Privacy Statement

Privacy Policy

Status: May 2018

Franz Ziener GmbH & Co. KG respects your privacy and takes the protection of your data very seriously - we therefore of course follow the legal regulations on data protection. This Privacy Policy contains information about our data privacy provisions and measures, and the choices you can make regarding the way your information is collected online and how that information is used. You can easily access this statement on our home page as well as in the footer of each subpage.

I. Name and address of the controller and the Data Protection Officer
1. The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
Franz Ziener GmbH & Co. KG, Schwedengasse 5 , D-82487 Oberammergau, Tel: +49 8822 9206-0, E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it., Website: www.ziener.de
2. The controller’s Data Protection Officer is: Mrs Beate Fiedler, fiedler-IT, Bernbeurener Straße 10, 86956 Schongau, Germany, Tel +49 (0)8861 9108424, This email address is being protected from spambots. You need JavaScript enabled to view it.


II. Extent of personal data processing

1. Website delivery and creation of log files
When you visit our website to obtain information, data and information are automatically transmitted from your browser to our server.

Data and purpose of processing:
The following data is collected for the following purposes:
(1) Information about the browser type, the version used as well as the language and version of the browser software: for analysis purposes to ensure an optimised display of our web pages
(2) The operating system and its interface: for analysis purposes to ensure an optimised presentation of our web pages
(3) The internet service provider: for analysis purposes to ensure an optimised presentation of our web pages
(4) The IP address to display our website when accessed
(5) Date and time of the request as well as time zone difference to GMT, content of the request, access status, amount of data transferred, in order to be able to ensure our content’s proper operation
(6) Website from which the request comes
(7) Clickstream data (that is, the pages you have visited, the links you clicked, and other actions related to the ZIENER websites) and product information.

Legal basis
The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f GDPR. We collect this data in order to be able to display the website to you and to ensure the security of our information technology systems. The collection of this data is necessary for the operation of our website.

Storage period
All data mentioned above will be deleted when you finish the respective session on our website.

Possibility of objection and removal
The collection of data for the provision of the ZIENER website and the storage of the data in log files is absolutely essential for the operation of the ZIENER website. There is consequently no possibility of objection.

2. Registration as a customer
You can create a customer account on the ZIENER website.

Data and purpose of processing
If you register as a customer, we collect data through a registration form that you fill out. This includes the following data: your name, your address including e-mail, telephone and fax numbers, details on your desired method of payment and your respective order information. This data is used to register you as a customer with ZIENER and to be able to use this account for purchases.

You also set your username and a personal password. Your username and your personal password ensure that only you have access to your profile. The customer receives a password once for the online shop, then the customer changes this password and this cannot then be viewed by us. This data is used only to log in.

When the registration form is sent, the following data is also saved:
Your IP address, date and time of login.

The processing of the personal data from the entry form serves solely to allow us to process the customer registration.
The other personal data processed during the sending process serves to prevent misuse of the registration and to ensure the security of our information technology systems.
In this context, there is no disclosure of the data to third parties. The data is used exclusively to process the registration.

Legal basis for data processing
In this context, the legal basis for the collection and transmission of data is Art. 6 (1) lit. b GDPR.

Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. This is the case if you are no longer saved as a customer at ZIENER (for example, due to your deregistration). This does not apply if you have made further transactions such as orders and your data is needed for this transaction. In this case, the respective transaction’s terms apply.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

Possibility of objection and removal
If you have registered with us as a customer, you can object to the storage of your personal data at any time. In such a case, you will no longer be saved as a customer with us. All personal data stored in the course of contacting you will be deleted in this case. This does not apply if you have made further transactions such as orders. In this case, the respective transaction’s terms apply.

3. Ordering products and services
If you are logged in as a customer on the ZIENER dealer website, you can order products and services.

Data and purpose of processing
If you order products or services from us, we ask for the personal information required to carry out these transactions. This information includes your name, address, phone number and e-mail address, financial information, and other unique information such as user IDs and passwords, billing and transaction information, your product and service preferences, and preferred method of contact.

At the time of sending the order form, the following data is also saved:
Your IP address, date and time of order.

The dealer shop is set up on our website for ZIENER dealers. In this case, we store your order data as part of the order history and send you the order data by e-mail.

The processing of the personal data from the entry form serves only to allow us to process your order.
The other personal data processed during the sending process serves to prevent misuse of the registration and to ensure the security of our information technology systems.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for the processing of the order.

Transfer of the data
To process the payment transaction, we pass your payment data to our bank.

Legal basis for data processing
In this context, the legal basis for the collection and transmission of data is Art. 6 (1) lit. b GDPR.

Duration of storage
Due to commercial and tax regulations, we are obliged to save your address, payment and order data for a period of ten years.

Possibility of objection and removal
The collection and storage of data is mandatory for order processing. There is consequently no possibility of objection on the part of the user.

Orders by other means
Clause 3 also applies if you place orders by other means (e.g. by fax, post). The date and time of your order are still stored, but not your IP address.

4. Blog comments
You can make public comments on our blog, where we publish various articles on relevant and current topics.

Data and purpose of processing:
When you submit a comment, it will be posted on the relevant article and display the username specified by you. Disclosing your website is voluntary. When you leave a comment, we store your e-mail and IP address internally.

The storage is necessary for us to be able to defend ourselves against liability claims in cases of possible publication of illegal content. We need your e-mail address in order to contact you if a third party objects to your comment as unlawful.

Legal basis for data processing
The legal basis for the publication of the comment is Art. 6 (1) lit. b and f GDPR.

Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For published comments, this happens when the blog entry in question is deleted. Comments will not be reviewed prior to publication. However, we check them randomly and can delete them if they contain illegal content.

The IP address remains stored as long as the comment is in the system. The IP address is not deleted until the comment is deleted. This is because we may be liable for the publication of illegal content.

Possibility of objection and removal
If your comment is published, you can object to its publication or storage at any time.

5. Contact form and e-mail contact
A contact form is available on the ZIENER website which can be used for electronic contact. If a user uses this option, the data entered in the entry form will be transmitted to us and stored.

Data and purpose of processing:
The following data is collected and transmitted to us: your name, e-mail address, subject and message.

At the time of sending the message, the following data is also stored: your IP address, date and time the message was sent.

Alternatively, contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.

The processing of the personal data from the entry form serves only to allow us to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.
The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.

Legal basis for data processing
The legal basis for collecting and transmitting a contact request is Art. 6 (1) lit. b GDPR.

Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For personal data from the contact form’s entry fields or transmitted by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the situation concerned has been finally clarified.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

Possibility of objection and removal
If the user contacts us by e-mail, he or she may object to the storage of their personal data at any time. In such a case, the conversation cannot continue. All personal data stored in the course of contacting you will be deleted in this case.

6. Prize draws
You can take part in a prize draw on the ZIENER website. In this case, the data entered in the entry form will be transmitted to us and stored.

Data and purpose of processing:
The following data is collected and transmitted to us: your first and last name, your e-mail address, code.

At the time of sending the message, the following data is also stored: your IP address, date and time the entry was sent.

The processing of this personal data from the entry form serves only to enable us to carry out the prize draw. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
In this context, there is no disclosure of the data to third parties. The data will be used exclusively for the processing of the prize draw.

Legal basis for data processing
The legal basis for processing personal data in the context of the prize draw is Art. 6 (1) lit. b GDPR.

Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the prize draw, this is the case when the respective prize draw is over and no judicial claims can be asserted from the prize draw any longer. The data will be deleted after three years. The period begins at the end of the year in which the claim arose.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

Possibility of objection and removal
The collection and storage of the data is absolutely necessary for the prize draw. There is consequently no possibility of objection on the part of the user.

7. Applications to ZIENER
On the ZIENER website there is an e-mail address which can be used for sending electronic job applications. We point out that e-mails sent unencrypted are not access-protected. Alternatively you can send an application to us by post.

Data and purpose of processing:
You can send the following data to us: your name, contact details, application documents such as CV and cover letter.

We will only use your information to process your application and will not pass it on to third parties.

Legal basis for data processing
The legal basis for processing your application documents is Art. 6 (1) lit. b GDPR.

Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. We will delete your application 6 months after completion of the application process. Should an employment relationship enter into force, your application data will then be stored in regards to the employment relationship if necessary.

Possibility of objection and removal
The collection and storage of the data is absolutely necessary for handling the application. There is consequently no possibility of objection on the part of the user.

8. Use of cookies
Our website uses cookies. Cookies are text files which are stored in the Internet browser or by the internet browser on user’s the computer system. If a user visits a website, the cookie can be stored on the user’s operating system. This cookie contains a significant character string that enables a clear identification of the browser when the website is visited again.

8.1 Technically essential cookies
We use cookies to ensure that our ZIENER-Website is user-friendly. Some elements of our internet page require that the visiting browser can be identified even after a page change.

Legal basis
The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f GDPR.

Storage time
Cookies are stored on your computer und transmitted to us by this. Therefore, you as a user have full control over the use of cookies. By changing the settings in your Internet browser, you are able to disable or limit the transmission of cookies. Already stored cookies can be deleted at all times. This can also be done automatically. If cookies are disabled for our website, not all functions of our ZIENER-Website may be used fully.

Possibility of objection and removal
Without these cookies it is impossible to use all functions of the ZEINER-Websites such as the basket. Thereby there is no possibility of objection. You can disable the cookie in the settings of the respective browser.

8.2 Technically unessential cookies
Furthermore, we use cookies on our website, which enable an analysis of the user’s surfing habit.
Thus, the following data can be transmitted:

Data and purpose of processing:
(1) Keywords entered
(2) Frequency of page visits
(3) Use of website functions

The use of the analysis-cookies takes place for the purpose of improving the quality of our website and its contents. By using the analysis-cookies, we learn how the ZIENER-Website is used and thus, we are able to constantly optimise our offer.

The users’ data collected in such a manner is pseudonymised by technical measures. Therefore, an association of the data with the user visiting is not possible anymore. The data is not stored together with other personal data of the user. When visiting our website, users are informed of the use of cookies for analysis purposes through info banners and a reference is made to this data protection statement. In this context, a reference is made as to how the storage of cookies can be disabled in the browser settings.

Legal basis
We collect and process data by virtue of your consent pursuant to Art. 6 (1) lit. a GDPR.

Storage time
The data is used until you have revoked your consent.
Cookies are stored on the user’s computer und transmitted to our website by this. Therefore, you as a user have full control over the use of cookies. By changing the settings in your Internet browser, you are able to disable or limit the transmission of cookies. Already stored cookies can be deleted at all times.

Possibility of objection and removal
You can revoke your consent at all times. By changing the settings in your Internet browser, you are able to disable or limit the transmission of cookies as well as delete stored cookies.

8.3 Google Analytics
The website used Google Analytics, a web analysis service of Google Inc. („Google“), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which operates as a processor for us. 
Google Analytics uses so-called "Cookies", text data that are stored on your computer and that allow an analysis of website use. The information generated by the cookies about your use of the website is generally sent to a Google server in the USA and stored there.

The following data is processed:
• Browser-Typ/-Version: aggregated usage analysis as well as optimisation of the website and adaptation of contents
• operating system used: aggregated usage analysis as well as optimisation of the website and adaptation of contents
• Referrer URL (the previously visited website);
• IP-Address, which is anonymised
• Time of server request.

The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data. Moreover, we have extended Google Analytics by the code “anonymize IP’’ on this website. This guarantees the masking of your IP-address so that all data can be collected anonymously. During the IP anonymisation, Google will truncate your IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services relating to website use and Internet use to the operator of the website.
These purposes are in our legitimate interest of data processing. The legal basis for the use of Google Analytics is provided by Art. 6 (1) lit. f GDPR. For the exceptional cases in which personal data is transferred to the USA, Google has committed to the EU-US Privacy Shield.

After a certain time period, visits and campaigns will be closed. By default,visits will be closed after 30 minuted without activity by and campaigns after six months. The time limit for campaigns can be a maximum of two years. For more information on Google Analytics' Terms of Use and Privacy Policy, please visit http://www.google.com/analytics/terms/gb.html  or https://policies.google.com/
You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use this website’s full functionality.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout. Alternatively to the Browser-Add-On, especially in regards to browsers on mobile devices, you can also prevent the collection by Google Analytics by pressing this link An Opt-Out-Cookie is set, which prevents future collection of your data while visiting this website. The Opt-Out-Cookie applies for this browser only and only for our website and will be stored on your device. If you delete the cookies in this browser, you must set the Opt-Out-Cookie again [Note: Details about the integration of the Opt-Out-Cookie can be found under: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable].
We also use Google Analytics to evaluate data from Double-Click-Cookies as well as AdWords for statistical purposes. If you do not wish this, you can disable it through the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=de).
Further information on the data protection in connection with Google Analytics can be found in the Google Analytics-Help (https://support.google.com/analytics/answer/6004245?hl=de).

8.4 Web-Beacons
ZIENER uses web-beacons on their websites as well as in email newsletters in HTML-Format individually or in connection with cookies, in order to collect information about your usage of the website or your interaction with the email. A web-beacon is an invisible electronic picture that is also known as one-pixel-GIF or empty GIF. Web-beacons can identify certain types of information on your computer such as cookies, time and date of a page visit and the description of the page on which the web-beacon can be found. The beacons are allocated to your e-mail address and linked to an individual ID.

Legal basis
We collect and process data by virtue of your consent pursuant to Art. 6 (1) lit. a GDPR.

Storage time
The information is stored for the duration of your subscription of the newsletter. The data is used until you have revoked your consent.

Possibility of objection and removal
You can revoke this tracking at all times by clicking the separate link in each e-mail or by contacting us via a different contact route.
Furthermore, you can possibly deactivate web-beacons in email messages by not downloading embedded pictures; this function depends on the email-software used on your computer. Due to the operating modes of specific email-software it is not always possible to deactivate a web-beacon or other tools for the automatic data collection in the e-mail message. Further information can be found in the corresponding information of your email software or your internet provider.

8.5 Retargeting Technology
This website uses retargeting-technology on the internet. This enables us to specifically address those internet users that are already interested in our shop and our products on the websites of our partners. Studies have shown that the insertion of personalised, interest-related advertisement is more interesting to the internet user than advertisement that does not have such a personal connection. The insertion of advertisement of the retargeting takes place on the basis of a cookie-based analysis of previous user behaviour. Of course, no personalised data is stored on this occasion either and of course, the retargeting-technology is used in compliance with the applicable data protection provisions.

Legal basis
We collect and process data by virtue of your consent pursuant to Art. 6 (1) lit. a GDPR.

Storage time
The data is used until you have revoked your consent.
Cookies are stored on the computer of the use and are transmitted to our website by it. Therefore, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you are able to disable or limit the transmission of cookies. Already stored cookies can be deleted at all times.

Possibility of objection and removal
You can revoke your consent at all times. By changing the settings in your Internet browser, you are able to disable or limit the transmission of cookies as well as delete stored cookies.

9. Newsletter
You can subscribe to our free newsletter on our website. In the process, data from the input mask is transmitted during the subscription to our newsletter. Furthermore, you can receive our newsletter if you have purchased a product or service from us.

Data and purpose of processing
We need your email address to sent our newsletter to you. This will only be used for the provision of news and information regarding our products.

Moreover, the following data is collected when registering: IP-address of the calling computer as well as date and time.

We seek your consent for processing the data within the registration process and refer to this data protection declaration.

No disclosure of data to third parties will take place in connection with the data processing for sending newsletters. The collection of the user’s email address serves only to sent newsletters. The collection of other personalised data within the registration process serves to prevent misuse of the services or the email address used and to prove the “Double-Opt-In’’ process.

Legal basis for data processing
Legal basis for the processing of data after subscription to the newsletter by the user is the presence of the user’s consent Art. 6 (1) lit. a GDPR. If you have purchased a product or service from us, we will use your email address for the advertisement of our own or similar products or services. In this case the processing is based on § 7 Abs. 3 UWG

Duration of storage
The user’s e-mail address will be stored as long as the subscription to the newsletter is active.
All other personalised data collected within the registration process are generally deleted after a period of three years after last usage of the email sending. The period starts with the end of the year in which the user will not receive the newsletter anymore (i.e. as of the revocation of consent).

Transmission to the service provider
For the sending of the newsletter, we use the external service provider Cleverreach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede to process your data. These have been carefully selected and commissioned in writing by us. He is bound by our directives and is regularly monitored by us. The service provider will not disclose your data to any third parties. The information collected in this way is stored by the newsletter provider (CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede) on computer centres exclusively in the European region.

Possibility of objection and removal
You can cancel or revoke the subscription to the newsletter at all times. For this purpose, there is a corresponding link in each newsletter.

10. Disclosure of data
Your personal data will not be disclosed to third parties for any other than the following purposes:

(1) If you have given clear consent or
(2) if the transmission of data is essential for the assertion, exertion or defence of legal claims and if there is no reason to believe that you have a predominantly interest worthy protecting that your data we will not disclose your data to third parties or
(3) in the event that we are legally obliged to transmission of the data or
(4) if the transmission is permitted by law and essential for the processing of a contractual relationship.

11. Rights of the person affected
Rights of the person affected
If your personalised data is processed, you are the person affected in accordance with GDPR and you have the following rights vis-à-vis the controller:

1. Right of access
You can request confirmation from the controller as to whether personal data concerning you is processed by us.
If such processing exists, you can request information from the controller about the following information:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been disclosed or is still being disclosed;
(4) the planned storage period for personal data concerning you or, if specific information is not available, criteria for determining the storage period;
(5) the existence of a right to rectification or deletion of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making including profiling according to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether personal data concerning you will be transmitted to a third country or an international organisation. In this context, you can request information about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller, if the personal data processed about you is incorrect or incomplete. The controller must make the correction without delay.

Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
(1) if you contest the accuracy of personal data concerning you for a period of time that enables the controller to verify the accuracy of your personal information;
(2) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
(3) the controller no longer requires the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
(4) if you object to the processing in accordance with Art. 21 (1) GDPR and it is not yet certain whether the controller’s legitimate reasons outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used – aside from its storage – with your consent or for the purpose of asserting, exercising or defending legal claims or to protect the rights of another natural or legal person or on the grounds of the Union’s or a Member State’s important public interest.
If the processing has been restricted according to the above-named prerequisites, you will be informed by the controller before the restriction is lifted.

Right to deletion
a) Deletion obligation
You can request that the controller deletes personal data concerning you without delay, and the controller is required to delete that information immediately so long as one of the following is true:
(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You revoke your consent on which the processing was based in accordance with Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR and there is no other legal basis for its processing.
(3) You object to the processing in accordance with Art. 21 (1) GDPR and there are no other overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR.
(4) The personal data concerning you has been processed unlawfully.
(5) The deletion of personal data concerning you is required to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6)  Your personal data has been collected in relation to information society services provided in accordance with Art. 8 (1) GDPR.
Information to third parties
If the controller has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 (1) GDPR, he or she shall take appropriate measures, including those of a technical nature, to inform controllers processing the personal data that you, as the data subject, have requested that they delete all links to this personal data and copies or replications of such personal data, taking into account available technology and implementation costs.
Exceptions
The right to deletion does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation which requires the processing according to the law of the Union or of the Member States to which the controller is subject, or to carry out a task in the public interest or in the exercise of official authority conferred on the controller;
(3) for reasons of public interest in the field of public health, in accordance with Art. 9 (2) lit. h und i as well as Art. 9 (3) GDPR;
(4) for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, to the extent that the right referred to in section (a) is likely to render impossible or seriously prejudice the achievement of this processing’s objectives, or
(5) to assert, exercise or defend legal claims.

Right to information
If you have the right to rectification, deletion or restriction of processing vis-à-vis the controller, he or she is obliged to notify all recipients to whom personal data concerning you has been disclosed of this correction or deletion of the data or restriction of its processing, unless this proves to be impossible or involves a disproportionate effort.
You have a right to be informed about these recipients by the controller.

Right to data portability
You have the right to receive personal information concerning you, which you provided to the controller, in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance from the controller who provided the personal data, provided that
(1) the processing is based on a consent in accordance with Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract in accordance with Art. 6 (1) lit. b GDPR and
(2) the processing is done using automated procedures.
In exercising this right, you also have the right to obtain the direct transmission of personal data concerning you from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred upon the controller.

Right to object
You have the right at any time, for reasons that arise from your particular situation, to object to the processing of personal data concerning you on the basis of Art. 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.

Right to revoke the declaration of consent according to data privacy law
You have the right to revoke your declaration of consent according to data privacy law at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation.

Automated decision on an individual basis including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will legally or in other ways significantly affect you. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the controller,
(2) is permissible on the basis of Union or Member State legislation to which the controller is subject, and that legislation contains adequate measures to safeguard your rights and freedoms as well as your legitimate interests, or
(3) is made with your express consent.
However, these decisions must not apply to specific categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g applies and reasonable measures have been taken to protect rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to uphold the rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention, to express their point of view, and to challenge the decision.

Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, particularly in the Member State of your residence, place of work or the place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy according to Art. 78 GDPR.

12. Links to third-party websites
The ZIENER website may contain links to third-party websites so you can quickly access more information or other relevant websites. By clicking on these links you leave the ZIENER website. ZIENER has no control over these websites or their privacy practices, which may differ from ZIENER’s practices. By linking to third-party websites, ZIENER does not endorse or support any content contained therein. Personal data that you provide to these third-party providers or that is collected by them is not covered by ZIENER’s privacy policy. You should therefore read each company’s privacy policy before disclosing personal information to them.

13. Security
In order to prevent unauthorised access to or disclosure of your data, to preserve the integrity of the data and to ensure the appropriate use of the data, ZIENER uses appropriate physical, technical and administrative procedures to protect the information collected by ZIENER. On all websites where personal information is provided, e.g. in the "Shopping basket” and "My account" areas, we use the industry-standard SSL (Secure Sockets Layer) to encrypt your data. SSL encryption distorts your data before transferring it to our server so that it cannot be reconstructed by third parties. In this way, the confidentiality of your information and payment data is guaranteed for transactions over the internet. We urge you to take all possible precautions to protect your data on the internet. Make a habit of changing your password frequently. We recommend using a combination of letters and numbers for the password, and making sure you're using a secure, SSL-enabled browser to surf the internet. If possible, please log out completely after using any computer that you do not have exclusive use of, and do not make your password available to third parties.

14. Changes to the privacy policy
In the event of changes to this privacy policy, we will post the amended policy with the current revision date here. If we make any major changes to this policy, we may also inform you by other means, such as by e-mail or by posting a notice on our home page.