I. Name and address of responsible party
(hereinafter referred to as “the controller”)
The controller in accordance with the General Data Protection Regulation (GDPR) and other national data protection and privacy laws of the EU member states as well as other statutory data protection provisions is:
TGE Marine Gas Engineering GmbH
II. Name and address of the data protection officer
The data protection officer of the controller is:
S&L ITcompliance GmbH
III. General information on data processing
TGE Marine Gas Engineering GmbH, represented by its managing directors Dr. Klaus-Dieter Gerdsmeyer (CEO), Ulrich Menninghaus and Steffen Schober, Mildred-Scheel-Str. 1, VAT identification number as per § 27 a Umsatzsteuergesetz (German Value added tax law): DE154078237, Commerical register: Amtsgericht Bonn HRB 6110, Tel.: +49(0)228-502180, Fax: +49-(0)288-50218-880, E-mail: info(at)tge-marine.com (hereinafter referred to as: TGE Marine), is responsible for the contents of the website www.tge-marine.com.
As far as TGE Marine acquires, stores and processes data, the relevant regulations of the German Federal Data Protection Act (Bundesdatenschutzgesetz/BDSG) and the German Telemedia Act (Telemediengesetz/TMG) are considered.
1. Website services
a) Use of Google Maps
This website uses Google Maps API, a web mapping service of Google Inc. (“Google”), to display an interactive map and for purposes of creating a route map. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
b) Objection to promotional e-mails
We hereby expressly reject the use of contact information published in the context of website legal notice requirements with regard to sending promotional and information material that is not expressly requested. The operators of this website reserve the right to take specific legal action in the event of unsolicited advertising and promotional information, for instance spam e-mails, being received.
2. Scope of processing personal data
In principle, we collect, process and use personal information of our users only insofar as this is required for ensuring a properly functioning website and for the provision of our contents and services. The processing and use of the personal information of our users is subject to the consent of our users which is requested in advance at regular intervals. An exception may be made in cases in which it is not possible to obtain such consent beforehand for practical reasons and the processing of data is permitted by statutory provisions.
3. Legal basis for processing personal data
Article 6, paragraph 1, point (a) of the EU General Data Protection Regulation (EU GDPR) constitutes the legal basis for processing personal data, insofar as TGE Marine has obtained the prior consent of the relevant data subject.
Article 6, paragraph 1, point (b) of the EU GDPR constitutes the legal basis for processing personal data if processing is necessary for the performance of a contract to which the data subject is party. This shall also apply to procedures that are to be implemented prior to entering into a contract.
Article 6, paragraph 1, point © of the EU GDPR constitutes the legal basis for processing personal data if processing is necessary for compliance with a legal obligation to which the controller, i.e. TGE Marine, is subject.
Article 6, paragraph 1, point (d) of the EU GDPR constitutes the legal basis for processing personal data if processing is necessary in order to protect the vital interests of the data subject or of another natural person.
Article 6, paragraph 1, point (f) of the EU GDPR constitutes the legal basis for processing personal data if processing is necessary for the purposes of the legitimate interests pursued by TGE Marine or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
4. Data erasure and retention period
The personal data of the data subject are erased or blocked once such data are no longer required for the purposes for which they were stored. Data may be stored for a longer period if this has been stipulated by EU or EU member state legislation in directives, laws or other provisions that apply to the controller. Unless the relevant data needs to be retained for a longer period for purposes of conclusion or fulfilment of a contract, said data may be blocked or erased upon expiry of the retention period specified in accordance with the aforementioned regulations.
IV. Provision and availability of the website and creation of log files
1. Description and scope of data processing
Every time a user visits our website, our system automatically collects data from the calling computer.
In this context, the following data is collected:
(1) Information about the browser type and version used
(2) The user's operating system
(3) The user's IP address
(4) Date and time of access
(5) Websites from which the user's system accesses our website
(6) Websites accessed by the user's system via our website
Such data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
Article 6, paragraph 1, point (f) of the EU GDPR constitutes the legal basis for processing data and for log files.
3. Purpose of data processing
The temporary storage of the IP address by our system is necessary to allow the contents of our website to be transmitted and made available to the user's computer. To this effect, the user's IP address must be stored for the duration of the session.
The data are stored in log files to ensure proper functioning of our website. Furthermore, such data help us to optimise our website and ensure the security of our IT systems. In this regard, the data is not analysed for marketing purposes.
Article 6, paragraph 1, point (f) of the EU GDPR constitutes the legal basis for processing personal data in this context, as such processing is necessary for the purposes of the legitimate interests pursued by TGE Marine.
4. Storage and retention period
The data are deleted as soon as they are no longer required for achieving the purpose for which they were collected. As far as the collection of data for making our website available is concerned, such data is deleted at the end of each session.
Data which are stored in log files, are deleted after seven (7) days at the latest. It is possible to retain the data for a longer period. In such cases, the IP addresses of the users are deleted or alienated so that it is no longer possible to identify the client computer.
5. Entitlement to raise an objection and removal of log files
Collecting the relevant data for making the website available and saving such data in log files is essential for the proper operation of the website. Users are therefore not entitled to raise an objection in this regard.
VI. Rights of the data subject
In accordance with the EU GDPR, you are a data subject if personal data pertaining to you is being processed. Vis-à-vis the controller, you, the data subject, are entitled to the following rights:
1. Right to information
The data subject shall have the right to request the controller to confirm whether and to what extent his or her personal data are processed by us.
If the data subject's personal data is being processed, the data subject is entitled to ask the controller to provide him or her information about:
(1) the intended purposes for which the data subject's personal data is being collected and processed;
(2) the categories of personal data being processed;
(3) the recipients and/or categories of recipients to whom the data subject's personal data has been or will be disclosed;
(4) the planned period for storing the data subject's personal data or, if no specific information can be provided, the criteria for determining the retention period;
(5) whether the data subject is entitled to have his or her personal data rectified or deleted, whether the data subject is entitled to limit processing of his or her personal data by the controller or whether the data subject is entitled to object to such processing;
(6) whether the data subject is entitled to lodge a complaint with a supervisory authority;
(7) all available information on the origin of the data, if the personal data has not been obtained from the data subject, i.e. directly from you;
(8) whether there is an automated decision-making process, including profiling as per Article 22, paragraphs 1 and 4, of the EU GDPR and – at least in these cases – significant information about the logic involved and the scope and envisaged consequences of such processing for the data subject.
Furthermore, the data subject has the right to request information on whether his or her personal data are being transferred to a third country or an international organisation. In this connection, the data subject is entitled to request information on the appropriate safeguards in accordance with Article 46 of the EU GDPR.
2. Right to rectification
Insofar as the processed personal data is incorrect, incomplete or not updated, the data subject has the right to request the controller to rectify and/or complete the data subject's personal data. The controller is obliged to comply with this request without undue delay.
3. Right to restrict processing
Under the following circumstances, the data subject has the right to request that the processing of his or her personal data is restricted:
(1) The data subject considers that the information is inaccurate and has informed the controller. Processing may be restricted for a period of time to give the controller the opportunity to verify the accuracy of the data subject's personal data;
(2) The data subject believes that the processing of his or her personal data is unlawful but the data subject does not wish to have his or her data erased and instead requests that the use of such data is restricted;
(3) The data subject wishes the controller to retain data that it would otherwise intend to delete in order that the data subject can use it for the establishment, exercise or defence of legal claims; or
(4) The data subject has filed an objection in accordance with Article 21, paragraph 1 of the EU GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh the data subject's reasons.
If the processing of the data subject's personal data has been restricted, such data – apart from being stored – may only be processed with the data subject's express consent or for establishing, exercising or defending legal claims, or for protecting the rights and freedoms of other natural persons or legal entities, or when justified on the grounds of serving an important public interest of the European Union or a member state.
If processing has been restricted under the above-mentioned circumstances, the data subject must be informed by the controller thereof before such restriction is lifted.
4. Right to erasure (also known as “Right to be forgotten”)
a) Obligation to delete data
The data subject is entitled to request the controller to delete his or her personal data without delay and the controller is obliged to comply with this request and delete such data without undue delay in the following circumstances:
(1) The data subject's personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) The data subject withdraws his or her consent for processing their personal data pursuant to Article 6, paragraph 1, point (a), or Article 9, paragraph 2, point (a), of the EU GDPR and there are no other legal grounds to substantiate the processing of the data subject's personal data.
(3) The data subject files an objection in accordance with Article 21, paragraph 1, of the EU GDPR against the processing of his or her personal data and there are no overriding legitimate grounds for processing such data, or the data subject files an objection against the processing of his or her data in accordance with Article 21, paragraph 1, of the EU GDPR.
(4) The data subject's personal data was processed unlawfully.
(5) The controller is required to delete the data subject's personal data in compliance with a legal obligation under the laws of the European Union or its member states to which the controller is subject.
(6) The data subject's personal data was collected and processed in relation to information society services in accordance with Article 8, paragraph 1, of the EU GDPR.
b) Information to third parties
If the controller has made the data subject's personal data public and is obliged to erase it in accordance with Article 17, paragraph 1, of the EU GDPR, said controller, taking account of the available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers who are processing the data subject's personal data that the data subject has requested the erasure by such controllers of any links to, or copies or replication of such personal data.
The right to erasure shall not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing in accordance with the laws of the European Union or a member state to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9, paragraph 2, points (h) and (i), and Article 9, paragraph 3, of the EU GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89, paragraph 1, of the EU GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to notification
If the data subject has exercised the right to have his or her personal data rectified, erased or the processing thereof restricted by the controller, said controller is – unless this involves a disproportionate effort or costs – obliged to inform all recipients to whom the data subject's personal data has been disclosed of the rectification, erasure or processing restriction.
The data subject has the right to be informed about said recipients by the controller.
6. Right to data portability
The data subject has the right to receive the personal data provided to the controller in a structured, commonly used and machine-readable format. Furthermore, the data subject has the right to transmit those data to another controller without hindrance from the controller to which the data subject has provided the personal data, where:
(1) the processing is based on consent pursuant to Article 6, paragraph 1, point (a), or Article 9, paragraph 2, point (a) of the EU GDPR, or the processing is based on a contract pursuant to Article 6, paragraph 1, point (b) of the EU GDPR, and
(2) the processing is carried out by automated means.
In exercising this right, the data subject also has the right to have the personal data transmitted directly from one controller to another, where technically feasible. The exercising of this right shall be without prejudice to the rights and freedoms of other persons.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6, paragraph 1, points (e) or (f) of the EU GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
8. Right to withdraw consent
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
This shall not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between the data subject and the controller;
(2) is authorised by the laws of the European Union or its member states to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
(3) is based on the data subject's explicit consent.
These decisions referred to above shall, however, not be based on special categories of personal data referred to in Article 9, paragraph 1 of the EU GDPR, unless point (a) or (g) of Article 9, paragraph 2, applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
In the cases referred to in sections (1) and (3) above, the controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this regulation of the EU GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the EU GDPR.