We, ChemServe GmbH, have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by external service providers. In the following, we inform you about the data processing in the context of the use of MIRACLE Online.
Phone +49 4135 808630
The subject of data protection is personal data. According to Art. 4 No. 1 GDPR, these are all information relating to an identified or identifiable person. This includes, for example, information such as name, email address or telephone number, but also usage data such as the IP address.
In the following, we provide information on the scope of data collection and storage as well as use (hereinafter "data processing", used in the sense of Art. 4 No. 2 GDPR) and the purpose of the respective data processing within the scope of our webshop.
To use MIRACLE Online, you need an IP address and log-in credentials. We require these at short notice (see also the following section). There is also the option of e-learning.
Web servers and end devices actually need the IP address as an address. Only then does the web server know to which device it can transmit the page you have called up. Consequently, the web server must process your IP address at the moment of the data request.
The legal basis for this data processing is regularly Art. 6 para. 1 lit. b GDPR, as we need your IP address in order to be able to send you the contents of MIRACLE Online and the information contained therein at all.
The IP address is stored for four weeks. This gives us the opportunity to analyze attacks on the server and take appropriate measures. In this case, the data processing is based on our legitimate interest according to Art. 6 (1) lit. f GDPR.
We use Google Analytics to analyze website usage. The data obtained from this is used to optimize our website and advertising measures.
Google Analytics is a web analytics service operated and provided by Google, Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). Google processes website usage data on our behalf and is contractually committed to measures to ensure the confidentiality of the data processed.
During your visit to the website, the following data, among others, is recorded:
This data is transferred to a Google server in the USA.
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognize you on future visits to the website.
The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remain stored in aggregated form indefinitely.
If you do not agree to the collection of data, you can prevent this by installing the browser add-on to deactivate Google Analytics or by rejecting cookies via our cookie settings dialogue.
A login is required to use MIRACLE Online. To create the login, we store the following data from each user
The processing of this data serves the fulfilment of the contract, therefore the legal basis is Art. 6 para. 1 lit. b GDPR. If data is added voluntarily, the legal basis is your consent according to Art. 6 para. 1 lit. a GDPR.
If a user uses the e-learning, we process the following data
The e-learning is part of the contract, the processing of the data is therefore carried out in accordance with Art. 6 para. 1 lit. b GDPR.
If you contact us as a customer or interested party by e-mail, you usually provide us with the following personal data:
We process this data in order to respond to your request.
We use this data exclusively to process your request. This data processing is regularly based on Art. 6 para. 1 lit. b GDPR.
We observe the principle of purpose-related data use. We process all of the aforementioned data only for the purposes and on the basis of the legal grounds already mentioned.
Of course, we use various service providers for the operation of MIRACLE Online. These include service providers for the hosting of the databases, the hosting of the application and the e-learning. For IT security reasons, however, we do not wish to publicly name all our IT service providers here. Of course, you can obtain a list of all the service providers we work with at any time on request. You can request this - if you take note of this information as an employee of an existing client - from your employer or client.
Where necessary, we have concluded a contract processing agreement with all service providers in accordance with Article 28 of the GDPR. With those service providers who carry out data processing in so-called unsafe third countries such as the USA, standard contract clauses have been concluded in accordance with Article 46 (2) c) of the GDPR and further guarantees for the protection of personal data have been assured, such as processing in accordance with the principles of the Privacy Shield.
Your personal data will only be passed on or transferred to state institutions entitled to receive information within the scope of the statutory duty to provide information or if we are obliged to provide information by a court decision.
The IP address is stored for 4 weeks in order to be able to analyse and defend against possible attacks on the site.
Persistent cookies are automatically deleted after a predefined duration, which may differ depending on the cookie. You can view the duration of storage in your browser settings in the cookies section. You can also delete the cookies yourself at any time via your browser settings.
If you contact us via the contact form or e-mail, we check at the end of each year whether further storage is necessary or whether there are storage obligations for the e-mails (we also receive enquiries via the contact form as e-mails). Depending on this, the data will then be stored or deleted.
Account data of customers and employees will be deleted after 3 years following termination of the contractual relationship. The period begins with the end of the calendar year in which the respective data was collected.
After complete processing of the contract or deletion of the customer account, the personal data will be blocked with regard to tax and commercial law retention periods and deleted after 10 years. The period begins with the end of the year in which the last purchase was made and the invoice was issued.
As a data subject, you have the following rights vis-à-vis ChemServe GmbH as the data controller:
You have the right to request information regarding the data we process about you.
You can object to the processing of your data at any time, insofar as the requirements of Art. 21 GDPR are met, and revoke any consent to the processing of the data given in addition at any time. If the consent to data processing is revoked or the use of the data is objected to, this does not affect the lawfulness of the data processing until the time of the revocation or objection.
Furthermore, you can have the data processed by us corrected, restricted or deleted at any time. We expressly point out that there may be legal obligations - such as retention obligations - to continue to store data. In this case, the data can only be restricted. This means that the data will only be processed for the purpose of complying with the legal obligations and will not be used for any other purpose.
In addition, you also have the right to data portability in accordance with Art. 20 GDPR and the right to complain to a supervisory authority in accordance with Art. 77 GDPR.
If you have any questions, please contact us at any time at firstname.lastname@example.org.
If you have reason to complain, you can contact a data protection supervisory authority at any time, e.g. also the data protection supervisory authority responsible for us, the „Unabhängige Landeszentrum für Datenschutz Schleswig-Holstein“ ‚ Schleswig-Holstein (PO Box 7116, 24171 Kiel).