Privacy Policy

Privacy Policy 

The present privacy policy informs you on the type, scope and purpose of processing of personal data (hereinafter briefly “data”) within our online offer and the associated websites, functions and content as well as external online presence such as e.g. our social media profiles (hereinafter collectively called “online offer”). In view of the terms used such as e.g. “personal data” or their “processing”, reference is made to the definitions in Art. 4 of the General Data Protection Regulation (GDPR). 

Controller

ZinCo GmbH
Lise-Meitner-Strasse 2
72622 Nuertingen 

Phone: +49 7022 6003-0
Fax: +49 7022 6003-100
e-mail: info@zinco-greenroof.com 

Register no. HRB 224312 – Stuttgart
VAT-ID-No. DE-812239399
Managing Directors: Ulrich Schaefer, Dieter Schenk, Manfred Krueger 

Privacy Officer

ZinCo Privacy Officer
Phone: +49 7022 6003-232
e-mail: datenschutzbeauftragter@zinco-greenroof.com 

Types of data processed

  • Inventory data (e.g. names, addresses)
  • Contact data (e.g. E-Mail, phone numbers)
  • Content data (e.g. text input)
  • Contract data (e.g. seminar notifications, subject matter of contract, term)
  • Usage data (e.g. visited websites, interest in content, access times)
  • Meta/communication data (e. g. device information, IP addresses) 

Processing of special categories of data (Art. 9 subsection 1 GDPR)

No special categories of data are being processed. 

Categories of individuals affected by the processing

  • Customers/Prospects/Suppliers
  • Visitors and users of the online offer
  • Hereinafter, the data subjects concerned are also designated collectively as “Users”. 

Purpose of processing

  • Making available the online offer, its content and functions. Rendering contractual performance, service and customer care. Answering of contact requests and communication with users. Marketing, advertising and market research. 
  • Safety measures

Current as of: 2nd May 2018 

1. Relevant Legal Basis

In accordance with Art. 13 GDPR, we inform you on the legal basis of our data processing. Insofar as the legal basis is not specified in the privacy policy, the following applies: legal basis for obtaining consent is Art. 6 subsection 1 lit. a and Art. 7 GDPR, legal basis for processing for performance of our service and exe- cution of contractual measures as well as reply to inquiries is Art. 6 subsection 1 lit. b GDPR, legal basis for processing for performance of our legal duties is Art. 6 subsection 1 lit. c GDPR , and legal basis for processing for safeguarding our legitimate interests is Art. 6 subsection 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require processing of personal data, Art. 6 subsection 1 lit. d GDPR shall serve as a legal basis.

2. Modifications and Updating of the Privacy Policy

You are kindly asked to regularly inform yourself on the content of our privacy policy. We will adapt the privacy policy as soon as this is required by the modifications of the data processing carried out by us. We will inform you when due to the modifications a cooperation by you (e.g. consent) or any other individual notification becomes necessary.

3. Safety Measures

3.1.  In accordance with Art. 32 GDPR taking into account the State of the Art, the implementation cost and the type, scope, circumstances and purposes of processing as well as different occurrence of probability and severity of risk for the rights and freedoms of natural persons, we shall take appropriate technical and organisational measures in order to guarantee a level of security appropriate to the risk. The measures include in particular securing confidentiality, integrity and availability of data by control of physical access to the data as well as the access, entry, transfer, securing of availability and separation concerning these data. Moreover, we have established procedures guaranteeing safeguarding the data subjects' rights, erasure of data and reaction to an endangerment of the data. Moreover, we consider protection of personal data already during development and/or selection of hardware, software and procedures in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

3.2.  The protection measures include in particular encrypted transfer of data between your browser and our server.

4. Cooperation with Processors and Third Parties 

4.1. If, within the scope of our processing, we disclose data to other individuals and companies (processors or third parties), transfer them to these or otherwise grant access to the data to them, this occurs only on the basis of a legal permission (e.g. if transfer of data to third parties such as a payment service provider in accordance with Art. 6 subsection 1 lit. b GDPR is required for contract performance), of you having agreed to it, that it is stipulated by a legal duty or on the basis of our legitimate interests (e.g. when appointing agents, web hosts etc.).

4.2. If we appoint third parties for processing data on the basis of a so-called “processor contract”, this is done on the basis of Art. 28 GDPR.

5. Transfer to Third Countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this occurs within the scope of engaging third parties or disclosure and/or transfer of data to third parties, this only occurs, if it is done for fulfillment of our (pre-)contractual duties, on the basis of your consent, due to a legal duty or on the basis of our legitimate interests. Subject to legal or contractual permission, we process or cause to be processed the data in a third country only, if the specific requirements of Art. 44 et seq. GDPR exist. This means that processing occurs e.g. on the basis of special guarantees such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the US by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

6. Rights of the Data Subjects

6.1. You have the right to obtain confirmation as to whether data concerning you are being processed and to access to these data and any further information and copy of the data in accordance with Art. 15 GDPR.

6.2. In accordance with Art. 16 GDPR you shall have the right to have incomplete personal data completed or to obtain the rectification of inaccurate personal data concerning you.

6.3. In accordance with Art. 17 GDPR, you shall have the right to obtain erasure of personal data concerning you without undue delay and/or alternatively in accordance with Art. 18 GDPR, to obtain restriction of processing of the data.

6.4. In accordance with Art. 20 Google, you shall have the right to receive the personal data concerning you which you have provided to us, and to request their transmission to other controllers.

6.5. Moreover, you have the right in accordance with Art. 77 GDPR to lodge a complaint with the competent supervisory authority.

7. Right of Withdrawal

You shall have the right to withdraw the consent granted in accordance with Art. 7 subsection 3 GDPR with effect for the future.

8. Right to Object

You have shall the right to object to future processing of the personal data concerning you in accordance with Art. 21 GDPR at any time. Objection can in particular be made to processing for the purposes of direct marketing.

9. Cookies and Right to Object in the case of Direct Marketing

We use temporary and permanent cookies, i.e. small files which are stored on the devices of the users (explanation of the term and function see last paragraph of the present privacy policy). Partly, the cookies serve for safety or they are required for operation of the online offer (e.g. for display of the website). Moreover, we or our technology partners use cookies for reach measurement and marketing purposes on which the users are informed during the privacy policy. 

A general objection to use of the cookies for the purpose of online marketing can be made for a plurality of services, above all in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Moreover, storage of cookies can be prevented by disabling them in the browser settings. Please note that in that case possibly not all functions of this online offer can be used. 

10. Erasure of Data 

10.1. The data processed by us will be erased or restricted in their processing in accordance with Art. 17 and 18 GDPR. Unless expressly specified within the present privacy policy, the data stored with us will be erased when they are no longer required for their intended purpose, and erasure is not prevented by any statutory obligations to keep them. If the data not erased because they are required for other purposes permitted by law, their processing is restricted. This means that the data are blocked and not processed for other purposes. This applies, e.g. to data which must be kept for reasons of commercial or tax law.

10.2. In accordance with statutory provisions, storage occurs in particular for 6 years in accordance with Section 257 subsection 1 HGB [German Commercial Code] (trading books, inventories, opening balance sheets, financial statements, commercial letters, accounting records etc.) as well as for 10 years in accordance with Section 147 subsection 1 AO [German Revenue Code] (books, records, reports, accounting records, commercial and business letters, documents relevant for taxation etc.).

11. Provision of contractual services 

11.1. We are processing inventory data (e.g. names and addresses as well as contact data of users), contractual data (e.g. services taken, names of contact persons) for fulfillment of our contractual obligations and provision of services in accordance with Art. 6 subsection 1 lit. b GDPR. The entries identified as binding in the online forms are required for contract conclusion.

11.2. We are processing usage data (e.g. websites visited of our online offer, interest in our products) and content data (e.g. entries into the contact form) in order to improve our services (e.g. online presence) in the interest of the user.

11.3. Erasure occurs after expiration of statutory guarantee and comparable obligations; the necessity of storage of the data will be verified every three years; in the case of statutory archiving obligations, erasure occurs after their expiration (end of commercial (6 years) and tax law (10 years) obligation to keep the data); data in the customer account are maintained until it is deleted.

12. Contacting 

12.1. When contacting us (by contact form or by e-mail), the data given by the user are being processed for handling the contact request and its execution in accordance with Art. 6 subsection 1 lit. b) GDPR.

12.2. The data of the user can be stored in our Customer Relationship Management System (“CRM System”) or a comparable request system.

12.3. We shall erase the requests when they are no longer required. We verify the necessity every two years. Requests by customers having a customer account, are permanently stored and we refer to the data on the customer account with respect to erasure. In the case of statutory archiving obligations, erasure occurs after their expiration (end of commercial (6 years) and tax law (10 years) obligation to keep the data). 

13. Collection of Access Data and Log Files 

13.1. We collect data on the basis of our legitimate interests within the meaning of Art. 6 subsection 1 lit. f GDPR on each access to the server on which this service is located (so-called server log files). The access data include name of the website retrieved, file, date and time of retrieval, data volume transferred, report on successful retrieval, type and version of browser, operating system of the user, referrer URL (the previously visited website), IP address and requesting provider.

13.2. Log file information are stored for 14 days maximum for safety reasons (e.g. for investigation of abuse or fraud) and subsequently erased. Data, the further storage of which is required as evidence, are excluded from erasure until the respective incident has been fully investigated.

14. Online Presence in Social Media 

14.1. We have online presence in social networks and platforms in order to be able to communicate with customers, prospects and users active there and in order to be able to inform them on our services. When accessing the respective networks and platforms, the general terms and conditions and the data processing policies of the respective operators apply.

14.2. Unless otherwise specified within the scope of our privacy policy, we are processing the user data, when they are communicating with us within the social networks and platforms, e.g. are posting messages on our online presence or are sending messages to us.

15. Cookies & Reach Measurement 

15.1. Cookies are information which is transmitted from our web server or third party web servers to the web browser of the users and are stored there for later access. Cookies may be small files or other types of information storage.

15.2. The users are informed within the scope of the present privacy policy on the use of cookies within the scope of pseudonymous reach measurement.

15.3. If the users do not want cookies to be stored on their computer, they are asked to deactivate the respective option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. The exclusion of cookies may result in functional restrictions of the online offer.

15.4. You can object to the use of cookies serving for reach measurement and advertising purposes via the deactivation site of the network advertising initiative (http://optout.networkadvertising.org/) and in addition the US-American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

16. Google Analytics 

16.1. On the basis of our legitimate interests (i.e. interests in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 subsection 1 lit. f. GDPR), we are using Google Analytics, a web analysis tool of Google Ireland Limited (“Google”). Google is using cookies. The information generated by the cookie on use of the online offer by the users are generally transmitted to a Google server in the US and stored there.

16.2.  Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection law
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

16.3. Google will use this information on our behalf in order to analyse the use of our online offer by the users in order to compile reports on the activities within this online offer and in order to provide further services to us associated with the use of this online offer and internet use. From the processed data pseudonymous usage profiles of the users can be created.

16.4. We use Google Analytics only with activated IP anonymisation. This means that the IP address of the users is shortened by Google within Member States of the European Union or in other Contracting States of the Agreement on the European Economic Area. Only in exceptional cases the full IP address is transmitted to a Google server in the US and shortened there.

16.5. The IP address transmitted from the user's browser is not combined with other Google data. The users can prevent the storage of cookies by a corresponding setting of their browser software. Moreover, the users can prevent recording of the data generated by the cookie and related to their use of the online offer to Google as well as processing of these data by Google by downloading and installing the browser plug-in available from the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

16.6. For further information on the use of data by Google, options for settings and objections, see the Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Use of Data by Google when you are using websites or apps of our partners”), https://policies.google.com/technologies/ads (“Use of Data for Advertising Purposes”), https://adssettings.google.com/authenticated (“Manage information used by Google to display advertisements to you”).

17. Google Adwords Conversion Tracking und Remarketing 

17.1. On the basis of our legitimate interests (i.e. interests in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 subsection 1 lit. f. GDPR), we are using Google Adwords Conversion Tracking and Remarketing of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google is using cookies. The information generated by the cookie on use of the online offer by the users are generally transmitted to a Google server in the US and stored there.

17.2. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection law
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

17.3. Google will use this information on our behalf in order to analyse the use of our online offer by the users, in order to compile reports on the activities within this online offer and in order to provide further services to us associated with the use of this online offer and internet use. From the processed data pseudonymous usage profiles of the users can be created.

17.4. AdWords Conversion Tracking serves for analytical purposes, if the visit occurs via a Google advertisement. To our knowledge, personal data are not stored in the process. This cookie removes itself within 30 days. Blocking of cookies from “googleadservices.com” is possible. For more information see: https://policies.google.com/privacy?gl=de and https://services.google.com/sitestats/de.html

17.5. Adwords Remarketing serves for displaying interest-related advertisements within the Google advertising network. To our knowledge, personal data are not stored in the process. The Remarketing function can be prevented by settings under http://www.google.com/settings/ads. Here, you can find information as to how to turn off interest-related advertising https://support.google.com/ads/answer/2662922?hl=de

17.6. You can find any further information on the use of data by Google, options for settings and objections on the Google websites: https://policies.google.com/privacy?gl=de (“Use of Data by Google when you are using websites or apps of our partners”), https://policies.google.com/technologies/ads ((“Use of Data for Advertising Purposes”), https://adssettings.google.com/authenticated (“Manage information used by Google to display advertisements to you”). 

18. Newsletter 

18.1. With the following information, we inform you on the content of our newsletter and the registration, sending and statistical evaluation method and inform you on your rights of objection. By subscribing to our newsletter, you agree to its receipt and the methods described.

18.2. Content of the newsletter: we are sending newsletters, e-mails and other electronic messages with advertising information (hereinafter “newsletter”) only with the consent of the recipient or a statutory permission. Insofar as within the scope of a registration for the newsletter, its content is precisely described, it is relevant for the consent of the users. Otherwise, our newsletters contain information on our products, offers, activities and on our company.

18.3. Registration for our newsletter is made in a double opt-in procedure. This means that you will receive an e-mail after registration asking you for confirmation of your registration. This confirmation is necessary so that nobody can register with third party e-mail addresses. The registrations for the newsletter are recorded in order to be able to prove the registration process in accordance with statutory requirements. This includes the storage of the time of registration and confirmation as well as the IP address.

18.4. Moreover, we can use these data in pseudonymous form, this means without attribution to a user, for optimisation or improvement of our own services, e.g. for technical optimisation of the sending and the presentation of the newsletter or for statistical purposes in order to determine from which countries the recipients are coming.

18.5. In order to register for the newsletter, it is sufficient, when you provide your e-mail address. Optionally, we ask you to give your name for addressing you personally in the newsletter.

18.6. Sending of the newsletter and performance measurement occur on the basis of consent of the recipients in accordance with Art. 6 subsection 1 lit. a., Art. 7 GDPR in connection with Section 7 subsection 2 No. 3 UWG [German law against unfair competition] and/or on the basis of the legal permission in accordance with Section 7 subsection 3 UWG.

18.7. Recording of the registration procedure occurs on the basis of our legitimate interests in accordance with Art. 6 subsection 1 lit. f GDPR and serves for proof of consent to receipt of the newsletter.

18.8. Cancellation/Withdrawal – You can unsubscribe receipt of our newsletter at any time, i.e. withdraw your consent. You can find a link to unsubscribe the newsletter at the end of each newsletter. If the users have only subscribed the newsletter and cancelled this registration, their personal data are erased.

19. Integration of Third Party Services and Content 

19.1. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 subsection 1 lit. f. GDPR), we are using within our online offer content and service offers of third party providers in order to integrate their content and services such as, e.g. videos or font types (hereinafter uniformly designated as “content”). This always requires that the third party providers of this content use the IP address of the users because they cannot send the content to their browsers without the IP address. Hence, the IP address is required for display of this content. We endeavour to use only such content the suppliers of which are using the IP address only for the supply of the content. Moreover, third party providers can use pixel tags (invisible graphic, also called web beacons) for statistical or marketing purposes. By means of the pixel tags, information such as visitor traffic on the pages of this website can be analysed. Moreover, the pseudonymous information can be stored in cookies on the users' device, and can contain among others technical information with respect to the browser and the operating system, linking websites, visiting time as well as other information on the use of our online offer, and can also be combined with such information from other sources. 

19.2. The following presentation is a summary of third party providers and their content as well as links to their privacy policies containing further information on the processing of data and – partly already mentioned here – options for objection (opt-out):