GLYCOM GMBH ONLINE PRIVACY AND SECURITY POLICY
1. Identity of the Data Controller
The website www.holigos.de (the “website”) is provided by:
Koglé Allé 4
Glycom GmbH and Glycom A/S (the “Group”; “we”; “us”; “our”) are joint controllers for the personal data collected on the websites according to the European General Data Protection Regulation (“GDPR”). We have determined responsibilities as joint controllers by an agreement, of which essence you can request by using the contact details in the section "How to contact us" below.
The Group is firmly committed to protecting the privacy of information we may collect from our websites.
This Policy also tells you how you can exercise your rights (including the right to object to some of the data processing we carry out). More information about your rights and how you can exercise them is set out in the section “Your Rights as a data subject” below.
2. What data do we collect and how we use it?
The Group processes personal data about individuals that come in contact with the Group by different means of communication, e.g. by visiting our website, buying our products or services, sending a request by e-mail, register to our newsletter for being informed about our newest services and products, contacting the Group by phone or personally at events or otherwise are in contact with a representative of the Group.
2.2 Processing of personal data when visiting our websites and using its functionalities
When you visit our website, we also automatically collect information in so-called server log files, which your browser automatically transmits to us. This is technically necessary when visiting our websites and includes your website usage information such as IP-address, browser types and versions used, the operating system used by your system, the website from which your system reaches our website (so-called referrer), the sub-websites which are accessed via an accessing system on our website, the date and time of access to the website, the internet service provider of your system and other similar data and information used for security purposes in the event of attacks on our information technology systems.
We use the information we collect when you use our website to maintain the security of our website and to identify trends and improve its performance. We also use this data to tailor the website to your interests and to ensure that the content of the website is prepared as effectively as possible for you. Since all this concerns our legitimate interests, we rely on the legal basis of Art. 6 par. 1 lit f GDPR.
2.3 Information about your online transactions
If you use our website to place an order with us or for buying goods or services we offer, we will ask you to supply us with the information we need in order to process your order (such as name, address details, payment information, services and goods you have purchased). We collect this information because it is necessary for the performance of our contract with you, Art. 6 par. 1 lit b GDPR.
2.4 Information you provide us when you sign up for our newsletter or consent to receive other direct marketing communication, enter a competition, prize draw, or promotion, complete a survey or set up an online account or profile
Some communications, services and facilities can only be provided if you supply us with relevant details. For example, if you sign up for our newsletter or consent to receive other direct marketing communication, enter a competition, prize draw or promotion, complete a survey, or register as a site user you will be asked to provide us with your contact details or other details necessary for managing your request. If we ask you to supply us with information that is not strictly necessary in order for us to provide you with the communication, service or facility you are interested in, we will make this clear.
If you do sign up for our newsletter or consent to receive other direct marketing communication, enter a competition, prize draw or promotion, complete a survey, set up an online account or profile we will use the personal data you provide:
- to provide you with newsletters and other promotional information that you request from us;
- to provide you with specific information about our products and services where you request this;
- administer our competition, to communicate competition results where relevant and to deliver prizes;
- to manage your online account;
- to improve our understanding of the needs and interests of our customers and contacts; and
- to notify you about changes to our services;
When we use your personal data for these purposes, we do so for our legitimate interests in managing and administering online accounts and for our legitimate business interests in developing and promoting our goods and services and communicating with you in accordance with your wishes and expectations (Art. 6 par 1 lit f GDPR). You can object to our use of your data for these purposes at any time.
3. How long will we retain your personal data?
We will retain your personal data only for as long as we need it for fulfilling the purposes listed above and for our legitimate interest in accordance with applicable law (such as mandatory retention obligations under applicable laws and the general considerations related to necessary documentation). After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible. In more detail:
The Group will retain log files of your website visits generally for 12 months, unless it is necessary to keep this data for a longer period (e.g. compliance reasons or to protect ourselves from legal claims).
Where you are a customer, the Group will keep your information for the duration of any contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this notice. In other cases, the Group may also retain your personal data for an appropriate period after any relationship with you ends to protect ourselves from legal claims, or to administer its business.
If you have elected to receive marketing emails from us by our newsletter, we will retain information about your marketing preferences as long as you are interested in our products and services.
We retain records from any interactions you have with us or our customer service representatives for as long as needed for the establishment and enforcement of and defence against respective claims.
We keep your information regarding your online transactions as long as required and necessary under the applicable law (e.g. tax and book keeping obligations we are subject to or statutory limitation periods).
4. Who will we share your personal data, where and when?
The Group may disclose personal data about you to certain third-party recipients or service providers (e.g. our website hosting provider, maintenance provider, call centre operation, merchant account provider). Such parties will only process personal data about you on behalf of the Group and in accordance with the instructions given by the Group. Third-party recipients which process your personal data on our behalf are not permitted to process your personal data for their own purposes.
Unless otherwise described in this policy, we will not share your information with any third party unless:
- we have your permission;
- we have your explicit consent;
- we are required to do so by law;
- this is (subject to applicable laws) necessary in connection with the sale of our business or its assets (in which case your details will be disclosed to our advisers and any prospective purchaser’s advisers and will be passed to the new owners).
5. Transfer of your personal data to a third country (outside of EU/EEA)
In certain cases, your personal data may be transferred to outside of EU/EEA. The Group ensures that such transfer will be carried out in accordance with the applicable data protection laws. This entails that any party outside of EU/EEA situated in a country which is not subject to a adequacy decision of the European Commission and that will receive your personal data will ensure an adequate level of protection, for example, by adhering to the EU-US Privacy Shield ((e.g. in case of data transfers to our website hosting provider Shopify in the US) or entering into the EU standard contractual clauses with the relevant entity of the Group (e.g. when we share your data with Glycom Inc.) or our service providers. If you require further information about these safeguards, please contact us by using the details in the section “How to contact us” below.
6. What rights do I have?
With regard to your personal data which we process, you may have various rights under the Articles 15 to 18, 21 GDPR:
You have the right to ask us:
- for access to and a copy of your personal data that we hold on you (Art. 15 GDPR)
- for a copy of the personal information you provided to us and to provide it to you or send to a third party in a commonly used, machine readable format (Art. 20 GDPR)
- to update or correct your personal data in order to make it accurate (Art. 16 GDPR)
- to delete your personal data from our records in certain circumstances Art. 17 GDPR)
- to restrict the processing of your personal data in certain circumstances (Art. 18 GDPR).
And you may also:
- object to us processing your personal data in certain circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing - Art. 21 GDPR)
- withdraw your consent at any time, where we are using your personal data with your consent. This will not affect our use of your personal data prior to the withdrawal of your consent.
However, these rights may be limited according to the GDPR and the German Federal Data Protection Act (“BDSG”), for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep.
If you wish to exercise any of the above-mentioned rights, you are welcome to by contact us by using the contact details in the section "How to contact us" below. Please note that we may need to verify your identity in order to fulfil your request. When addressing us, please always provide your name, address and/or email address as well as information about your request.
If your complaint is not resolved by the Group to your satisfaction, you can choose to file a complaint to the data protection authority in the country you reside, where you work or where you think the alleged breach is located.
7. How to contact us
If you wish to file a complaint regarding the Group's processing of your personal data, please contact us by sending an e-mail to firstname.lastname@example.org
This Policy will be updated on a regular basis and when necessary due to changes in applicable law. This Policy will always include information on the effective date of the most recent version. To the extent, the changes of this Policy are regarded as material and significant, you will be expressly informed hereof.
Effective date of the recent update of this Policy:
26 October 2018