according to Art. 13 EU General Data Protection Regulation (GDPR) and Art. 32 German Federal Data Protection Act (BDSG) 2018
Data protection is of particular importance for Fromberger GmbH. By this data protection declaration, we would like to clarify your rights concerning personal data. Furthermore, we would like to inform you about the type, scope and purpose of the data collected and processed by us:
First of all, we would like to draw your attention to the most important aspects of data protection at Fromberger GmbH.
In the second part, you will find more detailed explanations on data protection issues if you would like to know more.
- Data protection information (short version)
1.1 Who is responsible for and tasked with data protection?
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
Company: Fromberger GmbH
Managing Director: Heinz Fromberger und Jochen Fromberger
Address: Krabbenkamp9, 47138 Duisburg
Phone: +49 (0) 203 / 456-660
Contact details of the data protection officer within the meaning of the GDPR:
Address: Kelvinstr. 14, 50996 Cologne
Phone: +49 (0) 2236 / 490 90 80
If you have any questions or suggestions regarding data protection, you can contact our data protection officer directly at any time.
1.2 What rights do you have as the data subject?
You have the right to obtain information about what we have stored about you. Should your data stored by us be incorrect, you may request rectification or erasure of these data. In addition, you may request that these data be blocked and thus further processing by us may only be carried out with your consent.
You also have the right to object to the further processing of your data at any time for reasons arising from your particular situation. Furthermore, if you wish, we will make the data you provided available to you for your further use. At your request, we will also send them to a recipient to be designated by you.
Furthermore, you have the right to withdraw your consent to the processing of your personal data at any time. This does not affect the legality of the processing that took place until the withdrawal.
You are also entitled to complain to a supervisory authority. Corresponding addresses can be found on the websites of the Federal Commissioner for Data Protection and Freedom of Information (BFDI): https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/addresses_links-node.html
1.3 For what purpose and on what legal basis will my data be processed?
The personal data collected by us during your visit to our website will be processed and used for the successful execution of orders in the areas of breeding/reproduction, keeping, training, health and trade with jumping and sport horses. Processing or use of the data collected by us and communicated by you takes place exclusively for the fulfilment of the aforementioned purposes either by us, our affiliated companies and companies commissioned by us for data processing (“processors”), provided that these also meet the data protection requirements of the GDPR. (For the processing of data collected on our websites not from us but from third parties, see below: “Who receives my data?”)
In addition, your data will only be collected, processed and used for other purposes (market research, consulting and information/advertising, including newsletters) if you have given us your corresponding consent or if the processing in accordance with Art. 6 para. 1 sentence 1 letters b-f GDPR is required, for example to protect the vital interests of natural persons or in the public interest.
We do not intend to use your personal data for any purpose other than that for which they were collected.
We do not carry out profiling within the meaning of Art. 4 GDPR with your data.
1.4 How is my data collected and who receives it?
A use of the internet pages of the Fromberger GmbH is basically possible without active indication of personal data.
An exception to this are the following elements on our web pages:
We have set cookies on our website in order to increase the convenience and functionality of our website for you. A typical field of application for cookies is the storage of a certain (login) status during web use, so that a user does not have to log in again for each sub-page of a website. In order to be able to distinguish between different users, a unique identifier is usually stored in a text cookie. The identification stored in the cookie has no personal reference per se. It becomes relevant under data protection law as soon as personal data are stored in a cookie or a link is established between the cookie ID and personal data. Depending on function and intended use, a distinction is made between five categories of cookies:
- Essential cookies: This type of cookie is required for navigation on the website and for providing the basic functions of the website.
- Functional cookies: Functional cookies enable the website to store information provided by the user during the visit (login, user name, language and location selection) in order to offer the user a simplified, extended range of functions when he visits the website again.
- Performance Cookies: Performance cookies serve to improve the user experience by increasing user-friendliness. For this reason, performance cookies collect information about how the website is used (e.g.: Information on the operating system, the browser used, the number of visits, the pages called up in this context and the average length of stay).
- Analysis cookies: The cookies serve the operator of the website to understand which preferences and search terms are used to access the main and sub-pages of the website.
- Marketing cookies: Marketing cookies serve the goal of generating added value for the user through relevant content that is tailored to his or her individual interests. This cookie type is also used to measure and control the effectiveness of advertising campaigns. In addition to the frequency of site visits, the marketing cookies also record the duration of use and stay with regard to the content offered. Marketing cookies are also gladly linked to page functionalities of third parties. The information collected in this way may be passed on to third parties, such as the operator of the website.
However, you can prevent the setting of cookies at any time by means of the corresponding settings of your Internet browser and thus permanently object to this. You can use your browser settings to delete individual cookies that have already been saved or the entire cookie inventory. In the following we have compiled links to information and instructions that describe the browser settings to be made in detail and in relation to the provider:
Google Chrome: https://support.google.com/accounts/answer/61416?hl=en
You can also individually manage the cookies of many companies and features used for advertising. Use the corresponding user tools, available at http://optout.aboutads.info/?c=2&lang=EN or http://www.youronlinechoices.com/uk/your-ad-choices.
In addition, a large number of browsers have already implemented a “Do-Not-Track function” with which you can specify that you do not want to be “tracked” by websites. By enabling this feature, your browser tells advertising networks, websites and applications that you do not want to be tracked for behaviour-based advertising and the like. Information and instructions on how to edit this function are available from the links below, depending on the provider of your browser:
The following cookies are used on the website:
qtrans_front_language (functional cookies)
Server log files
Our Internet pages collect a series of general data with each call, above all of a technical nature, which are stored in the log files of the server. Among the data collected are the browsers and versions used, the operating system used, the website or sub-website from which you access our website (so-called referrer), the date and time of your access, your IP address and your Internet service provider. The collection of the data serves the optimised functionality as well as the security of our web offer. The server log files are stored separately from personal data collected specifically for statistical purposes. We do not evaluate the information in order to draw conclusions about your person.
This website uses external fonts: Google Fonts. Google Fonts is a service of Google Inc. (“Google”). Integration of these web fonts is implemented via a server access, typically a Google server in the United States. This transmits information to the server as to which of our website pages you have visited. The IP address of the browser on the visitor’s terminal device is also stored by Google. As Google is certified under the EU-US Privacy Shield, the data is transmitted to the USA on the basis of an adequacy decision in accordance with Art. 45 GDPR.
If you visit the Facebook page of Fromberger Zucht- und Sportpferde GmbH (www.facebook.com/FrombergerGruppe), we will not collect personal information from you, unless you post on our Facebook page, comment on posts on our Facebook page, use the Like feature, write us a Facebook message or use other Facebook services to interactively connect to our Facebook page. In such cases, you will provide us with your username, your profile photo and any other information that is made public on your Facebook profile. We do not store any of this data additionally, unless you make requests to us that require storage for further processing. As soon as this purpose and possible legal retention periods cease to apply, we will delete your data.
If you contact Fromberger GmbH via the contact form in German or English under https://fromberger-gruppe.de/kontakt/ and https://fromberger-gruppe.de/kontakt/ your personal data will be transmitted to us SSL-encrypted and automatically saved for processing or contacting purposes. We will not disclose your information to third parties.
You can send us online applications for job vacancies at Fromberger GmbH or unsolicited applications by e-mail or using the contact form. We place the highest value on demonstrable compliance with the GDPR. For this reason, your applicant data will be deleted after six months, unless you have agreed to your data being processed for a longer period of time. This data will not be passed on to third parties unless required to do so by law or for the purpose of criminal prosecution.
1.5 How long will my data be stored?
The data collected from you will be stored by us for the duration of the business relationship, taking into account existing retention periods.
1.6 Is the collection and storage of my data mandatory or necessary?
We collect and store the data provided by you for the fulfilment of the contract to be concluded and implemented with you. In all other respects, we are obliged to do so in accordance with tax regulations.
- Data protection information (detailed version)
2.1 Data processing
2.1.1 General information on the use of the homepage
A use of the internet pages of the Fromberger GmbH is basically possible without active indication of personal data. If a data subject wishes to make use of special services of our company via our website (e.g. the use of the contact form), the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, the data subject generally must consent to us processing their data.
The processing of personal data, such as the name, address, email address or telephone number of a data subject, always takes place in accordance with legal requirements.
Fromberger GmbH has implemented numerous technical and organisational measures as the controller in order to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
2.1.2 Contact via the website
Due to legal regulations, the website of Fromberger GmbH contains information which enables quick electronic contact to our company as well as direct communication with us. If a data subject contacts the controller by email or via a contact form, any personal data transmitted by the data subject is automatically stored.
Such personal data transmitted on a voluntary basis by a data subject to the controller is stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties. This data will be deleted once the purpose has been achieved, unless legal or official retention periods apply.
2.1.3 Routine deletion and blocking of personal data
We process and store personal data of the data subject only for the period necessary to achieve the processing purpose or insofar as this is provided for in the GDPR or laws or regulations.
If the processing purpose no longer applies or if a statutory retention period expires, the personal data is deleted routinely and in accordance with the statutory provisions.
2.1.4 Legal basis for processing
Art 6 I (a) GDPR serves our company as a legal basis for processing operations through which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Art. 6 I b GDPR. The same applies to such processing that is necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services.
If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 I (c) GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person.
In addition, processing operations could be based on Article 6 I (f) GDPR if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. Efficient, customer-friendly and high-quality service provision is one of the most justified interests.
2.1.5 Data protection for applications and in the application procedure
We collect and process the personal data of applicants for the purpose of facilitating the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends corresponding application documents to the responsible person by electronic means, for example by email or via a web form on the website. If the person responsible for processing concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents shall be deleted after six months at the latest.
2.2 Rights of the data subject
According to the GDPR, data subjects are entitled to the following rights. If you, as a data subject, wish to exercise one or more of these rights, you can contact our data protection officer or another employee of the controller at any time.
2.2.1 Right to withdraw data protection consent
As a person affected by the processing of personal data, you have the right to withdraw your consent to the processing of personal data at any time with effect for the future. An email or other written declaration to us is sufficient for this purpose. You can send your withdrawal to: firstname.lastname@example.org
2.2.2 Right of access
As a data subject affected by the processing of personal data, you have the right at any time to receive free information from the data controller about the personal data stored about you and a copy of the personal data. The right of access concerns the following information:
- the purposes of processing
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of a right to rectification or erasure of the personal data concerning you or of a restriction of the processing by the person responsible or of a right to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling, referred to in Article 22 (I) and (IV) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Furthermore, the data subject has a right of access to information as to whether personal data has been transferred to a third party or to an international organisation. If this is the case, the data subject has, in addition, the right to obtain information about the appropriate guarantees in connection with the transfer.
2.2.3 The right of rectification
As a data subject affected by the processing of personal data, you have the right to request the immediate correction of incorrect personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.
2.2.4 Right to erasure (“Right to be forgotten”)
As a data subject affected by the processing of personal data, you have the right to request that the personal data concerning you be deleted immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:
- The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary (i.e. the data are no longer required).
- The data subject withdraws consent to which the processing is based according to point (a) of Article 6 (I) of the GDPR, or point (a) of Article 9 (II) of the GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21 (I) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (II) of the GDPR.
- The personal data have been unlawfully processed.
- The personal data must be erased for compliance with a legal obligation under European Union or Member State law to which the data controller is subject.
- The personal data have been collected in relation to information society services provided in accordance with Article 8 I of the GDPR.
If the personal data has been made public by Fromberger GmbH and if our company is obliged to delete personal data as the controller pursuant to Art. 17 I GDPR, we take appropriate measures, taking into account the available technology and implementation costs, to notify the controllers who process the personal data published, in particular the deletion of all links to these personal data or of copies or replications of this personal data, as far as the processing is not necessary. The data protection officer of Fromberger GmbH or another employee will arrange what is necessary in individual cases.
2.2.5 The right to restriction of processing
As a data subject affected by the processing of personal data, you have the right to request the restriction of processing if one of the following conditions is met:
- The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information.
- The processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data.
- We no longer need the personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims.
- You have objected to the processing pursuant to Art. 21 I GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh yours.
2.2.6 The right to data portability
As a person affected by the processing of personal data, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to have this data communicated to another controller without hindrance by the controller, provided that the processing is based on the consent provided for in Article 6 I (a) GDPR or Article 9 II (a) GDPR or on a contract pursuant to Article 6 I (b) GDPR and that the processing is carried out by automated means or provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20 I GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
2.2.7 Right to object
As a data subject affected by the processing of personal data, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out in order to safeguard a legitimate interest of the person responsible.
This also applies to profiling based on these provisions, whereby Fromberger GmbH points out it does not carry out any profiling.
Fromberger GmbH does not process the personal data in the event of an objection, unless we can prove compelling legitimate reasons for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims.
If Fromberger GmbH processes personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to any profiling connected with such direct advertising. If you object to Fromberger GmbH processing your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
2.2.8 Automated individual decision-making including profiling
As a data subject, you are entitled not to be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against you or significantly affects you in a similar manner, provided that the decision
- is necessary for entering into, or performance of, a contract between you and a controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- with your express consent.
Fromberger GmbH does not use purely automated decision systems with regard to the processing of personal data that have a legal effect on you or significantly impair you in a similar way.
2.2.9 The right to lodge a complaint with a supervisory authority
As a data subject affected by the processing of personal data, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you consider that the processing of personal data concerning you is contrary to data protection law. Corresponding addresses can be found on the websites of the Federal Commissioner for Data Protection and Freedom of Information (BFDI): https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/addresses_links-node.html
With the development of data protection law, terms have become established that are not always self-explanatory. The explanations in Art. 4 GDPR are quoted in extracts below:
- “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;
- “profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
- “pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
- “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- “recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- “third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data
- “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
- “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;