook can directly associate your visit to our website with your Facebook profile. If you interact with the plugins, for example by clicking the "Like" button or posting a comment, this information is likewise transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends. For information regarding the purpose and scope of data collection and Facebook's further processing and use of the data, as well as your rights and privacy settings, please refer to Facebook's privacy policy: http://www.facebook.com/policy.php.

You have the right to object. If you do not wish Facebook to directly associate the data collected via our website with your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plugins using browser add-ons, for example for Mozilla Firefox: addons.mozilla.org/de/firefox/addon/facebook-blocker/; for Opera: addons.opera.com/de/extensions/details/facebook-blocker/; for Chrome: https://chrome.google.com/webstore/detail/facebookblocker/chlhacbfddknadmnmjmkdobipdpjakmc?hl=de.

The controller responsible for processing (= Credo Handelsgesellschaft mbH) has integrated Google Analytics (including anonymization function) into this website. Google Analytics is a web analytics software. Web analytics involves the collection, gathering, and evaluation of data on the browsing behavior of visitors and users of websites. A web analytics service collects data on, for example, which website a user came from before accessing a particular website, which subpages of the website are accessed, and how frequently and for how long subpages are viewed. Web analytics is typically used to optimize a website and to analyze the cost-benefit ratio of online advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The service uses "cookies" – text files that are stored on your end device. The information collected through the cookies is generally sent to a Google server in the USA and stored there.

On this website, IP anonymization is applied. The IP addresses of users are shortened within the member states of the EU and the European Economic Area. Through this shortening, the personal reference of your IP address is eliminated. As part of the data processing agreement that the website operators have concluded with Google Inc., Google uses the collected information to create an evaluation of website usage and website activity and provides services related to internet usage.

The legal basis for the processing of personal data described here is Article 6(1)(f) GDPR. Our legitimate interest required for this processing lies in the significant benefit that the functions described above provide for our offerings. Statistical analysis of user behavior enables us, in particular, to respond to user interests and optimize our offerings accordingly.

 

You have the right to object. You have the option to prevent the storage of cookies on your device by adjusting the appropriate settings in your browser. We cannot guarantee that you will be able to access all functions of this website without restrictions if your browser does not allow cookies. Please refer to section 5 of this privacy policy to avoid repetition.

You can also use a browser plugin to prevent information collected through cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link will take you to the corresponding plugin: tools.google.com/dlpage/gaoptout.
You can find additional information about data use by Google Inc. here: https://support.google.com/analytics/answer/6004245?hl=de.

The controller (Credo Handelsgesellschaft mbH) has integrated Google AdWords into this website. Google AdWords is an internet advertising service that allows advertisers to place ads both in Google's search results and across the Google Display Network. Google AdWords allows an advertiser to set specific keywords in advance, which determines when an ad appears in Google's search results—specifically, only when a user searches for a keyword-relevant query. In the Google Display Network, ads are distributed to topic-relevant websites using an automatic algorithm while respecting the predetermined keywords.

The operating company of Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to promote our website through the display of interest-relevant advertising on third-party websites and in the search engine results of Google's search engine, and to display third-party advertising on our website. If an affected person reaches our website through a Google ad, Google places a so-called conversion cookie on the affected person's information technology system. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and does not serve to identify the affected person. Via the conversion cookie, provided the cookie has not yet expired, it can be traced whether certain sub-pages, such as the shopping cart of an online shop system, were accessed on our website. Through the conversion cookie, both we and Google can trace whether an affected person who reached our website through an AdWords ad generated sales, that is, completed or abandoned a purchase. The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us through AdWords ads, that is, to determine the success or failure of the respective AdWords ad, and to optimize our AdWords ads for the future. Neither our company nor other advertisers of Google AdWords receive information from Google that could be used to identify the affected person. Through the conversion cookie, personal information, such as the websites visited by the affected person, is stored. Each time our websites are visited, personal data, including the IP address of the internet connection used by the affected person, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass this personal data collected through the technical procedure on to third parties.

The legal basis for the processing of personal data described here is Art. 6 (1) (f) GDPR. By being able to evaluate the success of individual offers, we can respond strategically to market behavior and position our offerings optimally for interested users. Additionally, Google has a legitimate interest in the collected personal data in order to improve its own services.

You have the right to object. The affected individual can prevent cookies from being set by our website at any time by adjusting the appropriate settings in their internet browser, thereby permanently objecting to cookie placement. Such a setting in the internet browser would also prevent Google from setting a conversion cookie on the affected individual's device. Additionally, a conversion cookie already set by Google AdWords can be deleted at any time via the internet browser or other software programs. Furthermore, the affected individual has the option to object to interest-based advertising by Google. To do this, the affected individual must access the link www.google.de/settings/ads from each internet browser they use and adjust the desired settings there. Additional information and Google's applicable privacy policies can be found at www.google.de/intl/de/policies/privacy/.

We use external fonts on our website, specifically Google Fonts. Google Fonts is a service provided by Google Inc. ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Web Fonts are integrated via an interface ("API") to Google services. By integrating Web Fonts, Google may collect information (including personal data) and process it. It cannot be ruled out that Google may also transmit the information to a server in a third country.

We do not collect any data ourselves in the context of providing Google Fonts.

By integrating Google Fonts, we pursue the purpose of being able to display uniform font types on your device.

The legal basis for the processing of personal data described here is Art. 6 (1) (f) GDPR. Our legitimate interest in this regard is the significant benefit of having a uniform presentation of font types. By enabling uniform font display, we reduce design effort compared to what would be required if we had to adapt to different font standards across various operating systems and browsers with custom-formatted websites. Additionally, Google has a legitimate interest in the collected personal data in order to improve its own services.

Further information can be found at:

• www.google.com/fonts#AboutPlace:about
• https://developers.google.com/terms/

You have the right to object.

You can submit or communicate your objection to us at any time (for example, by email at info@credo-solingen.de).

Where the processing of personal data is based on Article 6(1)(f) of the EU General Data Protection Regulation, the legitimate interest of Credo Handelsgesellschaft mbH is the operation of our business activities for the benefit of our employees and shareholders.

The criterion for determining how long personal data will be stored is the applicable statutory retention period. Once this period has expired, the corresponding data will be deleted routinely, provided it is no longer required for the performance or initiation of a contract.

We, Credo Handelsgesellschaft mbH, would like to inform you that the provision of personal data is in some cases required by law (for example, tax regulations) or may also arise from contractual requirements (for example, information about the contracting party). In some instances, the conclusion of a contract may require that you provide us with personal data, which we will then need to process. You may, for example, be obliged to provide us with personal data if our company enters into a contract with you. If you fail to provide the personal data, it would not be possible for us to conclude the contract with you. Before providing personal data to us, you should contact one of our employees. Our employee will inform you on a case-by-case basis whether the provision of personal data is required by law or contractually, whether it is necessary for contract conclusion, whether you are obliged to provide the personal data, and what consequences would result from failing to do so.

In the event of data protection violations, the affected person has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection matters is the state data protection commissioner of the federal state in which our company is located. A list of data protection commissioners and their contact information can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

4dd communication GmbH
www.4dd-werbeagentur.de