General Information

This website is operated by Caroline Sommer LTD. In this Privacy Notice you will find information about the handling of your personal data when you visit the Caroline Sommer LTD website.

Definitions

The data protection declaration of the Caroline Sommer LTD is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration must be legible and understandable for the general public as well as for our customers and business partners. To ensure this, we would first like to explain the terminology used.

In this data protection declaration, we use, among others, the following terms:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

The data subject is any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing

Processing is any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(d) Restriction of processing

Restriction of processing is the marking of stored personal data in order to limit their processing in the future.

(e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain aspects of a natural person's personality, in particular to analyse or predict aspects relating to that natural person's performance at work, financial situation, health, personal preferences, interests, reliability, behavior, location or movements.

(f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

(g) Controller or controller

The controller is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, Union or Member State law may lay down the controller or the specific criteria for its designation.

(h) Processor

The controller is a natural or legal person, a public authority, a body or any other body processing personal data on behalf of the controller.

(i) Recipient

The recipient is a natural or legal person, a public authority, a body or any other body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by such public authorities shall comply with the data protection rules applicable in accordance with the purposes of the processing.

(j) Third parties

A third party is a natural or legal person, public authority, body or agency other than the data subject, the controller, the processor and persons who, under the direct authority of the controller, are authorized to process personal data.

(k) Consent

The data subject's consent is any freely given, specific, informed and unambiguous indication of his or her wishes by which, by a clear affirmative statement or action, the data subject signifies his or her agreement to the processing of personal data relating to him or her.

Collection and use of personal data

We only collect and process personal data (e.g., name, address, e-mail address) that you provide to us at the time of registration, when ordering products or services, or when making enquiries, and only to the extent necessary to justify, establish the content of the legal relationship or change the legal relationship. After the conclusion of the contract, your data will be deleted in connection with the legal obligations of safekeeping, insofar as you have not expressly agreed to the further use of this data. We, and persons commissioned by us, will not pass on your personal data to third parties without your consent or without a relevant official order.

Storage period

We only process and store your data for as long as is necessary for processing or to comply with legal obligations. Your data will be blocked or deleted after the purpose of processing has ceased to apply. If, in addition, there are legal storage obligations, we will block or delete your data at the end of the legal storage periods.