The following document describes the types and scope of personal data processed by our company, as well as the purposes of processing in accordance with the data protection law regulations (in particular according to the BDSG (Federal Data Protection Act) and European General Data Protection Regulation (GDPR)). This data protection declaration also applies to our websites and social media profiles. Please refer to Art. 4 GDPR for the definitions of terms such as “personal data” or “processing”.
Name and contact information for the controller
Our controller (hereinafter referred to as the “controller”) in the sense of Art. 4 clause 7 GDPR is:
Meßner GmbH & Co. KG
32689 Kalletal, Germany
E-mail address: firstname.lastname@example.org
Data Protection Officer
Types of data, purposes of processing and categories of data subjects
The following section provides information on the type and scope of personal data our company processes, as well as the purposes of collection, processing and use.
1. Types of data we process
Usage data (access times, websites, visited, etc.), personal data (name, address, etc.), contact data (phone number, e-mail, fax, etc.), content data (text inputs, videos, photos, etc.), communication data (IP address, etc.),
2. Purposes of processing in accordance with Art. 13 para. 1 c) GDPR
Handling contracts, evidence / securing evidence, technical and economical optimisation of the website, facilitating easy access to the website, fulfilling contractual obligations, contacting individuals in case of legal challenges by third parties, fulfilling statutory retention obligations, optimisation and statistical evaluation of our services, supporting commercial use of the website, improving the user experience, making the website more user-friendly, economical handling of advertisement and website operations, marketing / sales / advertising, creating statistics, avoiding SPAM and fraud, handling the application process, customer service, handling contact inquiries, providing websites, website functions and content, security measures, ensuring the uninterrupted, secure operation of our website,
3. Categories of data subjects in accordance with Art. 13 para. 1 e) GDPR
Website users/visitors, customers, suppliers, stakeholders, applicants, employees, customer or supplier employees,
Data subjects are referred to jointly as “users”.
Legal basis for processing personal data
The following section provides information on the legal basis for processing personal data:
1. If we have obtained your consent to process personal data, then Art. 6 para. 1 clause 1 lit. a) GDPR is the legal basis.
2. If the processing is necessary to fulfil a contract or carry out pre-contractual measures upon your request, then Art. 6 para. 1 clause 1 lit. b) GDPR is the legal basis.
3. If the processing is necessary to fulfil a legal obligation to which we are subject (such as statutory retention periods), then Art. 6 para. 1 clause 1 lit. c) GDPR is the legal basis.
4. If the processing is required to protect the vital interests of the data subject or another natural person, then Art. 6 para. 1 clause 1 lit. d) GDPR is the legal basis.
5. If processing is necessary to safeguard our interests or the legitimate interests of a third party, and if your interests or basic rights and freedoms do not outweigh these interests, then Art. 6 para. 1 clause 1 lit. f) GDPR is the legal basis.
Transmission of personal data to third parties and contract processors
We do not generally transmit data to third parties without your consent. However, if we do so, then data is transmitted in accordance with the laws above, or if data is transmitted to online payment providers, then this is done to fulfil the contract, based on a court order, or due to a statutory obligation to deliver the data for the purposes of a criminal prosecution, to avert danger, or to exercise our rights to our intellectual property.
We also use contract data processors (external service providers, for instance, for web hosting of our websites and databases) to process your data. If data is transmitted to the contract processor as part of a contract data processing agreement, then it is always transmitted in accordance with Art. 28 GDPR. We choose our contract data processors carefully, monitor them regularly, and have the right to issue instructions to them regarding your data. In addition, contract data processors must have taken appropriate technical and organisational measures and must comply with the data protection regulations of the newest versions of the BDSG and the GDPR.
Data transmission to third states
The enactment of the European General Data Protection Regulations (GDPR) established a uniform, basic level of data protection throughout Europe. Therefore, your data is primarily processed by companies subject to the GDPR. However, if data is processed by third party providers outside of the European Union or European Economic Area, then these companies must fulfil the special requirements of Art. 44 et seqq. GDPR. This means that data is processed based on special guarantees, such as being able to guarantee a level of data protection equal to that in the EU as officially recognised by the EU Commission, or observing officially recognised special contractual obligations, known as “standard contractual clauses”.
If we obtain express consent from you to transmit data to the USA because the “privacy shield” is invalid, in accordance with Art. 49 para. 1 clause 1 lit. a) GDPR, then please note that data may be accessed secretly by US officials and used for surveillance purposes, potentially without any possibility of legal remedy for EU citizens.
Deletion of data and duration of storage
Unless expressly otherwise indicated in this data protection declaration, your personal data is deleted or blocked once you revoke the consent you granted to process the data, or once the purpose for which it was stored no longer applies, or once the data is no longer needed for the purpose, unless we are required to continue storing the data for evidentiary purposes, or due to statutory retention periods. This includes, for instance, commercial law retention periods for business correspondence in accordance with Sec. 257 para. 1 of the German Commercial Code (6 years) and tax law retention obligations in accordance with Sec. 147 para. 1 of the German Tax Code for receipts (10 years). Once the prescribed retention period has expired, your data is blocked or deleted, unless it must continue to be stored in order to conclude or fulfil a contract.
Existence of automated decision-making
We do not use automated decision-making procedures or profiling.
Delivery of our website and creating log files
1. If you only use our website for informational purposes (and you do not register on the website or otherwise transmit information), then we will only collect the personal data your browser transmits to our servers. When you visit our website, we collect the following data:
• IP address;
• Internet service provider of the user;
• Date and time of access;
• Browser type;
• Language and browser version;
• Accessed content;
• Time zone;
• Access status/HTTP status code;
• Quantity of data;
• Websites from which the request comes;
• Operating system.
This data is not stored alongside other personal data belonging to you.
2. We only use the data to deliver a user-friendly, functional and secure website to you, to provide the website functions and content, to optimise functions and content and complete statistical analyses.
3. Our legal basis for doing so is our legitimate interest in data processing in accordance with Art. 6 para. 1 clause 1 lit. f) GDPR. We likewise have a legitimate interest in the purposes described above.
4. For security reasons, we store this data in server log files for 60 days. After this time, the data is automatically deleted unless we need to continue storing it for evidentiary purposes in order to respond to attacks on our server infrastructure or other legal violations.
We differentiate between the following types of cookies:
• Required, essential cookies: Essential cookies are cookies that are necessary to operate the website and provide particular website functions such as logins, the shopping basket or save user entries, for instance for the website language.
• Session cookies: Session cookies are used to recognise when the same user uses a page multiple times (for instance if you are logged in, the cookie is used to determine your login status). The next time you access our website, these cookies deliver information so that our system can recognise you automatically. This information helps us optimise our services and provide you with easier access to our page. Session cookies are deleted when you close your browser or log out.
• Persistent cookies: These cookies remain stored after you close your browser. They are used to save your log in, to measure range, and for marketing purposes. Persistent cookies are automatically deleted after a certain period of time, which may differ depending on the cookie. You can delete cookies at any time using the security settings in your browser.
• Third-party cookies, in particular from advertisers: You can configure your browser settings as desired, for instance to reject third-party cookies or to reject all cookies. However, please note that if you do so, you may not be able to use all of the functions of this website. Further information on these cookies is available in the data protection declarations of said third-party providers.
1. Categories of data: User data, cookie, user ID (includes the pages visited, device information, access times, and IP addresses).
2. Purposes of processing: This information helps us optimise our website from both technical and economic standpoints and provide you with easier, more secure access to our website.
3. Legal bases: When we process personal data using cookies based on your consent (“opt in”), then Art. 6 para. 1 clause 1 lit. a) GDPR serves as the legal basis. Otherwise, we have a legitimate interest in ensuring the effective, function, improvement and economical operation of the website, so that in this case Art. 6 para. 1 clause 1 lit. f) GDPR is the legal basis. Furthermore, the legal basis is Art. 6 para. 1 clause 1 lit. b) GDPR, if the cookies are used to initiate a contract or to place an order.
4. Duration of storage/ deletion: Data is deleted once it is no longer necessary to achieve the purpose for which it was collected. If data is recorded on the delivery of this website, then it is no longer needed once the website session has ended.
Information on deleting cookies for specific browsers is available here:
Editing cookie settings or objecting to cookies:
<script id=”CookieDeclaration” src=
Cookie consent solutions
Consent Manager provider
1. We have integrated the Consent Manager Provider (CMP) (provider: Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, Website: https://www.consentmanager.de) into our website as a consent management service.
2. Categories of data and description of data processing: Cookies, date and time of your visit, device information, browser information, anonymised IP address, opt in and opt out data. We can use this service to obtain your consent to save cookies, and to document the process. In addition, a cookie will be saved in your browser so we can identify that you have given or revoked your consent. More information is available in the data protection declaration of the data processor CMP: https://www.consentmanager.de/privacy.php.
3. Purposes of data processing: Compliance with legal regulations, consent manager.
4. Legal bases: The legal basis for processing personal data is our legitimate interest in accordance with Art. 6 para. 1 clause 1 lit. f) GDPR and to fulfil statutory obligations in accordance with Art. 6 para. 1 clause 1 lit. c) GDPR.
5. Duration of storage: Data is stored until you delete the CMP cookie in your browser yourself, or until the purpose for which the data was stored no longer applies. When consent is granted and then revoked, documentation of the revocation is stored for three years. This data is stored partially based on our obligation of accountability according to Art. 5 para. 2 GDPR.
6. Data transmission/categories of recipients: CMP providers in Europe. We have concluded a data processing contract in accordance with Art. 28 GDP with the data processor.
Carrying out agreements
1. We process user data (such as their company, title/academic degree, name and address and contact information, e-mail), contractual data (such as services used, names of contact persons) and payment data (such as banking information, payment history) for the purpose of fulfilling our contractual obligations (knowing who our contractual partner is; initiating, determining the content of and carrying out the agreement; reviewing data to ensure it is plausible) and providing services (such as contacting customer service) according to Art. 6 para. 1 clause 1 lit. b) GDPR. Information marked as mandatory in online forms must be provided to conclude a contract.
2. This data is not generally transmitted to third parties, unless this is necessary to pursue our claims (such as providing the data to an attorney for debt collection purposes) or to fulfil the agreement (such as transmitting data to a payment provider), or if we have a legal obligation to do so according to Art. 6 para. 1 clause 1 lit. c) GDPR.
3. We can also process data provided by you to inform you about other interesting products from our portfolio, or to deliver e-mails with technical information to you.
4. Data is deleted once it is no longer necessary to achieve the purpose for which it was collected. This is the case for personal and contractual data once the data is no longer required to carry out the agreement, and once no further claims can be asserted under the agreement because they have expired (warranty: two years / standard expiration: three years). Under commercial and tax law regulations, we are obligated to store your address, payment and order data for ten years. However, three years after the contract ends we do restrict processing, meaning that your data will be used only to comply with legal obligations. Information in your user account will remain stored until it is deleted.
Contact via the contact form / e-mail / fax / mail
1. When you contact us using the contact form, fax, mail or e-mail, your information will be processed for the purpose of handling your contact inquiry.
2. The legal basis for processing the data is Art. 6 para. 1 clause 1 lit. a) GDPR, if we have your consent to process it. The legal basis for processing data transmitted in the course of a contact inquiry or e-mail, letter or fax is Art. 6 para. 1 clause 1 lit. f) GDPR. The controller has a legitimate interest in processing and storing the data to answer user inquiries, to preserve evidence for liability reasons, and to fulfil any statutory retention obligations it may have for business correspondence. If the purpose of the contact is to conclude a contract, then Art. 6 para. 1 clause 1 lit. b) GDPR also serves as a legal basis for processing.
3. We can save your information and your contact inquiry in our customer relationship management system (“CRM system”) or a comparable system.
4. Data is deleted once it is no longer necessary to achieve the purpose for which it was collected. This is the case for personal data from the input screen of the contact form and personal data transmitted via e-mail, once we have concluded our conversation with you. The conversation is considered concluded if circumstances indicate that the matter you contacted us about has been resolved. We save inquiries from users who have an account or contract with us for two years after the contract ends. If statutory archiving obligations apply, data is deleted after any applicable commercial law (6 years) or tax law (10 years) retention obligation.
1. You can revoke your consent to process your personal data in accordance with Art. 6 para. 1 clause 1 lit. a) GDPR. If you contact us via e-mail, you can object to your personal data being stored at any time.
Contact by phone
1. If you contact us by telephone, your telephone number is processed to handle and complete your contact inquiry, and is temporarily stored / displayed in the RAM / cache of the telephone / display. Data is stored for liability and security reasons, in order to provide evidence of the call, and for economic purposes, to facilitate a call-back. We will block phone numbers if we receive illegitimate advertising calls.
2. The legal basis for processing telephone numbers is Art. 6 para. 1 clause 1 lit. f) it. If the purpose of the contact is to conclude a contract, then Art. 6 para. 1 lit. b) GDPR also serves as a legal basis for processing.
3. The device cache saves the calls for 90 days and successively overwrites or deletes old data; when the device is disposed of, all data is deleted and the memory may be destroyed. Blocked phone numbers are checked each year to ensure that the block is necessary.
4. You can prevent the telephone number from being displayed by calling, using a hidden telephone number.
1. We have integrated YouTube videos on our website from youtube.com using the embedded function, so you can access these directly from our website. YouTube belongs to Google Ireland Limited, Register no.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland.
2. Data category and description of data processing: Usage data (such as the website accessed, content and access times). We have integrated the videos in so-called “expanded data protection mode”, and cookies are not used to record user behaviour in order to personalise the video transmission. Instead, recommended videos are based on the current video being played. Videos played on an embedded player in expanded data protection mode do not impact which videos are recommended to you on YouTube. When you start a video (click the video), you consent for YouTube to track the information that you have accessed the sub-page or video on our website, and to use this data for advertising purposes.
3. Purpose of processing: Delivering a user-friendly website, optimising and improving our content.
4. Legal bases: If you have granted your consent for your personal data to be processed via “etrackers” from third party providers, (“opt in”), then Art. 6 para. 1 clause 1 lit. a) GDPR is the legal basis for processing. In addition, our legitimate interest in data processing in accordance with Art. 6 para. 1 clause 1 lit. f) GDPR is also a legal basis for the processing. Tracking and analysis of user behaviour are carried out in accordance with Art. 6 para. 1 clause 1 lit. b) GDPR for services performed in conjunction with a contract, in order to use the information generated to offer optimised services to fulfil the contractual purpose.
5. Data transmission/categories of recipients: Third party providers in the USA. The data collected is transmitted to the USA and stored there, even if you do not have a Google user account. If you are logged into your Google account, Google can associate the above data with your account. If you do not wish Google to do so, you must log out of your Google account. Google creates user profiles from this data, and uses the data for the purposes of advertising, market research or to optimise its website.
6. Duration of storage: Cookies are stored up to 2 years, or until you as a user delete the cookies.
7. Objection: You have the right to object to Google regarding the creation of user profiles. Please contact Google directly via the data protection declaration below. You can exercise your right to opt out of advertising cookies in your Google account here:
9. use of Google cookies and its advertising technologies, storage durations, anonymisation, location data, and function as well as your rights. Google general data protection declaration: https://policies.google.com/privacy.
1. We have integrated the anti-spam function “reCAPTCHA” from “Google” (provider: Google Ireland Limited, register no.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
2. Data category and description of data processing: Usage data (such as accessed website, IP). We use “reCAPTCHA” in our forms to determine whether an entry was made by a machine (robot) or a human. When this service is used, your IP address and any other necessary data may be transferred to Google servers in the USA.
3. Purpose of processing: Avoiding spam and fraud, as well as our economic interest in optimising our website.
4. Legal bases: If you have granted your consent for your personal data to be processed via “reCaptcha” from third party providers, (“opt in”), then Art. 6 para. 1 clause 1 lit. a) GDPR is the legal basis for processing. In addition, our legitimate interest in data processing in accordance with Art. 6 para. 1 clause 1 lit. f) GDPR is also a legal basis for the processing.
5. Data transmission/categories of recipients: Third party providers in the USA.
6. Storage term: until you as a user delete the cookies.
Rights of data subjects
1. Objection to or revocation of consent to the processing of your data
If processing is carried out based on your consent in accordance with Art. 6 para. 1 clause 1 lit. a), Art. 7 GDPR, you have the right to revoke your consent at any time. The legality of processing carried out based on your consent before it was revoked shall not be affected.
If we process your personal data based on a balancing of interests in accordance with Art. 6 para. 1 clause 1 lit. f) GDPR, you may object to the processing. This is the case if the processing is not, in particular, necessary to fulfil a contract with you, as described in the following descriptions of functions. If you do revoke your consent, please provide us with reasons for why we should not process your personal data. If you are making a legitimate objection, we will review the matter and will either stop or adjust data processing, or will describe our mandatory and protected reasons for continuing the processing to you.
You can object to the processing of your personal data for the purposes of advertisement and data analysis at any time. You can exercise your right of objection free of charge. You can inform us that you are objecting to advertising at the following contact information:
Meßner GmbH & Co. KG
32689 Kalletal, Germany
E-mail address: email@example.com
1. Right to information
You have the right to receive information on your personal data we have saved in accordance with Art. 15 GDPR. This includes, in particular, information on the purposes of processing, the categories of personal data, the categories of recipients to whom your data was or is being disclosed, the planned storage term, and the origin of your data, if it was not collected directly from you.
2. Right to rectification
You have the right to receive rectify incorrect data, or complete any correct data in accordance with Art. 16 GDPR.
3. Right to deletion
You have the right to delete your data we have saved in accordance with Art. 17 GDPR, unless there are other applicable statutory or contractual retention terms or other obligations or rights to continue storing the data.
4. Right to restriction
You have the right to request that processing of your personal data be restricted if one of the requirements in Art. 18 para. 1 lit. a) to d) GDPR has been fulfilled:
• If you dispute the correctness of your personal data for a length of time allowing the controller to check whether the personal data is correct;
• If the processing is illegal and you deny deletion of the personal data, instead requesting that use of the personal data be restricted;
• If the controller no longer needs the personal data for the purposes of processing, however you do need the data to assert, exercise or defend against legal claims, or
• If you have objected to the processing in accordance with Art. 21 para. 1 GDPR, and it is not yet known whether the legitimate interests of the controller outweigh your own.
1. Right to data portability
In accordance with Art. 20 GDPR, you have the right to data portability, which means that you can receive the personal data we have stored on you in a structured, commonly used and machine-readable format, or can request that the data be transmitted to another controller.
2. Right to submit complaints
You have the right to submit complaints to a supervisory authority. Generally, you can contact the supervisory authorities in particular in the member state where you live, work, or in the location where the alleged violation occurred.
We have taken appropriate technical and organisational security measures to protect all personal data transmitted to us, and to ensure that we and our external service providers comply with data protection regulations. Therefore, for instance, all data transmitted between your browser and our server is transmitted via a secure SSL connection.
Last updated: 04/08/2020