Data privacy

CONTACT
UEV Umwelt, Entsorgung Verwertung GmbH
Data protection enquiries
Bergrat-Bilfinger-Strasse 1
74177 Bad Friedrichshall

Email: datenschutzsalzwerkede
 

DOWNLOAD
Data protection information Art. 13 GDPR (PDF)
 


 

PRIVACY POLICY
1. Our privacy policy

The protection of your personal data is very important to UEV Umwelt, Entsorgung und Verwertung GmbH. Therefore, we handle your personal information confidentially and in accordance with the applicable data protection regulations.
Use of this website is possible in principle without providing personal data. If you, as a visitor to our website, would like to make use of particular services provided by our company via our website, it may be necessary to process personal data.
Our privacy policy will inform you about the nature, scope and purpose of the personal data collected, used and processed by us. In this privacy policy, we will also indicate what rights a data subject has in connection with their personal data.
We, as the controller, have taken numerous technical and organisation measures to ensure the highest possible level of protection for the personal data processed via this website. Nevertheless, we advise you that web-based data transfers may involve security vulnerabilities and that it is therefore not possible to guarantee absolute protection.

2. Definitions
In our privacy policy, we use terms that are also used in the General Data Protection Regulation (“GDPR”). To make it easier for you to read and understand this statement, we will present the most important terms below.
2.1 Personal data
“Personal data” means any information relating to an identified or identifiable natural person (“the data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.2 Data subject
A “data subject” is any identified or identifiable natural person whose personal data are processed by the controller.
2.3 Processing
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.4 Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
2.5 Profiling
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
2.6 Pseudonymisation
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
2.7 Controller
“‘Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by EU or member state law, the controller or the specific criteria for its nomination may be provided for by EU or member state law.
2.8 Processor
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
2.9 Recipient
“Recipient” means a natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with EU or member state law shall not be regarded as recipients.
2.10 Third party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
2.11 Consent
“Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

3. Name and address of the controller
The controller in terms of GDPR, other data protection laws applicable in the member states of the European Union and other data protection regulations is:
UEV Umwelt, Entsorgung Verwertung GmbH
Bergrat-Bilfinger-Strasse 1 
74177 Bad Friedrichshall 
Germany

4. Contact details for data protection enquiries
Please send data protection enquiries to the following address:
UEV Umwelt, Entsorgung Verwertung GmbH
Datenschutzanfragen
Bergrat-Bilfinger-Strasse 1
74177 Bad Friedrichshall

Alternatively, use the following email address for your enquiries:
Datenschutzsalzwerkede

5. How we protect your data
We take the protection of your data very seriously and implement appropriate technical and organisational measures to protect your data relating to your use of this website from access by unauthorised persons, tampering, destruction and loss. The security measures used are continuously being improved in accordance with technological progress.
Thus, communication via our website is protected by an HTTPS (HyperText Transfer Protocol Secure) protocol. This establishes a secure link between the server and the client which cannot be read by unauthorised persons. This serves to protect the transmission of confidential content, such as enquiries that you send to us as the website operator.
If service providers are involved in the execution of our website’s services and must be trained as processors, we have regulated these order relationships via an order processing contract in terms of Art. 28 GDPR to protect your personal data.

6. Collection of general data and information when our website is used
Every time it is accessed, our website collects a series of general data and information, which are stored in the server’s log files. The data and information collected may include: the browser types and versions used, the operating system used by the user, the website from which an accessing system accesses our website (referrer), the subpages which are accessed on our website via an accessing system, the date and time at which our website was accessed, an Internet Protocol address (IP address), the internet service provider of the accessing system. When we use this general data and information, we are not able to draw any conclusions about the data subject, i.e. you as the visitor to the website. This information is required to ensure the functionality of the website. The data are also used to optimise the website and to ensure the security of our IT systems. All the anonymous server log file data are separated from all the personal data provided by a data subject and stored. Data about the provision of the website absolutely need to be collected and stored in log files so that the website can be operated. Therefore, the user does not have the option of objecting to these data. The data are deleted as soon as they are no longer necessary for achieving the purpose for which they were collected. With regard to data that are collected about the provision of the website, this is the case after seven days at the latest.

7. Data collected when a contact form provided on the website is used
If you have questions of any kind, we offer you the opportunity to get in touch with us via a form that is provided on the website or a corresponding online function. You must provide a valid e-mail address so that we know who has made the enquiry and can answer it. Further mandatory information is marked with an asterisk on the contact form. Depending on the subject, type of data and whether you are already a customer or note, the data are processed on the basis of a contract with you, your consent, or your or our legitimate interest in resolving the matter in accordance with Art. 6 (1) Sentence 1 a), b) and f) GDPR. We will delete the data relating to your enquiry, unless we are obliged by law to store or retain it. If we need the data in order to process outstanding orders, the data will be deleted after these enquiries have been processed at the earliest. Your personal data will not be passed on to third parties.

8. Links to other websites and third-party services
Our website may contain links to third-party websites and some of our services may enable you to access services provided by third parties (e.g. social networks). We have no influence over how the third-party websites and services process your personal data. We do not check third-party websites and are not responsible for their data protection practices. Please read the privacy policies of the third-party websites or services which you access via our website or services. If our website integrates other services, you can find an explanation of this in the privacy policy. When third-party services are integrated, we take care to do this in a data protection-friendly manner. This means that we will inform you accordingly and that we use data protection-friendly technologies for the integration. If third-party services are integrated or implemented subject to your consent, we will obtain this from you via our cookie pop-up.


9. Cookie policy
9.1 What cookies are

Cookies are small files that are stored on your PC or mobile device (e.g. smartphone, tablet) by a website that you visit. They enable us to identify, for example, whether there has already been a connection between your device and our websites. We can take your settings into consideration, offer you certain functions or identify your interests on the basis of your use. For example, information about your visit to the website, such as its duration, login details, user inputs or similar, can be captured in these cookies. Cookies can also contain personal data. Cookies may be either “permanent” cookies or “session cookies”. Permanent cookies consist of a text file that is sent by a web server to a web browser. This file is stored by the browser and remains valid until the specified expiry date (unless the user deletes it before the expiry date). A session cookie, on the other hand, expires when the web browser is closed at the end of the user session. All in all, cookies serve to make the website more user-friendly and effective.
9.2. Types of cookie and how to set your preferences
There are many designations for cookies. We make the following distinctions between cookies:
-    necessary cookies
-    functional cookies
-    marketing cookies

Below we will present the characteristics of the individual types of cookie, what they are needed for and on what basis we use these cookies.
The first time you visit our menu, a cookie pop-up opens. At this time, only necessary cookies are enabled; all other cookies are disabled. Now you have the option of accepting all or cookies or sending us your preferences via the function “Manage my tracking settings”. Only after you have selected your cookie preferences and communicated them to us by clicking on “Submit preferences” will the relevant cookies be placed or, depending on the preference you selected, not be placed. The cookie pop-up will only be shown again if you delete the corresponding cookies in your browser.
9.2.1 Necessary cookies (access to the website)
We use necessary cookies to enable us to operate the website and to ensure that certain functions work properly. This type of cookie is always enabled, as the website cannot otherwise be displayed or certain necessary functions (e.g. navigating between the various main pages and subpages or, if there is a shopping basket function, storing products or carrying out a payment transaction) do not work.
9.2.2 Functional cookies (improvement of the website)
We use functional cookies to analyse how our website is used. These cookies improve the functionality of our website and help us to optimise our website. These cookies also allow us to test the effectiveness of our website or to provide insights for advertising analyses.
9.2.3 Marketing cookies (personalised advertising and third-party plug-ins)
Marketing cookies are targeting cookies, advertising cookies and social media cookies. They essentially have the goal of showing you personalised advertising, i.e. advertising that is tailored to you. This includes showing you “direct advertising on third-party advertising platforms”. If you do not consent this type of cookies, you may still see random advertisements from UEV Umwelt, Entsorgung und Verwertung GmbH on other platforms. Social media cookies can also be used to track your activity on social media platforms. 
If we are using functional or marketing cookies, you can find information about this in this privacy policy. Furthermore, these cookies can only be used if you have consented to their use in our cookie pop-up.
9.3 How to update cookies 
The cookie policy will ask you for your cookie preferences the first time you visit our website. You can also delete or manage any cookies that have been set via your browser settings. The following links will provide you with information on how to set your browser correctly:
Internet Explorer: support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: support.apple.com/de-de/guide/safari/sfri11471/mac
Mozilla Firefox: support.mozilla.com/de-DE/kb/Cookies
Google Chrome: support.google.com/chrome/answer/95647
Adobe (Flash cookies): www.adobe.com/de/privacy/policies/flash-player.html
9.4. Changes to the cookie policy
This cookie policy may change. Please visit this website regularly to keep informed about the latest version.
 

10. Deletion and blocking of personal data
The controller processes and stores the data subject’s personal data only for the period that is necessary to achieve the purpose of storing the data or as far as this is provided for by the European regulator or another legislator in laws and regulations to which the controller is subject. 
If the purpose of storing the data ceases to apply or a storage period specified by the European regulator or another competent legislator expires, the personal data will be deleted or blocked in accordance with the statutory provisions.

11. Legal bases of the processing of personal data
Our company uses Art. 6 (1) a) GDPR as a legal basis for processing operations where we obtain consent to the data being processed for a specific purpose, for example when you use a contact form that is integrated into the website.
If it is necessary to process personal data in order to fulfil a contract in which the data subject is a party, as is, for example, the case with processing that is necessary for the delivery of goods or the performance of another service or consideration, the data processing shall be based on Art. 6 (1) b) GDPR. The same applies to processing that is necessary for the execution of pre-contractual measures, for example in the event of enquiries relating to our products or services.
If our company is subject to a legal obligation that makes it necessary to process personal data, for example to meet tax obligations, the data processing shall be based on Art. 6 (1) c) GDPR. 
Data processing can also be based on Art. 6 (1) f) GDPR. This is the case if the data processing is necessary in order to protect a legitimate interest of our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject We are allowed to carry out such data processing in particular because it is specially mentioned by the European legislator. In this respect, the European legislator argues that a legitimate interest could be assumed if the data subject is a customer of the controller or is in the latter’s employ. (Recital 47 Sentence 2). If processing of personal data is based on Article 6 (1) f) GDPR, our legitimate interest is in the performance of our business activities for the good of our shareholders, taking the legitimate interests of the data subject into account. When this interest is weighed up, the focus is always on an appropriate relationship between the data subject and us as a company.

12. Period for which the personal data are stored
The criterion for the duration of the storage of personal data is statutory storage periods that may arise from tax or commercial law as well as other applicable regulations, whenever these regulations apply to your personal data. After the period expires, the relevant data shall routinely be deleted, provided that it is no longer needed for preparing or fulfilling a contract or maintaining the business relationship. If no storage periods are applicable and you have given us your consent to the storage and use of your personal data, the data shall be stored and used for a specific purpose for the length of time indicated in your consent, or until you withdraw your consent to the use of your personal data for the future.

13. Statutory or contractual provisions relating to the provision of personal data; need for the conclusion of a contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data
Please note that the provision of personal data is partly prescribed by law (e.g. tax regulations) or can arise from contractual provisions (e.g. information about the contractual partner). In order to conclude a contract, it may be necessary for a data subject to provide us with personal information, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data if our company is concluding a contract with them. Failure to provide the personal data would mean that it would not be possible for the contract to be concluded with the data subject. 

14. Data protection regulations on the use of Google Analytics (opt-in solution, subject to consent only with the anonymisation function)
We have integrated the component Google Analytics (with anonymisation function) and implemented this as an opt-in solution. 
This means that we only use this technology with your explicit consent. When you visit our website, a cookie pop-up will open. It will give you the option of setting your cookie preferences. If you consent to the use of Google Analytics, the Google Analytics cookie will be placed on your end device; otherwise, it will not be used. 
Google Analytics is a web analysis service. Web analysis is the collection, accumulation and analysis of data about the behaviour of website visitors. A web analysis service collects, for example, data about the website from which a data subject accessed the website (referrer), which subpages of the website were accessed and when and how often they were accessed, and the period of time for which a subpage was viewed. Every time our website is visited using the IP address of the internet connection used by the data subject, these data are transferred to Google in the USA. These personal data are stored by Google in the USA. Google may pass these personal data that are collected via the technical process on to third parties. The purpose of the Google Analytics component is to analyse the visitor flows on our website. Google uses the data and information obtained to analyse the use of our website in order to compile online reports that show the activity on our websites and provide other services related to the use of our website. 
The operating company for the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google acts as the processor for the data processing. Therefore, we have concluded a data processing contract with Google.
In the spirit of data privacy, the web analysis by Google Analytics will be integrated with the addition “_gat._anonymizeIp” if you grant your consent. With the aid of this addition, the IP address of the data subject’s internet collection will be shortened and anonymised if our website is being accessed from a member state of the European Union or from another state that is a signatory to the Agreement on the European Economic Area. 
The data sent by us and linked to cookies, user IDs or advertising IDs are automatically deleted after 50 months. Data that have reached the end of their storage period are automatically deleted once a month. You can find more detailed information about the terms of use and data privacy at https://www.google.com/analytics/terms/de.html and https://policies.google.com You can access further information and Google’s applicable privacy policy at www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Follow this link to find a more detailed explanation of Google Analytics https://www.google.com/intl/de_de/analytics/.
For information on how to manage cookies in general and how to disable them or withdraw your consent, we refer you to our generalised statement in this privacy policy, especially in the cookie policy.

15. An overview of your rights as a data subject 
In accordance with GDPR, a data subject has individual requesting rights that can be asserted in connection with their personal data. For example, they have a right of access, a right to rectification, a right to erasure, a right to restriction of the processing, a right to data portability as well as individual rights to object and a right to lodge a complaint with a supervisory authority. Below we will provide you with an overview of the individual rights and their time limits. 

15.1 Time limits for the requesting rights in accordance with Art. 15 - 21 GDPR
We, as the controller, will answer any requests by the data subject in accordance with Articles 15 - 21 GDPR with a period of one month after they are received. This time limit can be extended by a further two months if this is necessary in consideration of the complexity and number of the requests. In this case, we will inform you of the extension of the time limit within one month after receiving your request. If the data subject makes the request electronically, we will reply electronically where possible, unless you specify otherwise.

15.2 Methods of making a request
You can make any requests by post or by email. You can find the contact address under Section 4 of this privacy policy. 

15.3 Right of access of the data subject in accordance with Art. 15 GDPR    
A data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed and, where that is the case, to access the personal data and further information as described in Art. 15 GDPR.
Please note that the controller can only provide access if there are no doubts about the identity of the data subject. The controller will use all reasonable means to verify the identity of a data subject seeking access to their data.

15.4 Right to rectification in accordance with Art. 16 GDPR                
A data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

15.5 Right to erasure in accordance with Art. 17 GDPR                
A data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay and the controller has the obligation to erase personal data without undue delay if the conditions listed in Art. 17 GDPR is met.

15.6 Right to restriction of processing in accordance with Art. 18 GDPR    
The data subject has the right to obtain from the controller restriction of processing if the conditions in Art. 18 GDPR are met.

15.7 Right to data portability in accordance with Art. 20 GDPR    
A data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a format as described in Art. 20 GDPR or to have the data transmitted to another controller on the instruction of the data subject if the conditions described in Art. 20 GDPR are met. 

15.8 Right to object in accordance with Art. 21 GDPR
The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which was collected on the basis of Art. 6 (1) e) GDPR [processing takes place within the framework of a task assigned to the controller that is carried out in the public interest or in the exercise of official authority] or Art. 6 (1) f) GDPR [processing takes place on the basis of a legitimate interest pursued by the controller or by a third party].
The controller ceases to process the personal data in these cases unless the controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. 

15.9 Right to object in accordance with Art. 13 (2) GDPR
If the controller processes a data subject’s personal data on the basis of Art. 6 (1) a) GDPR [the data subject has given consent to the processing of their personal data for one or more specific purposes] or Art. 9 (2) a) GDPR [the data subject has given their consent to the processing of special categories of personal data concerning them for one or more specific purposes], the data subject has the right to withdraw their consent at any time, without affecting the lawfulness of processing based on the consent before its withdrawal.
You can withdraw your consent by post or email. You can find the contact address under Section 4 of this privacy policy.

16. Right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to them infringes the GDPR. In general, you can contact the supervisory authority of your usual place of residence or place of work or of the registered office of our company. 
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.


The data protection authority responsible for us is:
The Baden-Württemberg State Commissioner for Data Protection and Freedom of Information

Street address:                

Königstrasse 10a
70173 Stuttgart
Germany

Postal address:

Postfach 10 29 32
70025 Stuttgart
Germany

You can find further information online at www.baden-wuerttemberg.datenschutz.de.

17. Changes to this privacy policy
We may have to adapt our privacy policy for legal or technical reasons. We reserve the right to make corresponding changes at any time and therefore ask that you keep up-to-date by reading this privacy policy at regular intervals.

Last updated: February 2020
 

Contact

We will be happy to answer your questions or to prepare
a non-binding offer for you.

Enquiry