Data protection statement

Data Protection Policy under EU General Data Protection Regulation (GDPR)

 

I. Name and Address of Data Controller

 

The data controller as defined under the General Data Protection Regulation, other national data protection legislation enacted by Member States and other data protection regulations is:

Trevira GmbH
Max-Fischer-Str. 11
D-86399 Bobingen
Deutschland
Tel.: +49-8234-9688-2222
E-Mail: trevira.info(at)trevira.com

Website: www.trevira.com

 

II. Name and Address of Data Protection Officer

 

The Data Protection Officer for Trevira GmbH is:

Peter Effenberger
Forster Str. 54
D-03172 Guben
Tel.: +49-8234-9688-3191
E-Mail: Peter.Effenberger(at)trevira.com

Website: www.trevira.com

 

III. General Data Processing Policy

 

1. Scope of personal data processing

We process the personal data of our users strictly only in as far as this is necessary for the provision of a functional website and our content, products and services. As a rule, we process the personal data of our users only after the user has consented to such processing. Exceptions to this rule are cases where the following conditions apply: (1) there are factual reasons why such consent could not be obtained in advance and (2) the processing of the data is legally permissible.

 

2. Legal basis for the processing of personal data

Where we obtain consent from a data subject in order to process personal data, the lawful basis for this is GDPR Art. 6 (1) (a). Where we process personal data which is required for the performance of a contract with the data subject, the lawful basis for this is GDPR Art. 6 (1) (b). This also applies to data processing required for the purposes of taking steps prior to entering into a contract. Where we process data in order to comply with a legal obligation to which our company is subject, the lawful basis for this is GDPR Art. 6 (1) (c). Where data processing is required in order to protect the vital interests of the data subject or of another natural person, the lawful basis for this is GDPR Art. 6 (1) (d). Where processing is required for the purposes of the legitimate interests pursued by our company or by a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the lawful basis for this is GDPR Art 6. (1) (f).

 

3. Data deletion and storage period

Personal data relating to the data subject will be erased or made unavailable as soon as the reason for the data storage no longer applies. Data may be stored for a longer period if this is required by European Union or national legislatures in regulations, laws or other applicable provisions under Union law to which the data controller is subject. Data will also be made unavailable or erased when the period of storage set out under such provisions has expired, except where continued storage of the data is necessary for the conclusion or performance of a contract.

 

IV. Website Provision and Creation of Logfiles

 

1. Description and Extent of Data Processing

Each time our website is accessed, our system automatically captures data and information from the computer used to access the site. In doing so, the following data are collected:

  1. Information about the browser type and version
  2. The user's internet service provider
  3. The user's IP address
  4. Date and time of access
  5. Websites from which the user accesses our internet page
  6. Websites accessed by the user from our internet page


These data are also stored in our system's logfiles. This does not apply to the user's IP address or to any other data which would allow us to identify the user. Such data will not be stored together with other personal data of the user.

 

2. Legal basis for data processing

The lawful basis for the temporary storage of data is GDPR Art. 6 (1) (f).

 

3. Purpose of data processing

The system's temporary storage of the user's IP address is required in order to give the user's computer access to the website. For such access to be given, the IP address of the user must be stored for the duration of the session. Data are stored in logfiles to ensure the website's functionality. These data also allow us to optimise the website and to guarantee the security of our IT systems. ata stored in this way are not subject to evaluation for marketing purposes. These purposes also represent our legitimate interest in the processing of data under GDPR Art. 6 (1) (f).

 

4. Data storage period

The data will be erased as soon as they are no longer needed for the purpose for which they were collected. Where data are collected for the purposes of making the website accessible, this means at the end of each session.

 

5. Right to object/Right of removal

The collection of data for the purposes of making the website accessible, and the storage of data in logfiles, are required to operate the website. The user therefore does not have the right to object to such collection.

 

V. Use of Cookies

 

a) Scope and extent of data processing

Some areas of our website use cookies in order to improve your experience and provide you with products and services that are more relevant to you. Cookies are text files which are stored in the internet browser, that is, on the user's computer by the internet browser. When a user accesses a website, a cookie can be stored on his or her computer operating system. This cookie contains an information string (ID tag) that is used to identify the browser the next time the website is accessed. We use cookies to make our website more user-friendly. Some aspects of our website require the site to remember the browser even after a new page has been opened. The cookies store and transmit the following data:

  1. Language settings
  2. Log-in information


We also use cookies on our website to help us analyze how our website is used. This might result in the transmission of the following data:

  1. Search terms submitted by the user
  2. How often a page is accessed
  3. How website functions are used


User data collected in this way are anonymized using technical security precautions. This makes it impossible to use the data to identify the user accessing the site. The data are not stored in association with any other personal data of the user. When our website is accessed, a banner will appear informing the user that the site contains cookies for analytical purposes. It also provides a link to OR makes the user aware of this data protection policy and provides information as to how she or she can prevent the storage of cookies through adjusting their browser settings. When accessing our website, the user is informed that the site contains cookies for analytical purposes and is asked for his/her consent to the processing of personal data collected in this way. The user is also made aware of this data protection policy.

 

b) Legal basis for data processing

The lawful basis for using cookies for the processing of personal data is GDPR Art. 6 (1) (f).

 

c) Purpose of data processing

The purpose of using technically necessary cookies is to make websites easier to use. Some functions of our website are not available unless cookies are enabled, as the website must be able to recognise the user's browser even if a new page is opened. Cookies are needed to enable the following applications:

  1. Retaining language settings
  2. Remembering search terms


The user data collected through the use of technically necessary cookies are not used to create user profiles. Analytical cookies are used to improve the quality of our website and its content. Analytical cookies tell us how the website is used, so that we can continually optimise our products and services. These purposes also represent our legitimate interest in personal data processing under GDPR Art. 6 (1) (f).

 

d) Data storage period, Right to object/Right of removal

Cookies are stored on the user's computer and transmitted from the user's computer to our website. You as user therefore retain full control over the use of cookies. You can deactivate or limit the transmission of cookies at any time by changing your internet browser settings. Cookies previously stored in your computer can also be deleted at any time, with an option to set up automatic deletion. If you deactivate cookies for our website, not all website functions may be fully available.

 

VI. Online Contact Form and Email Contact

 

1. Scope and extent of data processing

Our website offers users the option of contacting us electronically via an online form. If a user chooses this option, the data entered into the online form are transmitted to and stored by us. These data are: In order to process the data, the user's consent is obtained within the message is submitted and the user is also made aware of this data protection policy. It is also possible to contact us via the email address provided on the website. If the user chooses this option, the personal data are stored that are submitted with the email. Such data are not passed on to third parties and are used solely for the purpose of processing the conversation with the user.

 

2. Legal basis for the processing of personal data

Where the user's consent has been obtained, the legal basis for the processing of personal data is GDPR Art. 6 (1) (a). The legal basis for processing data obtained through the sending of an email is GDPR Art. 6 (1) (f). If the email contact is made in connection with the conclusion of a contract, the additional lawful basis for processing the relevant data is GDPR Art. 6 (1) (b).

 

3. Purpose of data processing

The processing of personal data entered into an online form is carried out solely for the purpose of processing the user's establishment of contact with us. Should a user contact us via email, this represents the required legitimate interest [of our company] in the processing of his or her data. Other personal data processed when the form is submitted or the email is sent have the purpose of preventing misuse of the online contact form and ensuring the security of our IT systems.

 

4. Storage of Data

The data will be erased as soon as the purpose for which they were collected no longer applies. Regarding personal data obtained from the online contact form and/or from the sending of an email, this is the case when the relevant conversation with the user is concluded. The conversation is deemed to be concluded when circumstances show that the matter of the conversation has been finally resolved. Additional personal data collected at the time of submission of the email or contact form will be erased after seven days at the latest.

 

5. Right to object/Right of removal

The user has the right to withdraw his or her consent at any time to the processing of his/her personal data. Where the user has contacted us by email, s/he can object to the storage of his/her personal data at any time. This will result in the ending of the conversation. Where this is the case, all personal data stored during the establishment of contact with us will be erased.

 

VII. Rights of the Data Subject

 

If your personal data are processed, you are a data subject under the provisions of the GDPR and you have the following rights in relation to the data controller:

1. Right to information

At your request, the data controller must provide confirmation of whether we have processed or are processing personal data in relation to you. If this is the case, you have the right to obtain information from the data controller as to the following:

  1. the purposes for which your personal data are processed;
  2. the categories of personal data being processed;
  3. details of any recipients or categories of recipient to whom your personal data has been or will be disclosed;
  4. how long your personal data will be stored or, if specific retention times are not available, the criteria for determining length of storage;
  5. the existence of a right to rectification or erasure of your personal data, the right to restrict their processing by the data controller or the right to object to such processing;
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. all available information pertaining to where the personal data were obtained, if they were not collected from the data subject;
  8. the existence of automated decision-making, including profiling, referred to in GDPR Art. 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.


You have the right to obtain information as to whether personal data will be or have been transferred to a recipient in a third country or international organisation. In such a case you have the right to obtain information as to the provision of appropriate safeguards as defined in GDPR Art. 46 in relation to the transmission of the data.

 

2. Right to rectification

You have the right to obtain rectification and/or completion of inaccurate or incomplete personal data relating to you from the data controller. The data controller must carry out the rectification without undue delay.

 

3. Right to restrict processing

The data subject shall have the right to obtain the restriction of processing of personal data relating to him or her where one of the following applies:

  1. you contest the accuracy of your personal data, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you refuse the erasure of the personal data and request the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
  4. you have objected to the processing of your data pursuant to GDPR Art. 21 (1) and it has not yet been established whether the legitimate grounds of the controller override your grounds.


Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing pursuant to the above conditions, you will be informed by the controller before the restriction of processing is lifted.

 

4. Right to erasure

a) Obligation to erase data

You may demand that the data controller erase your personal data without undue delay, and the data controller is obligated to erase such data without undue delay where one of the following grounds applies:

  1. Your personal data are no longer required for the purposes for which they were collected or otherwise processed;
  2. You withdraw your consent on which the processing was based under the provisions of GDPR Art. 6 (1) (a) or Art. 9 (2) (a), and there is no other legal ground for the processing;
  3. You object to the processing pursuant to GDPR Art. 21 (1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to GDPR Art. 21 (2);
  4. Your personal data have been unlawfully processed;
  5. Your personal data have to be erased in order to comply with a legal obligation in Union or Member State law to which the data controller is subject;
  6. the personal data have been collected in relation to the offer of information society services as defined in GDPR Art. 8 (1).


b) Information Disclosed to Third Parties

Where the data controller has made your personal data public and is obliged pursuant to GDPR Art. 17 (1) to erase your personal data, s/he, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, as data subject, have requested the erasure by such controllers of any links to, or copies of, or replications of, those personal data.


c) Exceptions

The right to erasure does not apply where processing is necessary

  1. in order to exercise the right of freedom of expression and information;
  2. in order to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health as defined under GDPR Art. 9 (2) (h) and (i) and GDPR Art. 9 (3);
  4. for archiving purposes in the public interest, academic, scientific or historical research purposes or statistical purposes as defined under GDPR Art. 89 (1), in so far as the right referred to in Section (a) above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

 

5. Right to notification

If you have asserted your right to rectification, erasure and/or restriction of the processing of your personal data, the data controller is obligated to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to obtain information from the data controller about such recipients.

 

6. Right to data portability

You have the right to receive any personal data which you have provided to a data controller in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the controller to which the personal data have been provided, where

  1. the processing is based on consent as defined under GDPR Art. 6 (1) (a) or GDPR Art. 9 (2) (a) or on a contract pursuant to GDPR Art. 6 (1); and
  2. the processing is carried out with the help of automated means.


In exercising this right, you also have the right to have your personal data transmitted directly from one data controller to another, where technically feasible. This must not impair the freedoms and rights of other persons. The right to data portability does not apply to the processing of personal data which is required for the carrying out of a task in the public interest or for the exercising of official authority vested in the data controller.

 

7. Right to object

You have the right at any time to object on grounds relating to your specific situation to the processing of your personal data carried out pursuant to GDPR Art. 6 (1) (e) or (f). This includes the right to object to profiling which is carried out pursuant to the said provisions.

The data controller will cease to process your personal data, except where she can bring forward worthy of protection grounds that override your interests, rights and freedoms, or where the processing is necessary for the purpose of establishing, exercising or defending legal claims.

Where your personal data are processed for the purposes of direct marketing, you have the right at any time to object to the processing of your personal data for such purposes, including the right to object to any profiling carried out in connection with such direct marketing.

Should you object to the processing of your data for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the option, in connection with the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.

 

8. Right to withdraw consent in relation to data protection

You have the right to withdraw your consent at any time to the processing of your personal data. The withdrawal of your consent does not affect the lawfulness of any processing of your data carried out up to the point where the withdrawal of consent becomes effective.

 

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects affecting you or in a similar way represent a significant impairment to you. This does not apply where the decision:

  1. is necessary for entering into, or for the performance of, a contract between you and the data controller;
  2. is authorised on grounds of Union or Member State law to which the data controller is subject and which law also contains appropriate measures to safeguard your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.


However, these decisions may not be based on special categories of personal data pursuant to GDPR Art. 9 (1), unless GDPR Art. 9 (2) (a) or (g) applies and appropriate measures to protect your rights and freedoms and your legitimate interests have been put in place. In the case of (1) and (3), the data controller shall implement appropriate measures to safeguard your rights and freedoms and your legitimate interests, which should be understood as at least the right to obtain human intervention on the part of the data controller, the right to put forward your own point of view and your right to contest the decisions.

 

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial legal remedy, you have the right to lodge a complaint with a supervisory authority, especially in the Member State where you have your habitual place of residence or work, or where the alleged infringement has taken place, if you believe that your personal data has been processed in a way that infringes the GDPR. The authority with whom the complaint is lodged will notify the complainant as to the status and result of his or her complaint, including the possibility of judicial remedy pursuant to GDPR Art. 78.