Data protection declaration
In the following, we inform you about the type, scope and purpose of the processing of personal data when using our online offer, which consists of this Internet presence and, if applicable, other online presences (e.g. external websites and social media profiles)
In the following, we use the terminology used in Art. 4 of the General Data Protection Regulation (GDPR).
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any handling of data.
"Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
"Profiling" means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
1.1 Name and contact details of the controller
The controller within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:
TOP GEO Mineral Trade GmbH
Federal Republic of Germany
Phone: +49 7950 1345
Fax: +49 7950 8483
1.2 Name and contact details of the data protection officer / contact person for data protection
1.2.1 The responsible party is not legally obliged to appoint a data protection officer
1.2.2 The contact person responsible for data protection is the Management Board of the responsible party authorized by law to represent the company. This consists of and can be reached at:
Mr. Petr Zajicek
TOP GEO Mineral Trade Ltd
- Data protection -
Federal Republic of Germany
Phone: +49 7950 1345
Fax: +49 7950 8483
2 General information on data processing
2.1 Scope of the processing of personal data
2.1.1 We process personal data of our users in principle only to the extent necessary to provide a functional website and the content and services offered by us, to provide contractual services including customer service and customer care, to respond to contact requests and to communicate with users and for our own advertising and to carry out security measures.
2.1.2 The processing of personal data of our users is regularly carried out only if either the user has consented or the processing of the data is permitted by legal regulations.
2.2 Legal basis for the processing of personal data
2.2.1 Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
2.2.2 When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
2.2.3 Insofar as processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
2.2.4 In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
2.2.5 If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing of personal data.
2.3 Data deletion and storage period
2.3.1 The personal data of the data subject shall be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. In these cases, the data will be blocked or deleted when a storage period prescribed by the aforementioned standards has expired, unless the continued storage of the data is necessary for the conclusion or performance of a contract. If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted, i.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
2.3.2 The statutory regulations applicable in Germany provide for a 10-year retention period for documents, in particular pursuant to Section 147 (3) of the German Fiscal Code (AO) and Section 237 (4) of the German Commercial Code (HGB) as well as Section 14b (1) of the German Value Added Tax Act (UStG) (e. g. for books and records, inventories, annual financial statements, balance sheets and the organizational documents required for their understanding, management reports, accounting vouchers, invoices issued and received) and a 6-year retention period (e.g. for received commercial and business letters, copies of letters sent, other documents, insofar as they are relevant for taxation).
3. provision of the website and creation of log files
3.1 Description and scope of data processing
3.1.1 Each time our website is called up, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected in this process:
Information about the type of browser and the version used
The operating system of the user
The Internet service provider of the user
The IP address of the user
Date and time of access
Websites from which the user's system accesses our website (referrer URL)
Websites that are accessed by the user's system via our website
3.1.2 This data is also stored in the log files of our system.
3.1.3 Storage of this data together with other personal data of the user does not take place.
3.2 Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.
3.3 Purpose of data processing
3.3.1 The temporary storage of the IP address by the system is necessary to enable delivery of the retrieved data to the user's electronic device. For this purpose, the user's IP address must remain stored for the duration of the session.
3.3.2 The storage of other data in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the content of our website, to help us prevent malfunctions and misuse of our systems, to ensure the long-term functionality and security of our website and our information technology systems, as well as to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
3.3.3 These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR.
3.4 Duration of storage
3.4.1 The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
3.4.2 In the case of storage of data in log files, this is the case after seven days at the latest, unless a longer storage period is necessary to comply with contractual or legal obligations. Data whose further storage is required for evidentiary purposes shall be exempt from deletion until the respective incident has been finally clarified.
3.4.3 In addition, storage for statistical purposes or to optimize our website and offered content is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
3.5 Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
4.1.1 Description and scope of data processing
In the cookies, the following data is stored and transmitted:
Items in a shopping cart
Personal data during an ordering process
In this way, the following data can be transmitted:
Search terms entered
Frequency of page views
Use of website functions
188.8.131.52 The user data collected in this way is pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data is not stored together with other personal data of the users.
4.1.2 Legal basis for data processing
The legal basis for the processing of personal data using both technically necessary cookies and cookies for analysis purposes is Art. 6 (1) lit. f GDPR.
4.1.3 Purpose of data processing
For the following applications in particular, we require cookies:
The user data collected through technically necessary cookies are not used to create user profiles.
184.108.40.206 Insofar as cookies are used for analysis purposes, these serve to improve the quality and user-friendliness of our website and its content and functions. Through the analysis cookies, we learn how the website, which functions and how often they are used. This allows us to continuously optimize our offer.
220.127.116.11 In these purposes also lies our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR.
4.1.4 Duration of storage, possibility of objection and removal
18.104.22.168 The cookies we use are so-called permanent or persistent cookies. These remain on your terminal device and allow us to recognize your browser on your next visit. These cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete these cookies in the settings of your web browser at any time.
5. processing of personal data for the purpose of contract execution
5.1 Description and scope of data processing
5.1.1 Information provided when placing an order
22.214.171.124 If you wish to make use of the paid services offered by us, it is necessary for the conclusion of the contract that you provide your personal data as part of the ordering process, which we require for the execution of the contract and the provision of the contractually owed services. Failure to provide the personal data would mean that the contract with you could not be concluded.
126.96.36.199 In the course of the ordering process, the mandatory information required for the execution of the contract shall be marked accordingly in the input mask. All other information is voluntary. The processed data include:
First and last name
Street and house number
Postal code and city
As a general rule, we do not process special categories of personal data, unless they are part of a commissioned processing operation.
5.3 Purpose of data processing
5.3.1 The processing of data is necessary for the fulfillment of the contract (e.g. for the establishment, content or modification and processing of an order, as well as for billing purposes and for the provision of customer services) with the user or for the performance of pre-contractual measures.
5.4 Duration of storage
5.4.1 The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
5.4.2 This is the case for data provided during the ordering and registration process for the fulfillment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of the contract.
5.4.3 If we act as an order processor for our customers, we delete the data in accordance with the specifications of the order, generally after the end of the order, unless contractual or legal obligations prevent deletion.
5.4.4 Even after termination of the contract, however, it may be necessary to continue to store personal data of the contractual partner in order to comply with contractual or legal obligations. Deletion shall take place after expiry of statutory warranty periods and retention periods under commercial and tax law (6 or 10 years). As soon as the processing of the above data is no longer necessary for the purpose of fulfilling the contract, we will restrict the processing after three years, whereby your data will only be used to comply with legal obligations. The necessity of keeping the data will be reviewed every three years.
5.5 Possibility of objection and elimination
5.5.1 The premature deletion of data whose processing is necessary for the performance of a contract or for the implementation of pre-contractual measures can only take place insofar as contractual or legal obligations do not prevent deletion.
6. disclosure of data and recipients
6.1 Description and scope of data processing
6.1.1 A transfer of your personal data to third parties does not take place in principle. In particular, your data will not be disclosed to third parties for their advertising purposes.
6.1.2 We will only pass on your personal data to third parties if:
you have given your express consent to this,
this is legally permissible and necessary for the processing of contractual relationships with you (in particular parcel delivery service),
there is a legal obligation for the disclosure (e.g. to tax authorities),
the disclosure is necessary on the basis of our legitimate interests and for the assertion, exercise or defense of legal claims (e.g. in the case of unpaid remuneration claims) and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
6.1.3 We use service providers commissioned by us (so-called order processors) as well as other third parties whose activities are necessary for the execution of the contract for the processing of contractual relationships with you. Here it is either necessary or at least possible that such a service provider obtains knowledge of personal data.
6.2 Legal basis for data processing
6.2.1 The legal basis for the processing of data is, in the presence of consent of the user, Art 6 para 1 lit a GDPR.
6.2.2 Insofar as the transfer of data serves to fulfill the contract, the legal basis for the processing of the data is Art. 6 para 1 lit b GDPR (fulfillment of a contract).
6.2.3 Insofar as the disclosure of data serves the fulfillment of a legal obligation, the legal basis for the processing of the data is Art. 6 para. 1 lit. c GDPR (fulfillment of obligations under commercial and tax law).
6.2.3 For the disclosure of data on the basis of our legitimate interests and for the assertion, exercise or defense of legal claims, the legal basis is Art. 6 para. 1 p. 1 lit. f GDPR.
6.2.4 If we commission third parties with the processing of data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 GDPR.
6.3 Purpose of data processing
The transfer of data to service providers commissioned by us is necessary both in accordance with Art. 6 para. 1 lit. b GDPR for the fulfillment of the contract with the user (e.g. for the justification, content design or modification and processing of an order as well as for billing purposes and for the provision of customer services) or for the implementation of pre-contractual measures as well as for the protection of our legitimate interests (e.g. exercise or defense of legal claims). This is also our legitimate interest according to Art. 6 para. 1 lit. f GDPR.
6.4 Duration of storage
6.4.1 The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were disclosed.
6.4.2 Order processors and third parties delete received data in accordance with the specifications of the order / contract, in principle after the end of the order / contract.
6.4.3 Deletion shall not take place if contractual or legal obligations (e.g. retention periods under commercial and tax law) prevent deletion.
7. transfer of personal data to third countries
7.1 A processing of your personal data in a so-called third country outside the European Union and the European Economic Area (EEA) by us does not take place in principle.
7.2 Your personal data will only be processed in third countries if this is necessary for the performance of the contract and the special requirements of Art. 44 et seq. GDPR are fulfilled.
8.1 Description and scope of data processing
8.1.1 When contacting us via our contact form on our website, the user's message and the following information (mandatory data) of the user are processed by us for the purpose of answering / processing his request and any follow-up questions:
8.1.2 In addition to the mandatory information mentioned in 8.1.1, you can provide the following additional information in the contact form on a voluntary basis:
8.1.3 All these data are never and at no time visible to other users.
8.1.5 When contacting us by e-mail, the user's message and the personal data provided by him will be processed by us for the purpose of answering / processing his request and any follow-up questions.
8.1.6 All these data are never and at no time visible to other users.
8.1.7 When contacting us via social media, the user's message and the personal data provided by the user will be processed by us for the purpose of answering / processing his request and any follow-up questions.
8.1.8 In all cases, the data will not be disclosed to third parties in this context. The data will be used exclusively for the processing of the conversation.
8.2 Legal basis for data processing
8.2.1 The legal basis for the processing of data is, in the presence of consent of the user, Art. 6 para. 1 lit. a GDPR.
8.2.2 The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR.
8.2.3 If the purpose of contacting you is to conclude a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR.
8.3 Purpose of data processing
8.3.1 The processing of personal data from the input mask serves us solely to answer / process the user's inquiry and any follow-up questions.
8.3.2 In the event of contact being made by e-mail or via social media, this also constitutes the necessary legitimate interest in processing the data.
8.3.3 The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
8.4 Duration of storage
8.4.1 The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
8.4.2 For the personal data from the input mask of the contact form and those sent by e-mail or via social media, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
8.4.3 The legal - in particular commercial and tax law - retention obligations apply. We review the necessity of storage every two years.
8.5 Possibility of objection and removal
8.5.1 The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us via our contact form or by e-mail or via social networks, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
8.5.2 The revocation of consent to the processing of personal data and the objection to the storage of his personal data may be addressed by the user by e-mail to: firstname.lastname@example.org
8.5.3 All personal data stored in the course of contacting us will be deleted in this case, unless this is contrary to commercial or tax retention obligations.
9. rights of the data subject
If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:
9.1 Right of access
You may request confirmation from the controller as to whether personal data relating to you is being processed by us.
If such processing is taking place, you may request information from the controller about:
9.1.1 the purposes for which the personal data are processed;
9.1.2 the categories of personal data which are processed;
9.1.3 the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
9.1.4 the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
9.1.5 the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
9.1.6 the existence of a right of appeal to a supervisory authority;
9.1.7 any available information on the origin of the data, if the personal data are not collected from the data subject;
9.1.8 the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
9.2 Right to rectification
You have a right to rectification and / or completion vis-à-vis the controller if the processed personal data concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
9.3 Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
9.3.1 if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
9.3.2 the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
9.3.3 the controller no longer needs the personal data for the purposes of the processing, but you need it for the assertion, exercise or defense of legal claims, or
9.3.4 if you have objected to the processing pursuant to Article 21 (1) of the GDPR and it has not yet been determined whether the controller's legitimate grounds override your grounds.
If the processing of personal data relating to you has been restricted, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
9.4 Right to erasure
9.4.1 Obligation to erase
You may request the controller to delete the personal data concerning you without undue delay, and the controller is obliged to delete such data without undue delay, if one of the following reasons applies:
188.8.131.52 The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
184.108.40.206 You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.
220.127.116.11 You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
18.104.22.168 The personal data concerning you have been processed unlawfully.
22.214.171.124 The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
126.96.36.199 The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
9.4.2 Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.
The right to erasure does not exist to the extent that the processing is necessary
188.8.131.52 for the exercise of the right to freedom of expression and information;
184.108.40.206 for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
220.127.116.11 for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
18.104.22.168 for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, where the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
22.214.171.124 for the assertion, exercise or defense of legal claims.
9.5 Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data relating to you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right against the controller to be informed about these recipients.
9.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
.9.6.1 the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
9.6.2 the processing is carried out with the help of automated procedures.
In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
9.7 Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
9.8 Right to revoke your declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
9.9 Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
9.9.1 is necessary for the conclusion or performance of a contract between you and the controller,
9.9.2 is permissible on the basis of legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests or
9.9.3 is made with your explicit consent.
However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases referred to in 9.9.1 and 9.9.3, the Controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the Controller, to express your point of view and to contest the decision.
9.10 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.
10. data security
We take appropriate technical and organizational measures in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. The measures taken include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of and segregation of the data. Furthermore, we protect our website and other systems by appropriate technical and organizational security measures against loss, destruction, access, alteration or distribution of your data by unauthorized persons. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and response to data compromise. Finally, we already take into account the protection of personal data in the development and design or the selection and use of applications, products and services as well as service providers commissioned by us in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR). Our security measures are continuously improved in line with technological developments.
Status: May 25, 2018