Englisch (UK)    Deutsch (DE)    Französisch(FR)    Italienisch (IT)    Spanisch (ES)


Data Protection Notices in Accordance With Art. 13 & Art. 21 of the General Data Protection Regulation With Supplementary Notices

Controller:

The data collection and processing controller is Graphite COVA GmbH.

Voluntary Information:

We only collect data required by law or for contract conclusion or performance or that is provided to us voluntarily on the basis of consent.

Further information may be provided voluntarily. There are no negative consequences for not providing additional data. However, not providing such information may delay or make subsequent communication more difficult.

Data Processing for Contract Performance:

We process personal data provided to us in accordance with Art. 6(1) Letter b of the General Data Protection Regulation for the purpose of contract performance. This also includes use for reviewing whether an order may be accepted and for subsequent customer support.

Data required for contract performance is not deleted if and for as long as mutual claims remain or are to be collected after the contract expires. In addition, we will save any documents we collected for contractual relationship purposes for as long as required by legal storage periods, e.g., under Section 257 of the German Commercial Code [Handelsgesetzbuch, HGB], Section 147 of the German Fiscal Code [Abgabenordnung, AO] or Section 14b of the German VAT Act [Umsatzsteuergesetz, UStG], unless otherwise agreed to in individual agreements or unless other special legal regulations apply.

Data Processing on the Basis of Consent:

If you separately consented to have us inform you about our products, services and events by telephone, letter, email or through comparable information pathways or to have us transfer your data to third parties, according data processing will be performed on the basis of Art. 6(1) Letter a of the General Data Protection Regulation. In addition, we will process your personal data for personalized "tracking" purposes if and to the extent that you submit an according declaration of consent.

You may withdraw your consent at any time without affecting the legitimacy of any prior processing. If you withdraw your consent, we will suspend the respective data processing.

Data Processing for Safeguarding Legitimate Interests:

Without according consent and if no other legal basis is present and only if the requirements of Art. 6(1) Letter f of the General Data Protection Regulation, i.e., if our or a third party's interests in the data processing override your interests, basic rights or basic freedoms, are fulfilled, we will only process your data in accordance with Art. 6(1) Letter f of the General Data Protection Regulation to safeguard legitimate interests. Your data will be saved for as long as the legitimate interest is present, at minimum for the duration of the applicable legal storage period.

You have the right to object to data processing. For more information, please see the section "Data Subject Rights."

Legitimate Interests: Data Processing for Direct Marketing Purposes:

We will process your data—if permissible—for direct marketing purposes, especially for sending our advertisements, e.g., invitations, product information and event and similar information. In such cases, data processing will also be performed on the basis of Art. 6(1) Letter f of the General Data Protection Regulation, and for the interest of informing you about new products, events and services. Every customer has the right to object to this processing which, if exercised, will result in the suspension of data processing for direct marketing purposes. If data is saved exclusively for direct marketing purposes, this data will be deleted if objection rights are exercised.

Data Processing for the Fulfillment of Legal Obligations:

If and to the extent required, we will process your data to fulfill any applicable legal documentation obligations to, e.g., tax offices or supervisory authorities. Data processing will be performed on the basis of Art. 6(1) Letter c of the General Data Protection Regulation. In case of a legal obligation, we will delete your data in accordance with the legal obligation, unless agreed to otherwise in an individual agreement or unless legitimate interests in further storage are present.

Data Recipient:

We will only transfer your data to third parties (e.g., to attorneys to enforce outstanding claims) if an according data protection transfer authorization (e.g., under the above-stated cases) is present.

In addition, we may transfer your data to external service providers (e.g., IT service providers or companies that destroy or archive data) who, while strictly subject to our directives, assist us with data processing as contracted processors.

Since we are a subsidiary of Graphite India Ltd. based in Calcutta, India, your data may also be processed at the headquarters in India for contract reviews through contracted processing.

Since we are a subsidiary of Graphite India Ltd. based in Calcutta, India, your data may also be processed at the headquarters in India for contract reviews through contracted processing.

Data processing outside of the EU or EEA will not be performed if data transfers are not required for contract initiation or performance.

If data processing is performed outside of the EU, it will be performed exclusively on the basis of standard contractual EU clauses or in countries for which an adequacy decision was made by the EU and through contracted processing. On your request, we will be happy to show you the respective contracts or provide you with copies thereof.

We will not sell your personal data to third parties or market it otherwise.

Our Website

a.) Security Through Use of TSL and SSL

For transmissions of your data to us through our website, we currently use secure technologies, especially so-called "Transport Layer Security" transmissions (TSL) and "Secure Socket Layer" transmissions (SSL). Any information and data transmitted through these secure methods is encrypted before it is sent to us. This applies especially to any personal customer data, such as one's name and address. To further protect you and us from misuse, your computer's IP address is transmitted to us during online contract conclusion.

b.) Use of Cookies

On our website, we use so-called cookies to manage the inquiries and requests to submit to us via the Internet. Cookies are like an electronic calling card that makes it easier for you to use our online offer. These small files are automatically saved on your hard disk by your browser and are necessary for error-free use of our website. Our cookies do not contain personal information. This ensures protection of your privacy. You may delete these cookies through according browser configurations after using our website. You may also object to the creation of user profiles through non-personal data. To do so, please disable cookies on your browser.

c.) Third-Party Content

Our portals cooperate with various partners who provide websites and Internet services which may be accessed, e.g., via links on our websites. These partners usually have their own privacy and/or data policies. We are not responsible or liable for such policies not related to our offers.

Contact Details of the Data Protection Officer:

You may contact our data protection officer at:
Mr. Oliver Hrdlicka
Email: hrdlicka(at)graphitecova.com
Tel.: +49 911/5708-509

Data Subject Rights:

Data subjects have the right to request access to and rectification or erasure of personal data concerning them from the controller if one of the reasons under Art. 17 of the General Data Protection Regulation applies e.g., if the data is no longer needed for the purposes for which it was collected. In addition, data subjects have the right to processing restriction if one of the requirements under Art. 18 of the General Data Protection Regulation is fulfilled and the right to data portability under Art. 20 of the General Data Protection Regulation. If data is collected on the basis of Art. 6(1) Letter f (data processing for safeguarding legitimate interests), data subjects have the right to object to the processing at any time on grounds relating to their particular situation. We will then suspend the processing of the personal data, unless reasons for the processing are demonstrably present that override the interests, rights and freedoms of the data subject or unless the processing serves the establishment, exercise or defense of legal claims.

Right to Submit Complaints to Supervisory Authorities:

Every data subject has the right to submit complaints to competent supervisory authorities if he or she considers that the processing of the data concerning the data subject infringes on data protection regulations. This right to submit complaints may especially be exercised through submissions to supervisory authorities in a Member State of the habitual residence of the data subject or of the place where the infringement occurred. Our competent supervisory authority is the:

Bayerisches Landesamt für Datenschutzaufsicht [Data Protection Authority of Bavaria for the Private Sector] (BayLDA)
Promenade 27
91522 Ansbach
Germany
Tel.: +49 981/53-1300