Privacy Policy
Privacy Notice in accordance with Article 13 of the GDPR
Name and address of the data controller
The responsible body within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
Paint Solution Services GmbH
Hölze 1
26871 Papenburg/Aschendorf
Germany
Phone: +49 (0)4962 / 99 668-60
Email: info@paint-solution-services.de
General information on data processing
Legal basis for processing personal data
In accordance with Article 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not specified in the privacy notice, the following applies:
The legal basis for obtaining consent is Articel 6(1)(a) in conjunction with Article 7 GDPR. The legal basis for processing in order to provide our services and fulfil contractual measures, as well as answering inquiries, is Article 6(1)(b) GDPR. The legal basis for processing in order to fulfil our legal obligations is Article 6(1)(c) GDPR. If the processing of your data is necessary to safeguard the legitimate interests of our company or a third party and if your interests, fundamental rights and fundamental freedoms as the data subject do not outweigh the first interest, Article 6(1)(f) GDPR serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
Data deletion and storage period
We adhere to the principles of data minimisation in accordance with Article 5(1)(c) GDPR and storage limitation according to Article 5(1)(e) GDPR. We only store your personal data for as long as is necessary to achieve the purposes stated here, or as stipulated by the retention periods provided for by law. After the respective purpose no longer applies or after these retention periods have expired, the corresponding data will be deleted as quickly as possible.
External links
This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to any of the websites outside our control, please note that these websites have their own privacy notices. We do not assume any responsibility or liability for these external websites and their privacy notices. Before using these websites, please check whether you agree with their privacy policies.
You can recognise external links either by the fact that they are displayed in a colour which is slightly different from the rest of the text or that they are underlined. Your cursor will show you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. The operator of the other website will then receive your IP address, the time at which you clicked on the link, the website you were on when you clicked on the link, and other information that you can find in the respective provider’s privacy notice.
Please also note that individual links may result in data transfer outside the European Economic Area. This could give foreign authorities access to your data. You may not be entitled to any legal recourse against such data access. If you do not want your personal data to be transferred to the link destination or potentially even accessed by foreign authorities against your will, please do not click on any links.
Rights of data subjects
As a data subject within the meaning of the GDPR, you have the opportunity to assert various rights. The rights of data subjects arising from the GDPR are the right of access (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20).
Withdrawal
Some data processing can only be carried out with your explicit consent. You have the option of revoking your consent at any time. However, the lawfulness of the data processing until the revocation is not affected by this.
Right to object
If the processing is based on Art. 6 (1) (e) or (f) GDPR, you as a data subject can object to the processing of personal data concerning you at any time for reasons arising from your particular situation. You are also entitled to this right in the case of profiling based on these provisions within the meaning of Art. 4 (4) GDPR. If we cannot prove a legitimate interest for the processing that outweighs your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal claims, we will refrain from processing your data after an objection has been made.
If the processing of personal data serves the purpose of direct marketing, you also have the right to object at any time. The same applies to profiling, which is related to direct advertising. Again, we will no longer process personal data as soon as you object.
Right to lodge a complaint with a supervisory authority
If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy.
Eine Liste der Datenschutzbeauftragten sowie deren Kontaktdaten können folgendem Link entnommen werden:
www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to data portability
If your data is processed automatically on the basis of consent or performance of a contract, you have the right to receive this data in a structured, commonly used and machine-readable format. In addition, you have the right to request the transfer and provision of the data to another controller, insofar as this is technically feasible.
Right to information, correction and deletion
You have the right to obtain information about your processed personal data regarding the purpose of the data processing, the categories, the recipients and the duration of storage. If you have any questions on this topic or on other topics regarding personal data, you can of course contact us via the contact options given in the imprint.
Right to restriction of processing
You can assert the restriction of the processing of your personal data at any time. To do this, you must meet one of the following requirements:
- They contest the accuracy of the personal data. For the duration of the verification of accuracy, you have the right to request a restriction of processing.
- If processing is unlawful, you can request the restriction of the use of the data as an alternative to deletion.
- If we no longer need your personal data for the purposes of processing, but you need the data for the establishment, exercise or defence of legal claims, you can request the restriction of processing as an alternative to deletion.
- If you object to the processing in accordance with Art. 21 (1) GDPR, a balancing of your interests and ours will be carried out. Until this balancing has been carried out, you have the right to request the restriction of processing.
Restriction of processing means that, apart from storage, the personal data may only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
Provision of the website (web host)
Our website is hosted by:
STRATO GmbH
Otto-Ostrowski-Straße 7, 10249 Berlin
Germany
When you access our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or our hosting company’s server.
These are:
- IP address of the website visitor's end device
- device used
- host name of the accessing computer
- visitor's operating system
- browser type and version
- name of the retrieved file
- time of server request
- amount of data
- information on whether the retrieval of the data was successful
This data is not merged with other data sources.
Instead of operating this website on our own server, we may also commission an external service provider (hosting company) to operate it on their own server, which we have named above in this case. The personal data collected by this website will be stored on the hosting company’s servers. In addition to the data mentioned above, the web host also stores for us, for example, contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website.
The legal basis for processing this data is Article 6(1)(f) GDPR. Our legitimate interest is the technically error-free presentation and optimisation of this website. If the website is called up in order to enter into contract negotiations with us or to conclude a contract, this serves as a further legal basis (Article 6(1)(b) GDPR). In the event that we have commissioned a hosting company, an order processing contract will have been agreed with this service provider.
Use of Local Storage Items, Session Storage Items and Cookies
Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that enables data to be stored within the browser on your end device. This data usually includes user preferences, such as the "day" or "night" mode of a website, and is retained until you manually delete the data.
Session storage is very similar to Local storage, whereas the storage duration only lasts during the current session, so until the current tab is closed. The session storage objects are then deleted from your end device.
Cookies are information that a web server (server that provides web content) stores on your end device in order to be able to identify this end device. They are either temporarily deleted for the duration of a session (session cookies) and after your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser.
These objects can also be stored on your end device by third-party companies when you visit our site (third-party requests). This allows us, as the operator, and you, as a visitor to this website, to make use of certain third-party services installed on this website. Examples are the processing payment services or displaying videos on a website.
These mechanisms have a variety of uses. They can improve the functionality of a website, control shopping cart functions, increase the security and comfort of website use and carry out analyses regarding visitor flows and behaviour. Depending on their individual functions, they must be classified in terms of data protection legislation.
Are they necessary for the operation of the website and intended to provide certain features (shopping cart feature) or serve to optimize the website (e.g. cookies to measure visitor behaviour), then their use is based on Article 6(1)(f) GDPR. As a website operator, we have a legitimate interest in storing local storage items, session storage items and cookies in order to ensure the technically error-free and optimized provision of our services. In all other cases, local storage items, session storage items and cookies are only stored with your express consent (Article 6(1)(a) GDPR).
If local storage items, session storage items and cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy notice. When required, your consent will be requested and can be revoked at any time.
TranslatePress
On our website, we use the TranslatePress plugin provided by Cozmoslabs (Reflected Sight SRL, Romania) to offer content in multiple languages.
To store the selected language, TranslatePress sets a technically necessary cookie (trp_language), which preserves the setting for future visits. All translations are stored locally on our server; no data is transmitted to the plugin provider or third parties unless external translation services are activated.
Processing is carried out to provide a user-friendly multilingual presentation of our services based on our legitimate interest in accordance with Art. 6(1)(f) GDPR.
The trp_language cookie is stored for a period of one month unless it is deleted earlier by the user.
Use of external Services
External services are used on our website. External services are services provided by third parties that are integrated into our website. This may be done for various purposes, for example to embed videos or to ensure the security of the website. When using these services, personal data is also transmitted to the respective providers of these external services. If we do not have a legitimate interest in using these services, we will obtain your consent as a visitor to our website before using them, which you may revoke at any time (Art. 6(1)(a) GDPR).
Image Service
We integrate images from external providers in order to make our website more visually appealing. The images are hosted on the server of the external provider and are made available when the page is accessed. In doing so, a connection is established to the server of the external provider and data such as the IP address of the website visitor is transmitted to the provider of the image service.
Processing only takes place if you have consented to this data processing via our consent banner on the website. The legal basis for this processing is your consent (Art. 6(1)(a) GDPR). Without your consent, the data processing described above will not take place. If you withdraw your consent, we will stop this data processing. The lawfulness of the processing carried out up to the point of withdrawal remains unaffected.
Gravatar
We use the Gravatar service on our website. The provider of this service is Automattic Inc., 60 29th Street #343, 94110 San Francisco (CA), USA.
The use of this service may result in data being transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL:
https://automattic.com/privacy/
Content management system
A content management system enables the creation, editing, organisation and presentation of digital content. We use a content management system to create content for our website. This enables us to design a more attractive website.
This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
Our legitimate interest is in the technically error-free display and optimisation of the website.
Avada Website Builder
We use the service on our website Avada Website Builder. The provider of the service is the ThemeFusion Inc, Tampa, Florida, USA.
Since this service is hosted locally on the web server, no data transfer to third parties takes place.
The service stores the following data in the browser's local or session storage:
| Name | Storage Period | Type | Purpose |
|---|---|---|---|
| off_canvas_212 | Durable | 1st-Party Local Storage | Used to prevent the reappearance of pop-ups that have already been closed. |
Contact form
You have the option to contact us via a form on the website. In order to contact to be established via this form, we need your contact details in particular.
In this case, the legal basis for the processing of your data would be Article 6(1)(f) GDPR.
The legal basis for data processing here is to fulfil a contract or pre-contractual measures in accordance with Article 6(1)(b) GDPR. There may also be a legitimate interest in maintaining business relationships or answering your request for other reasons.
The data will be deleted when we have resolved your request and no other retention obligations apply.
This privacy policy applies to the following social media profiles:
- https://www.facebook.com/paintsolutionservices
- https://www.linkedin.com/company/paintsolutionservices
- https://www.instagram.com/pss.paintsolutionservices/
Data Processing by Social Networks
We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below.
Social networks such as Facebook, X, etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., Like buttons or advertising banners). Visiting our social media presences triggers numerous data protection–relevant processing activities. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media platform can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media platform. In this case, data collection may occur, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media platforms can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both within and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or have been logged in.
Please also note that we cannot track all processing operations on the social media platforms. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media platforms. Details can be found in the terms of use and privacy policies of the respective social media platforms.
Legal Basis
Our social media profiles are intended to ensure the most comprehensive presence possible on the internet. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6(1)(a) GDPR).
Controller and Exercise of Rights
If you visit one of our social media profiles (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can generally exercise your rights (access, rectification, erasure, restriction of processing, data portability, and the right to lodge a complaint) both against us and against the operator of the respective social media platform (e.g., Facebook).
Please note that despite the joint responsibility with social media platform operators, we do not have full influence over the data processing operations of the social media platforms. Our options are largely determined by the corporate policies of the respective provider.
Storage Period
The data we collect directly via the social media presence will be deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions—especially retention periods—remain unaffected.
We have no influence over the storage duration of your data stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g., in their privacy policies, see below).
Your Rights
You have the right at any time to receive, free of charge, information about the origin, recipients, and purpose of your stored personal data. You also have a right to object, a right to data portability, and a right to lodge a complaint with the competent supervisory authority. Furthermore, you may request the rectification, blocking, deletion, and, under certain circumstances, the restriction of processing of your personal data.
Social Networks in Detail
We maintain a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Meta”). According to Meta, the collected data is also transferred to the USA and other third countries.
You can adjust your advertising settings independently in your user account by using the following link and logging in: https://www.facebook.com/settings?tab=ads https://www.facebook.com/settings?tab=ads.
Data transfers to the USA are based on the European Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum https://de-de.facebook.com/help/566994660333381
For further details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. More information is available from the provider at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
We maintain a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfers to the USA are based on the European Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum https://de-de.facebook.com/help/566994660333381
Details on how LinkedIn handles your personal data can be found in its privacy policy: https://www.linkedin.com/legal/privacy-policy
We maintain a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Meta”). According to Meta, the collected data is also transferred to the USA and other third countries.
Data transfers to the USA are based on the European Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum https://de-de.facebook.com/help/566994660333381
Details zu deren Umgang mit Ihren personenbezogenen Daten entnehmen Sie der Datenschutzerklärung von Instagram: https://privacycenter.instagram.com/policy/.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. More information is available from the provider at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
