CREMER OLEO GmbH & Co. KG takes the protection of personal data very seriously. The protection of your privacy when using our website is important to us. Therefore we strictly adhere to the rules of the data protection laws of the Federal Republic of Germany (BDSG) and the European Data Protection Regulation (GDPR). Insofar as reference is made in this privacy Statement to the DSGVO, it is clarified that this will only apply from 25 May 2018. Before that, the legal basis is the BDSG.
Contact Details of the Controller and DPO
CREMER OLEO GmbH & Co. KG, Glockengiesserwall 3, 20095 Hamburg, Telefon: +49 40 3 20 11-0, Fax +49 40 3 20 11-4 00, E-Mail: firstname.lastname@example.org.
You can reach our data protection officer at the above-mentioned postal address, with the addition " To the Data Protection Officer " or at the e-mail address: email@example.com. Our DPO will also be happy to hear your questions, suggestions or criticism regarding data protection.
Data Processing for the Provision of Contractual Services
You can contact us via our website and our contact data stored there to request contractual services. You can also use the contact form on our website for this purpose. If you provide us with personal data this way or in another way with this purpose, we process your data for the answer of your requests, for the execution of the order/contract as well as for invoicing. We need your name, your address data and your e-mail address. These data are necessary to enter into a contract with us. Depending on the order/contract, we may require additional data; we will inform you on a case-by-case basis.
In the case of suppliers/service providers, we process the provided personal data to order and claim services and to pay for the services provided. For this we need the name, the address data as well as the account data. Depending on the service / contract, we may require additional data, which we then clarify on a case-by-case basis.
The basis for data processing is Art. 6 para. 1 s.1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Data Processing for Communication with You
In addition to the contract data, we process your communication data (address, telephone number, e-mail address) in order to be able to contact you. Personal data that you provide to us by e-mail or via the contact form on this website will only be processed for correspondence with you or only for the purpose for which you have made the data available to us. To communicate via the contact form on our website, we require at least your full name and e-mail address. If you would like us to call you, we additionally need your telephone number. These data are necessary for us to contact you the way you choose. If your request is for a company, you can additionally and voluntarily enter it’s in the corresponding contact field so that we can better assign your request.
The basis for this data processing is also Art. 6 para. 1 s.1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
Data Processing for Creditworthiness Assessment
In order to prevent payment defaults, we may use your name and address data for a credit check in case purchase on account is to be agreed as method of payment for a contract. We use an external credit agency as processor for this purpose. Your data will be processed within the framework of the creditworthiness assessment on the basis of Art 6 para. 1 s.1 lit. b DSGVO or Art 6 para. 1 s.1 lit. f DSGVO. We have a legitimate interest in protecting ourselves against the occurrence of payment defaults and to obtain creditworthiness information from an external credit agency for this purpose, as we provide considerable services in advance on supply contracts.
Every time our website is accessed, usage data is transmitted through the respective internet browser and stored in log files, the so-called server log files. The data records stored in this way contain the following data: Date and time of access, name of the page accessed, IP address, referrer URL (originating URL from which you accessed the website), the amount of data transferred, as well as product and version information of the browser used and the operating system of your PC. The IP addresses of the users are deleted or made anonymous after the end of use. No evaluation or analysis of the data, except for statistical purposes and then only in anonymous form, take place. No personal "surf profiles" or similar are created or processed.
The basis for data processing is Art. 6 para. 1 s.1 lit. f GDPR, which permits the processing of data for purposes of the legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override. We are interested in ensuring data security on our website and in optimizing our website.
We use so-called cookies. Cookies are small text files that are stored on a visitor's computer and contain data about the respective user in order to give him access to various functions. We only use session cookies. A session cookie is temporarily stored on the computer you are using while navigating through the website. A session cookie is deleted as soon as you close your Internet browser or as soon as your session expires after a certain time. The storage of a cookie ensures that you do not have to repeatedly enter your personal settings and preferences each time you visit our website. This saves you time and makes the use of our website more comfortable for you. The cookie serves only the purpose of improving usability.
The basis for data processing is Art. 6 para. 1 s.1 lit. f GDPR, which permits the processing of data for purposes of the legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override. We are interested in improving the design and usability of our website.
Data Processing for the Fulfillment of Legal Obligations
In addition, we process your data to fulfill legal obligations (e.g. regulatory requirements, commercial and tax storage and proof obligations).
The basis for data processing is Art. 6 para. 1 s.1 lit. c DSGVO, which permits processing for the fulfillment of a legal obligation.
Categories of Recipients of the Personal Data
Your contract and communication data will be forwarded to the responsible office and the responsible employees within our company for answering your inquiries, for communication, for the execution of the order or for the fulfillment of contractual obligations.
If necessary for the purpose of contract processing or for the dispatch and delivery of products or for the provision of our services, data is passed on to partner companies that have been commissioned to support the contract processing. Our partners commit themselves to comply with and observe the data protection regulations. Our partners are not permitted to use the data for any other purpose than the execution of the contract.
The basis for data processing is Art. 6 para. 1 s.1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
The e-mails of all companies and employees of our company group are processed via the servers of Peter Cremer Holding GmbH & Co. KG, through which the e-mail addresses @cremer.de are hosted. We have concluded a company group wide order processing agreement.
Your personal data will only be passed on or otherwise transferred to third parties outside our company group if this is necessary for the purpose of contract processing or invoicing or if you have given your prior consent or if there is a legal basis or obligation for the transfer.
Insofar as we make use of the services of third parties to carry out our services, we process personal data according to the provisions of the GDPR. Service providers who support us in providing our services to you are hosting providers, e-mail service providers, IT service providers, HR service providers, financial service providers, tax service providers, CMS service providers, credit assessment service providers, marketing partners, cloud services and software (SaaS) providers.
Duration of Data Storage
In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. We store your data on the basis of legal proof and storage obligations, which result among other things from the German Commercial Code and the German Tax Code, according to which the storage periods are up to ten full years. In addition, we keep your data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).
Your personal data is transmitted securely by encryption. We use the SSL (Secure Socket Layer) coding system. Furthermore, we protect our website and other systems using technical and organizational measures against unauthorized access, modification, distribution, destruction or loss of your data. Our security measures are constantly revised an improved in accordance with technical developments. However, we would like to point out that e-mail traffic and the internet are insecure media. Compared with, for example, a telephone line, the transfer of data over the internet can be more easily tapped, recorded or even changed by unauthorized third parties. In your interest and to protect your data, we would therefore point out that special categories of personal data, in particular data covered by Art. 9 GDPR, should not be transmitted via ordinary e-mail or our contact form.
Rights of the Data Subject
You have the right to request information about your stored personal data, their origin and recipients and the purpose of data processing and, if necessary, a right to correction, blocking or deletion of this data at any time within the scope of the applicable legal provisions.
You may also have the right to restrict the processing of your data and to have the data you provided received back and also transmitted in a structured, common and machine-readable format.
If you have given us your consent to process personal data for specific purposes, you can revoke your consent at any time with effect for the future.
If we process your data to protect legitimate interests, you may object to such processing for reasons arising from your particular situation.
You also have the right to contact a data protection supervisory authority and lodge a complaint.