Welcome to the Website of Vertex GmbH. We appreciate your interest in our company. Protection of the personal data you entrust to us is a priority for us, and we want you to feel safe and secure when you visit our website or use our online offers.
It is important to us that you are fully informed about the personal data that we collect when you use our online offers and services, and are familiar with how we use them.
Wherever Vertex GmbH processes personal data, such processing is carried out for the purposes defined in this data privacy statement.
Managing Director: Dipl.-Kaufmann Christoph Grebe
Obere Waessere 3-7
Phone: +49 7121 62278-0
Types of data processed
Categories of data subjects
Visitors and users of the online offer (hereinafter referred to collectively as “users”).
Purpose of processing
Applicable legal bases
In accordance with Art. 13 DSGVO, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing in order to fulfil our services and carry out contractual measures as well as answer inquiries is Art. 6 para. 1 lit. b DSGVO, the legal basis for processing in order to fulfil our legal obligations is Art. 6 para. 1 lit. c DSGVO, and the legal basis for processing in order to safeguard our legitimate interests is Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.
We take appropriate technical and organizational measures to protect any personal data you provide to us from accidental or intentional manipulation, loss, destruction, or access by unauthorized parties. This also applies to any external services purchased. We verify the effectiveness of our data protection measures and continuously improve them in line with technological development. Any personal data entered are encrypted during transfer using a secure encryption process.
In particular, these measures include safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data as well as access to, inputting, forwarding, securing and separating the data. In addition, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data and the reaction to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 DSGVO).
Cooperation with processors and third parties
Insofar as we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, in accordance with Art. 6 Para. 1 lit. b DSGVO is necessary for the performance of the contract), if you have consented to this, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
We generally transfer your data to the relevant Vertex company where it is processed to deliver the service and support you requested.
This means that information may also be processed by other legal entities of the Vertex Group. However, such processing is limited to the extent required for the purposes defined in this data privacy statement or to which the other legal entity acting as a service provider / processor has to follow the instructions given by the controller.
These service providers / processors are bound by instructions. Given this, they are subject to our requirements, which include processing of your data exclusively in line with our instructions and in compliance with the applicable privacy laws.
Data transfer to the data processor is effected on the basis of Art. 28 (1) GDPR.
We will not sell your data to third parties or otherwise share them for commercial purposes.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of the use of third party services or disclosure or transfer of data to third parties, this will only occur if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
Zusammenarbeit mit Auftragsverarbeitern und Dritten
Rights of data subjects
You have the right to request confirmation as to whether the data in question will be processed and to obtain information about this data and further information and a copy of the data in accordance with Art. 15 DSGVO.
Pursuant to Art. 16 DSGVO, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
Pursuant to Art. 17 DSGVO, you have the right to demand that the data concerned be deleted immediately or, alternatively, to demand a restriction on the processing of the data pursuant to Art. 18 DSGVO.
You have the right to demand that the data concerning you which you have made available to us be received in accordance with Art. 20 DSGVO and that it be transferred to other responsible parties.
You have the right to object at any time under Art. 21 GDPR to processing of personal data concerning you which is based on Art 6 (1) lit. e or f GDPR, on grounds relating to your particular situation.
Pursuant to Art. 77 DSGVO, you also have the right to file a complaint with the competent supervisory authority.
Right of withdrawal
You have the right to revoke consents granted pursuant to Art. 7 para. 3 DSGVO with effect for the future.
Cookies and right to object to direct advertising
You may object at any time to the future processing of the data concerning you in accordance with Art. 21 DSGVO. In particular, you may object to the processing of your data for the purposes of direct marketing.
We may use temporary and permanent cookies and explain this in the context of our policy. In particular we use a live chat service provided by Livezilla GmbH. www.livezilla.net/home/de.
If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
Google Universal Analytics
This website uses Google Universal Analytics, a web analysis service offered by Google Inc. (“Google”). Google Universal Analytics uses ‘cookies,’ text files stored on your computer, to help us analyze how you use our website. The information generated by the cookie about your use of this website (including your IP address) is transferred to Google servers in the USA and saved there.
We have activated IP anonymization on this website, so that the IP address of users within EU Member States or other States party to the Agreement on the European Economic Area will be truncated by Google beforehand. Only in exceptional cases is the full IP address sent to Google servers in the USA and truncated there. On behalf of the website provider, Google will use this information for the purpose of analyzing your use of the website, compiling reports on website activity, and providing us with other services relating to website activity and internet usage. Google will not associate the IP address transmitted by your browser within the operations of Google Universal Analytics with any other data held by Google. You may prevent cookies from being installed by selecting the appropriate settings on your browser. However, please note that in this case you may not be able to use the full range of functions of this website. Furthermore, you can prevent Google from collecting and using the data regarding your use of the website generated by the cookies (including your IP address) by downloading and installing the browser plugin from the following link http://tools.google.com/dlpage/gaoptout?hl=de.
Embedding of social media plugins
Our website uses buttons for the following social Networks: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA; Instagram, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA.
The buttons show the logos of the individual social networks. However, the buttons are not standard social plugins, i.e. plugins provided by social networks, but links with button icons. These buttons are only activated by deliberate actions (clicking). As long as you do not click the buttons, no data will be transferred to the social networks. By clicking the buttons, you accept communication with the servers of the social network, thereby activating the buttons and establishing the link.
Once clicked, the button functions as a share plugin. The social network then obtains information about the site you have visited, which you can share with your friends and contacts. You need to be logged in to “share” information. If you are not logged in, you will be forwarded to the login page of the social network you have clicked, thereby leaving the website of vertex.de. If you are logged in, your “like” or recommendation of the article in question will be transmitted.
When you activate the button, the social networks will also receive the information that you accessed the respective page of our website and when you did so. In addition, information such as your IP address, details about the browser you used, and your language settings may be transmitted. If you click the button, your click will be transferred to the social network and used according to their data policy.
When you click the button we have no control over the data collected and the data-processing operations. We are not responsible for this data processing, nor are we the “controller” as defined in the GDPR. Neither are we aware of the full extent of data collection, its legal basis, purposes and storage periods. Given this, the information provided here is not necessarily complete.
As far as we know, these providers store these data in user profiles which they use for advertising, market research and/or demand-oriented website design. This type of analysis is performed (also for users who are not logged in) to present demand-oriented advertising and inform other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles. To exercise your right of objection, please contact the relevant provider.
Please consult the information provided by the following social media sites for details of the purpose and scope of data collection and of further processing and use of the data by the respective social network, and for your rights and privacy settings:
If you do not wish social networks to obtain data about you, do not click the button.
Deletion of data
The data processed by us will be deleted in accordance with Art. 17 and 18 DSGVO or their processing will be restricted. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.
According to legal requirements in Germany, data is stored for 10 years in accordance with §§ 147 para. 1 AO (German Tax Code), 257 para. 1 nos. 1 and 4, para. 4 HGB (German Commercial Code) (books, records, management reports, accounting records, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 nos. 2 and 3, para. 4 HGB (German Commercial Code) (commercial letters).
Online Shop and Customer Account
We process the data of our customers within the framework of the order processes in our online shop in order to enable them to select and order the selected products and services, as well as their payment and delivery, or execution.
To the processed data belong inventory data, communication data, contract data and to the persons affected by the processing belong our customers, interested parties and other business partners. Processing is carried out for the purpose of providing contractual services within the framework of operating an online shop, billing, delivery and customer services. We use session cookies to store the contents of the shopping basket and permanent cookies to store the login status.
The processing takes place on the basis of Art. 6 Para. 1 lit. b (execution of order processes) and c (legally required archiving) DSGVO. The information marked as necessary is required to substantiate and fulfil the contract. We disclose the data to third parties only within the scope of delivery, payment or within the scope of the statutory permits and obligations to legal advisors and authorities. The data will only be processed in third countries if this is necessary for the fulfilment of the contract (e.g. at the customer’s request for delivery or payment).
Users need to create a user account by viewing their orders in particular. Within the scope of registration, the required mandatory data will be communicated to the users and processed on the basis of Art. 6 para. 1 lit. b DSGVO for the purpose of providing the user account. The user accounts are not public and cannot be indexed by search engines. The processed data includes in particular the login information (name, password and an e-mail address). The data entered during registration are used for the purposes of using the user account and its purpose. If users have terminated their user account, their data will be deleted with regard to the user account, subject to its retention for commercial or tax reasons pursuant to Art. 6 Para. 1 lit. c DSGVO is necessary. Data in the customer account shall remain in force until it is deleted with subsequent archiving in the event of a legal obligation. It is the responsibility of the users to secure their data before the end of the contract in the event of termination.
Within the scope of registration and renewed registrations as well as use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. These data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation pursuant to Art. 6 para. 1 lit. c DSGVO.
The deletion takes place after expiration of legal warranty and comparable obligations, the necessity of the retention of data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiration (end of commercial (6 years) and tax (10 years) retention obligation).
Users may be informed by e-mail of information relevant to their user account, such as technical changes. If users have terminated their user account, their data will be deleted with regard to the user account, subject to a statutory retention obligation. It is the responsibility of the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.
Within the scope of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 Para. 1 lit. c DSGVO. The IP addresses will be anonymised or deleted after 7 days at the latest.
When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user’s details are processed for the purpose of processing the contact enquiry and processing it in accordance with Art. 6 Para. 1 lit. b) DSGVO. The user data can be stored in a customer relationship management system (“CRM system”) or comparable inquiry organisation.
We delete the requests if they are no longer necessary. We check the necessity every two years; furthermore, the statutory archiving obligations apply.
Hosting and e-mailing
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services which we use for the purpose of operating this online service.
In doing so we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service pursuant to Art. 6 Para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (data processing agreement).
Collection of access data and log files
We, or our hosting provider, collect data about each access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests as defined in Art. 6 Para. 1 lit. f. DSGVO. Access data includes the name of the website accessed, the file, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user’s operating system, IP address and the requesting provider.
Log file information is stored for security reasons (e.g. to clarify abuse or fraud actions) for a maximum period of 7 days and then deleted. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been finally clarified.
Please address any questions regarding the processing of your personal data, requests for information, applications, or complaints directly to Vertex GmbH, Obere Waessere 3-7, 72764 Reutlingen, Phone: +49 7121 62278-0, Email: email@example.com, we will be happy to help you.
If you have any questions or suggestions in accordance to data protection at Vertex please let us know.