Trocellen G.m.b.H., with registered office in 53840 Troisdorf, Mülheimer strasse 26, Germany, as data controller (hereinafter, “Data Controller”), informs you pursuant the EU Regulation no. 679/2016 (“GDPR”) and the applicable national Data Protection law that your personal data shall be processed according to the following modalities and for the following purposes:
1. Object of the Processing
The Data Controller processes identifying – non-sensitive – personal data (hereinafter “Data” or “Personal Data”) (particularly, name, surname, email address, phone number, IP address, etc.) communicated by you while browsing on the websites of the Data Controller www.trocellen.com (and its Business unit subdomains: www.insulation.trocellen.com, www.automotive.trocellen.com, www.adhesive-tapes.trocellen.com, www.sport-home-leisure.trocellen.com, www.progame.trocellen.com, www.footwear.trocellen.com, www.packaging.trocellen.com, www.business-solutions.trocellen.com, www.industrialfoams.trocellen.com etc.), www.trockpit.com, www.sapisfun.com, www.progame-shockpads.com, www.progame-tatami.com (hereinafter “Sites”) and/or in case of forwarding an online contact request to the Data Controller.
2. Purposes and legal basis of the Processing
Your Personal Data are processed, without your prior consent, for the following Contractual Purposes and legal bases:
- The execution of the contract or the fulfilment of pre-contractual obligations, in particular:
- conclude, execute and manage the contract, providing the services of the deriving from the commercial offer of the Data Controller and manage technical assistance, billing services, complaints and any disputes, sending service messages, data recovery, prevention of frauds and/or illegal activities;
- manage a contact request from you;
- manage and maintain the Sites.
- The pursuit of a legitimate interest of the Data Controller, in particular:
- prevent or discover fraudulent activities or harmful abuses for the Site;
- exercise the rights of the Data Controller, such as the right to defence in court;
- if you are already our client, we might send you commercial communications to the email address you provided us, relating product and services of the Data Controller which you have already used. Every sent email will allow you, by clicking on the specific link, to refuse further communications.
- The fulfilment by the Data Controller of legal obligations such as:
- compliance with the obligations established by laws, regulations or national and community legislation or imposed by the competent Authorities.
Your Personal Data are processed, only with your prior consent, for Marketing Purposes: inform you by means of regular letters or phone calls, emails, newsletter of the surveys, initiatives and commercial offers and research of the Data Controller.
3. Modalities of Data Processing
The processing of your Data is carried out, electronically, by means of data collection, registration, organization, storage, consultation, elaboration, amendment, selection, retrieval, confrontation, usage, interconnection, blockage, communication, cancellation and destruction operations.
4. Data Storage
The Data Controller shall process the Personal Data for a duration that is necessary to fulfil the above contractual and legitimate interest purposes and anyway for no longer than:
- 5 years after the end of the contractual relationship for contractual purposes;
- 2 years after the collection for Marketing Purposes;
5. Access to Data
Your Data may be made accessible for the purposes mentioned above to:
- employees and/or collaborators of the Data Controller and/or of Group companies, in light of their role of persons in charge of the processing and/or internal Data Processors and/or system administrators;
- third companies or other subjects (e.g., IT service providers, credit institutes, professional firms, etc.) carrying out outsourcing activities on behalf of the Data Controller and processing Data as external Data Processors.
6. Data Communication
Your Data may be communicated, even without your prior consent, upon their request, to control bodies, police or judiciary bodies, that will process them in their quality of independent Data Controllers for institutional purposes and/or pursuant to the law during investigations and controls. Moreover, your Data may be communicated to third parties (for example, partners, independent contractors, agents, etc.) that will process them as independent Data Controllers to carry out activities that are instrumental to the above purposes.
7. Data Transfer
Data are not disseminated but can be transferred for the purposes mentioned above to extra-EU countries, such as Malaysia and Japan. In order to guarantee an adequate level of Data Protection, the transfer will take place in light of the adequacy decisions approved by the European Commission or the adoption, by the Data Controller, of the Standard Contractual Clauses prepared by the European Commission.
8. Nature of the Data provision
The provision of Data for Contractual Purposes is mandatory: these Data are necessary in order to benefit of the services of the Data Controller and should you decide not to provide your Data, you will not be able to benefit of the services of the Data Controller.
The provision of Data for Marketing Purposes is voluntary and should you decide not to provide your Data, you will not be hindered in the use of such services of the Data Controller. If you decide not to provide your Data, however, you will not be able to receive our commercial communications any longer.
9. Data Subject’s Rights
The Data Controller informs you that you, as Data Subject, have the right to:
- obtain confirmation over the existence or inexistence of Personal Data relating you, even if not yet registered, and their communication in a comprehensible way;
- obtain the indication and, if necessary, the copy of the: a) source and category of the Personal Data; b) logic applied in case the processing is performed by means of electronic instruments; c) purposes and modalities of the processing; d) identification references of the Data Controller and the Data Processors; e) subjects or categories of subjects to whom Personal Data may be communicated or who may come to know, in particular if recipients are extra-EU countries or international organizations; e) period for which the Personal Data will be stored, or if that is not possible, the criteria used to determine that period; f) existence of an automated decision-making process and, in this case, information about the logic involved, the significance and consequences for the data subject; g) existence of adequate safeguards in case of transfer of Personal Data to an extra-EU country or international organization;
- obtain, without undue delay, the update, the rectification or, whether you are interested, the integration of incomplete Data;
- obtain the cancellation, the transformation into anonymous form or blocking of the Data: a) processed in breach of the law; b) no longer necessary in relation to the purposes for which the Data have been collected or subsequently processed; c) if you withdraw consent on which the processing is based and there is no other legal ground for the processing; d) if you object to the processing and there are no overriding legitimate grounds for the processing; e) in compliance with a legal obligation; f) referred to children. The Data Controller may refuse to erase them when the processing is necessary: a) to exercise the right of freedom of expression and information; b) in compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority; c) for reasons of public interest; d) to achieve purposes in the public interest, scientific or historical research purposes or statistical purposes; e) for making legal claims;
- obtain the restriction of processing when: a) the accuracy of the Personal Data is contested; b) the processing is unlawful and the data subject opposes the erasure of the Personal Data; c) Data are required by you for your exercising of legal claims; d) pending verification whether the legitimate grounds of the controller override those of the data subject;
- receive the Personal Data concerning you in a structured, commonly used and machine-readable format and transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is carried out by automated means;
- oppose, in whole or in part: a) for lawful grounds to the processing of Personal Data regarding you, even if pertaining the purpose of Data collection; b) to the processing of Personal Data that relates to you for the purpose of sending advertising material or of direct sale or for market researches or commercial communication, by means of automated call systems without the intervention of an operator, e-mail and/or traditional marketing methods by telephone and/or paper mail.
- submit a data protection complaint to the competent supervisory authority.
In the cases mentioned above, if necessary, the Data Controller shall communicate any exercise of your rights to each third party to whom the Personal Data are communicated, except for specific cases (for example, if this proves impossible or involves disproportionate effort).
10. Modalities of Exercise of Rights
You shall be able to exercise your rights anytime:
- by sending a registered letter with return receipt to the address of the Data Controller;
- by sending an email to firstname.lastname@example.org;
- by calling the following phone number: +49 2241 25 49 450.
11. Data Controller, Data Processor and Persons in Charge of the Processing
The Data Controller is Trocellen G.m.b.H.
The appointed Data Protection Officer is:
- Detlef Großmann
- Address and phone number: +49 2241 25 49 450.
The updated list of Data Processors is kept at the office of the Data Controller in 53840 Troisdorf, Mülheimer strasse 26, Germany.