Thank you for your interest in our company. Data protection has a particularly high priority for our company. The use of our website is possible without any indication of personal data. However, if a data subject wants to use special services of our enterprise via our website, processing of personal data could become necessary. If the processing of personal data is necessary, we will generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the GDPR, and in accordance with the country-specific data protection regulations applicable to our enterprise. By means of this data protection declaration, our company would like to inform data subjects about the rights to which they are entitled.

As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website and our e-mail traffic. Nevertheless, Internet-based data transmissions can always have security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

1. Definitions

The data protection declaration is based on the terms used by the European Directive and Ordinance Maker when issuing the General Data Protection Regulation (GDPR/ GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms, among others, in this data protection declaration:

(a) personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

(c) processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

e) Profiling
Profiling shall mean any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

(g) Controller or data controller
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

(h) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

(i) Recipient
Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

(j) third party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

k) Consent
Consent is any freely given specific and informed indication of his or her wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

2. Responsible

The person responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

Euroobjekt, S.L.

Johannes Schmitz

Gran Via Puig des Castellet 1

Tel +34 636 47 55 42

E-Mail info@euroobjekt.com

Website https://www.euroobjekt.com

3. Administration

We process data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. RGPD/DS-GVO, Art. 6 para. 1 lit. f. RGPD/DS-GVO. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.

In this context, we disclose or transmit data to the tax authorities, advisors, such as tax consultants or auditors, as well as other fee offices and payment service providers.

Furthermore, we store information on suppliers, organisers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. This data, most of which is company-related, is stored permanently until revoked.

4. Rights of the user – rights of our customers

You can exercise the following rights at any time using the contact details provided by our data protection officer:

• Information about your data stored by us and how it is processed,
• Correction of incorrect personal data,
• deletion of your data stored by us,
• Restriction of data processing if we are not yet allowed to delete your data due to legal obligations,
• objection to the processing of your data by us, and
• Data portability, provided that you have consented to the data processing or have concluded a contract with us.

If you have given us consent, you can revoke this at any time with effect for the future.

5. Legal basis of the processing

Art. 6 I lit. a RGPD/DS-GVO serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b RGPD/DS-GVO. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of enquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c RGPD/DS-GVO. In rare cases, the processing of personal data might become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result their name, age, health insurance details or other vital information needed to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d RGPD/DS-GVO.

Ultimately, processing operations could be based on Art. 6 I lit. f RGPD/DS-GVO. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the protection of a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 RGPD/DS-GVO).

6. Duration of the storage of personal data

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted if it is no longer required for the fulfilment or initiation of the contract.

7. Legal or contractual regulations

We would like to inform you that the provision of personal data is sometimes required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner).

Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded.

8. Hosting

The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offer.

In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 (1) lit. f RGPD/DS-GVO in conjunction with Art. 28 RGPD/DS-GVO. Art. 28 RGPD/DS-GVO (conclusion of order processing agreement).

9. Server-Log-Files

In server log files, our website provider collects and stores information that your browser automatically transmits to our website. These are:

• Browser type and version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources. The data processing is based on Art. 6 para. 1 lit. b RGPD/DS-GVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

10. SSL or TLS encryption

In order to protect your transmitted data as best as possible, we use SSL encryption. You can recognise such encrypted connections by the prefix “https://” in the page link in the address line of your browser. Unencrypted pages are marked with “http://”.

Thanks to SSL encryption, all data that you transmit to this website – for example when making enquiries or logging in – cannot be read by third parties.

All e-mail traffic between you and our company is realised from our side via an encrypted connection (TLS).

11. Contact form

Data transmitted via the contact form, including your contact details, are stored in order to be able to process your enquiry or to be available for follow-up questions. This data will not be passed on without your consent.

The data entered in the contact form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a RGPD/DS-GVO). The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable software. Revocation of your consent already given is possible at any time. An informal communication by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

Data transmitted via the contact form will remain with us until you request us to delete it, revoke your consent to store it or there is no longer any need to store the data. Mandatory legal provisions – in particular retention periods – remain unaffected.

12. Google Fonts

In order to display our content correctly and graphically appealing across browsers, we use script libraries and font libraries such as Google Webfonts (https://www.google.com/webfonts/) on this website. Google Web Fonts are transferred to your browser’s cache to avoid multiple loading. If the browser does not support Google Web Fonts or prevents access, content will be displayed in a standard font and the display may differ from the actual display.

Calling up script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible – although it is currently unclear whether and for what purposes – that the operators of such libraries collect data.

The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy/.

Opt-out: https://adssettings.google.com/authenticated

13. Google Maps

This website uses Google Maps API to visually display geographical information. When using Google Maps, Google also collects, processes and uses data about visitors’ use of the map functions. You can find more information about data processing by Google in the Google privacy policy (https://www.google.com/policies/privacy/). There you can also change your personal data protection settings in the data protection centre.

Detailed instructions on how to manage your own data in connection with Google products can be found here: http://www.dataliberation.org/.

Opt-out: https://adssettings.google.com/authenticated

14. Profiling

As a responsible company, we do not use automatic decision-making or profiling.

15. Change

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection statement will then apply to your next visit.