Manufacturer and turn-key supplier of
geothermal system components
Privacy and Data protection

Data Privacy Policy

We're very gratified at your interest in our company. Data privacy is of the utmost importance for Terra Calidus GmbH company management. In general, Terra Calidus GmbH web pages can be accessed without having to provide any personal data. However, if a data subject wants to access certain company services through our Internet site, it may turn out that we do need to process his or her personal data. In cases where we do need to process personal data and no legal basis exists for such processing, we normally obtain consent from the data subject.

A data subject's personal data such as their name, address, email address and telephone number are always processed in accordance with the EU General Data Protection Regulation as well as the country-specific data protection regulations which apply to Terra Calidus GmbH. Our company's purpose in publishing this data privacy policy is to inform the public of what types of personal data which we collect, use and process, as well as the extent to which we do so and for what purpose. This data privacy policy is also intended to inform data subjects of their rights.

As a data processing controller, Terra Calidus GmbH has implemented numerous technical and organizational measures to ensure that any personal data processed via this Internet site are protected as fully as possible. Nevertheless, since data transfers over the Internet can always show security vulnerabilities, absolute protection cannot be guaranteed. For this reason, every data subject is free to share his or her personal data with us through other means, such as by telephone.

1. Definitions

The Terra Calidus GmbH data privacy policy is based on concepts which were used by European legislators in enacting the General Data Protection Regulation (GDPR). Our data privacy policy is intended to be easy to read and understand for both the public as well as our customers and business partners, so in order to ensure this, we'd first like to explain what the terms used in this policy mean.

The terms we use in this data privacy policy include the following:

  • a)    Personal data

Personal data are all information which refers to an identified or identifiable natural person (hereinafter "data subject"). A natural person is considered identifiable if he or she can be identified directly or indirectly, especially by assigning him or her to some identifier such as a number, identification number, location data, online identifier or to one or more special characteristics which express the natural person's physical, physiological, genetic, emotional, economic, cultural or social identity.

  • b)    Data subject

The data subject is any identified or identifiable natural person whose personal data are being processed by the controller responsible for data processing.

  • c)    Processing

Processing means any operation or set of operations performed in connection with personal data or sets of personal data, with or without the help of by automated processes, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure through transmission, dissemination or some other form of provision, reconciliation or association, restriction, erasure or destruction.

  • d)    Restriction of processing

Restriction of processing refers to the marking of stored personal data for the purpose of restricting its future processing.

  • e)    Profiling

Profiling is any kind of automated processing of personal data which consists of using the personal data to analyse or predict specific personal aspects which refer to a natural person, in particular aspects related to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location and movements.

  • f)    Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided this additional information is stored separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

  • g)    Controller or controller responsible for processing

Controller or controller responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with other parties, determines the purposes and means for processing personal data. In cases where the purposes and means of such processing are established by Union or Member State law, the controller or specific criteria for appointing the controller may be provided for by Union or Member State law.

  • h)    Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  • i)    Recipient

Recipient is a natural or legal person, public authority, agency or another body to which the personal data are disclosed, regardless of whether or not this body is a third party. Nevertheless, public authorities which may receive personal data as part of a investigation ordered under Union or Member State law are not considered recipients.

  • j)    Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor or any individuals who report directly to the controller or processor and are authorised to process personal data.

  • k)    Consent

Consent is any freely given, informed, unambiguous declaration of a data subject's intent, provided on a case-by-case basis and in the form of a statement or other unambiguous confirmatory act, through which the data subject indicates that he or she consents to the processing of his or her personal data.

2. Controller name and address

The controller for the purposes of the General Data Protection Regulation and other data protection laws which apply in EU member states as well as any other regulations governing data protection is:

Terra Calidus GmbH
Siemensstrasse 37
07546 Gera
Germany

Tel.: +49 365 5161 8989
Email: info@terra-calidus.de
Website: www.terra-calidus.de

3. Cookies

The Terra Calidus GmbH web pages use cookies. Cookies are text files which are placed and stored on a computer system via an Internet browser.

Numerous websites and servers make use of cookies. Many cookies include a so-called cookie ID. A cookie ID uniquely identifies the cookie. It consists of a character string through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This makes it possible for the websites and servers accessed by a data subject to distinguish the subject's specific browser from other Internet browsers, which contain different cookies. The unique cookie ID makes it possible for a specific Internet browser to be recognized and identified.

By using cookies, Terra Calidus GmbH can provide the users of this website with services which are more user-friendly than would be possible if cookies were not set.

Cookies allow us to optimize the information and offers on our website for each individual user. As already mentioned, cookies allow us to recognize the users of our website. The purpose of this recognition is to make it easier for users to make use of our website. For example, users of a website which uses cookies don't need to enter their access data each time they visit the website since because this is already being taken care of by the website and the cookie stored on the user's computer system. Another example is the cookie for a shopping cart in an online store. The cookie makes it possible for the online store to remember the articles that a customer has placed in his or her virtual shopping cart.

A data subject may at any time prevent our website from setting cookies by selecting the appropriate setting in his or her web browser to permanently disallow cookies from being set. In addition, cookies which have already been set may be deleted at any time via a web browser or other software application. Such functionality is possible in all common web browsers. However, if a data subject deactivates the setting of cookies in his or her web browser, it is possible the subject might not be able to use all functions of our website to their full extent.

4. Collection of general data and information

The Terra Calidus GmbH website collects a series of general data and information every time a data subject or automated system accesses the website. This general data and information are stored in server log files. Data collected can include (1) the browser types and versions used to access the website, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites controlled through a system which accesses our website, (5) the date and time our website was accessed, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information which may be used to prevent risks in the event of attacks on our information technology systems.

In using these general data and information, Terra Calidus GmbH does not draw any conclusions about the data subject. Instead, this information is required to (1) correctly deliver the content of our website, (2) optimize the content of our website as well as its advertising, (3) ensure the long-term operability of our information technology systems and website technology, and (4) provide law enforcement authorities with information necessary for criminal prosecution in case of a cyber-attack. As a result, Terra Calidus GmbH analyses this anonymously collected data and information for statistical purposes, with the aim of increasing our company's data protection and data security, so that in the end we can ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

5. Registration on our website

Data subjects have the option of registering on the controller's website and giving the controller personal data. The personal data actually transmitted to the controller are determined by the specific input mask used for the registration. The personal data entered by a data subject are collected and stored exclusively for the controller's internal use and own purposes. The controller may arrange to have these data transferred to one or more processors (e.g. a parcel service) which will likewise exclusively use the personal data for some internal use associated with the controller.

The data subject's IP address, assigned to the subject by his or her Internet service provider (ISP), as well as the date and time of registration are also stored when a data subject registers on the controller's website. The reason such data are stored is because this is the only way we can prevent our services from being misused; in addition, these data to make it possible to investigate, if necessary, any offences which were committed. In this respect, storing such data is necessary to protect the controller. Such data are normally not shared with third parties unless there is a legal obligation to do so or if sharing these data is for the purpose of criminal prosecution.

A data subject's registration and voluntary sharing of personal data makes it possible for the controller to offer the data subject content or services which, due to their nature, may only be offered to registered users. Registered individuals are free at any time to change the personal data they gave at registration or to have these data completely deleted from the data maintained by the controller.

The controller is always available to provide to any data subject, upon request, what personal data on him or her are being stored. In addition, the controller shall, at the request or indication of a data subject, correct or erase his or her personal data provided this does not violate any legal obligations with regard to data storage. All employees of the controller are available to the data subject as points of contact in this respect.

6. Subscription to our newsletter

The Terra Calidus GmbH website gives its users the opportunity to subscribe to our company newsletter. The input mask used for this purpose determines what personal data are transmitted to the controller when the newsletter is ordered.

Terra Calidus GmbH keeps its customers and business partners regularly up-to-date by means of a newsletter describing company offers. As a result, a data subject will receive our company's newsletter only if (1) the data subject has a valid email address and (2) the data subject registers for a newsletter subscription. For legal reasons, when a data subject first registers for a newsletter subscription, a confirmation email is sent, as a double opt-in procedure, to the email address entered by the data subject. This confirmation email is used to confirm that the owner of the email address, as the data subject, authorised receipt of the newsletter.

Whenever a data subject subscribes to our newsletter, we also store the IP address assigned by the data subject's Internet service provider (ISP) to the computer system used by the data subject at the time of registration, as well as the date and time of the registration. Collecting these data is necessary in order to be able to track at a later time any (possible) misuse of a data subject's email address, and therefore serves as legal protection for the controller.

The personal data collected from a data subject when he or she subscribes to our newsletter are used only for the purpose of sending out the newsletter. In addition, newsletter subscribers may be notified by email to the extent that this is necessary for operation of the newsletter service or for registration in this regard. Such may be the case in the event of changes to our newsletter offering or changes in technical conditions. No personal data collected as part of our newsletter service will be shared with third parties. A data subject may cancel his or her subscription to our newsletter at any time. A data subject may also withdraw at any time his or her consent to the storage of personal data granted to us for purposes of sending out the newsletter. An appropriate link is provided in each newsletter for purposes of such withdrawal. Newsletter subscribers also have the option at any time of unsubscribing from the newsletter, either directly through the controller's website or by notifying the controller of this in a some other way.

7. Newsletter tracking

The Terra Calidus GmbH newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format and allows for log file recording and analysis. In turn, this makes possible a statistical analysis of the success or failure of an online marketing campaign. By using the embedded tracking pixel, Terra Calidus GmbH can determine whether an e-mail was opened by a data subject and if so when, and which links in the email were called up by data subjects.

The controller collects and analyses the personal data collected through the tracking pixels contained in newsletters to optimize how the newsletter is sent out and to adapt the content of future newsletters even better to the interests of the given data subject. These personal data are not shared with any third parties. In addition, data subjects have the right at any time to withdraw the separate consent they gave in this regard through the double-opt-in procedure. When a data subject does withdraw his or her consent in this regard, the controller will then erase the subject's personal data. Terra Calidus GmbH automatically considers a newsletter unsubscription as withdrawal of consent.

8. Contact possibility via the website

Due to legal requirements, the Terra Calidus GmbH website contains information which allows you to contact our company immediately through electronic means and also to communicate with us directly; this latter method involves a general address for electronic mail (email address). Whenever a data subject contacts the controller via email or through a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data shared voluntarily by a data subject with the data controller are stored for the purpose of processing or for contacting the data subject. Such personal data are not shared with third parties.

9. Routine erasure and blocking of personal data

The controller shall process and store the personal data of a data subject only for as long as this is necessary to achieve the purpose of the storage or as required under the laws or regulations imposed by European legislators or other legislators to which the controller is subject.

Should the storage purpose not apply, or when a storage period prescribed by European legislators or other competent legislators expires, the personal data shall be routinely blocked or erased in accordance with legal requirements.

10. Rights of the data subject

  • a)    Right to confirmation

All data subjects shall have the right, granted by European legislators, to demand from the controller confirmation as to whether or not personal data concerning him or her are being processed. Should a data subject wish to avail himself/herself of this right of confirmation, he or she may contact a controller employee at any time for this purpose.

  • b)    Right of access

All data subjects shall have the right, granted by European legislators, to obtain from the controller information on what personal data are being stored about him or her as well as a copy of this information. This may be done at any time and at no cost to the data subject. Furthermore, European legislators have deemed that data subjects shall be entitled to the following information:

  • the purposes of the processing
  • the categories of the personal data which are being processed
  • the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the expected period for which the personal data will be stored, or, if providing this information is not possible, the criteria used to determine that period
  • the existence of the right to have the data subject's personal data corrected or erased or to restrict the data's processing by the controller, or a right to object to this processing
  • the existence of the right to lodge a complaint with a supervisory authority
  • in cases where the personal data are not collected from the data subject: any available information regarding the source of the data
  • the existence of automated decision-making, including profiling, as defined under Article 22(1) and (4) of the GDPR and (at least in those cases) meaningful information about the logic involved as well as the implications and the expected consequences of such processing for the data subject

Furthermore, the data subject shall have a right to information as to whether his or her personal data were transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on appropriate safeguards relating to the transfer.

Should a data subject wish to avail himself or herself of this right of access, the data subject may contact a controller employee at any time for this purpose.

  • c)    Right to rectification

All data subjects shall have the right, granted by European legislators, to demand from the controller the immediate rectification of inaccurate personal data on him or her. Furthermore, the data subject shall have the right, taking into consideration the purposes of the processing, to demand the controller make complete any incomplete personal data, including by means of a supplementary explanation.

Should a data subject wish to exercise this right to rectification, he or she may consult a Controller employee at any time for this purpose.

  • d)    Right to erasure (right to be forgotten)

All data subjects shall have the right, granted by European legislators, to demand the controller immediately erase the personal data concerning him or her, providing one of the following reasons apply and provided the processing is not necessary:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • The data subject withdraws his or her consent on which the processing is based, in accordance with point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and there is no other legal basis for the processing.
  • The data subject files an objection to the processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject files an objection to the processing in accordance with Article 21(2) of the GDPR.
  • The personal data have been unlawfully processed.
  • Erasure of the personal data is required in order to fulfil a legal obligation under the Union or Member State law to which the controller is subject.
  • The personal data were collected in relation to an offer of information society services as defined under Article 8(1) of the GDPR.

Should one or more of the aforementioned reasons apply and a data subject wishes to arrange for the erasure of his or her personal data stored by Terra Calidus GmbH, the data subject may contact a controller employee at any time for this purpose. A Terra Calidus GmbH employee shall arrange for the erasure request to be fulfilled immediately.

In cases where Terra Calidus GmbH has made personal data public and our company, as a data processing controller, is obligated to erase the personal data in accordance with Article 17(1) of the GDPR, Terra Calidus GmbH shall take appropriate measures, including those of a technical nature and in consideration of available technology and implementation costs, to notify other controllers processing the personal data that the data subject has requested the erasure by these parties of all links to, copies of and replications of those personal data, provided the processing of these data is not required. An Terra Calidus GmbH employee shall arrange for the necessary measures on a case-by-case basis.

  • e)    Right of restriction of processing

All data subjects shall have the right, granted by European legislators, to demand the controller restrict the processing of his or her personal data, should one of the following conditions apply:

  • The accuracy of the personal data is disputed by the data subject, for a period of time making it possible for the controller to determine the accuracy of the personal data.
  • The processing is unlawful and the data subject declines the erasure of his or her personal data and instead demands restriction of their use.
  • The controller no longer requires the personal data for the purposes of the processing, but they are required by the data subject for the purpose of asserting, exercising or defending legal claims.
  • The data subject has filed an objection to the processing in accordance with Article 21(1) of the GDPR and it is still to be determined whether the legitimate grounds of the controller override those of the data subject.

Should one of the aforementioned conditions apply and a data subject wishes to demand restriction of the processing of his or her personal data stored by Terra Calidus GmbH, the data subject may contact a controller employee at any time for this purpose. The Terra Calidus GmbH employee will then arrange for restriction of the processing.

  • f)    Right to data portability

All data subjects shall have the right, granted by European legislators, to obtain the personal data he or she provided to a controller, in a structured, commonly used, machine-readable format. Furthermore, all data subjects shall have the right to transfer those data to a different controller without hindrance from the controller to which the personal data were originally provided, provided the processing is based on consent in accordance with point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, provided the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability in accordance with Article 20(1) of the GDPR, a data subject shall also have the right to have his or her personal data transferred directly from one controller to another, provided this is technically feasible and and provided the rights and freedoms of other individuals are not affected as a result.

A data subject may contact a Terra Calidus GmbH employee at any time to assert his or her right to data portability.

  • g)    Right to object

All data subjects shall have the right, granted by European legislators, to file an objection at any time, for reasons relating to his or her specific situation, to the processing of his or her personal data as based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to any profiling based on these provisions.

In the event such an objection is filed, Terra Calidus GmbH shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

In cases where Terra Calidus GmbH processes personal data for direct marketing purposes, the data subject shall have the right to file an objection at any time to the processing of his or her personal data for the purposes of such marketing. This also applies to profiling, to the extent that it is related to such direct marketing. Should a data subject object to Terra Calidus GmbH processing his or her personal data for direct marketing purposes, Terra Calidus GmbH will no longer process the personal data for those purposes.

In addition, a data subject has the right, for reasons relating to his or her specific situation, to file an objection to Terra Calidus GmbH processing his or her personal data for scientific or historical research purposes, or for statistical purposes as specified under Article 89(1) of the GDPR, unless such processing is necessary for performance of a task carried out in the public interest.

Any data subject who wishes to exercise his or her right to objection may directly contact any employee of Terra Calidus GmbH or another employee. In addition, the data subject is free, in connection with the use of information society services and notwithstanding Directive 2002/58/EC, to exercise his or her right to object by means of automated processes in which technical specifications are used.

  • h)    Automated decisions in individual cases, including profiling

All data subjects shall have the right, granted by European legislators, to not be subject to a decision based solely on automated processing, including profiling, which has a legal effect on him or her or significantly affects him or her in a similar manner, provided the decision (1) is not necessary for concluding or fulfilling a contract between the data subject and the controller, or (2) is not authorised by the Union or Member State legal regulations to which the controller is subject and these legal regulations contain appropriate measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is not made with the data subject's explicit consent.

If the decision (1) is necessary for concluding or fulfilling a contract between the data subject and the controller or (2) is made with the data subject's explicit consent, Terra Calidus GmbH shall take appropriate measures to safeguard the data subject's rights and freedoms and legitimate interests, including at least the right to obtain the intervention of an individual on the part of the controller, to express his or her point of view and to contest the decision.

Should a data subject wish to assert his or her rights with regard to automated decisions, the data subject may contact a controller employee at any time for this purpose.

  • i)    Right to withdraw data protection consent

All data subjects shall have the right, granted by European legislators, to withdraw at any time his or her consent to the processing of his or her personal data.

Should a data subject wish to exercise his or her right to withdraw such consent, the data subject may contact a controller employee at any time for this purpose.

11. Data protection provisions on the application and use of Google AdSense

The controller has integrated Google AdSense into this website. Google AdSense is an online service which makes it possible to place advertising on third-party sites. Google AdSense is based on an algorithm which selects the advertisements displayed on third-party sites so that they match the content of the third-party site. Google AdSense allows for an interest-based targeting of Internet users, implemented through the generation of individual user profiles.

The operating company of Google's AdSense component is Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

The purpose of Google's AdSense component to integrate advertisements on our website. Google AdSense places a cookie on the computer systems of data subjects. Cookies have already been explained above. By placing cookies, Alphabet Inc. makes it possible for the use of our website to be analysed. Every time a data subject calls up one of the individual pages on this website, which is operated by the controller and into which a Google AdSense component is integrated, the web browser on the computer system of the data subject will automatically arrange for data to be transferred to Alphabet Inc. through the Google AdSense component, for purposes of online advertising and the settlement of commissions. As part of this technical procedure, Alphabet Inc. obtains knowledge of personal data, such as the IP addresses of data subjects. Alphabet Inc. then uses these data for various purposes including tracking the origin of website visitors and clicks, thus enabling the creation of commission settlements.

As already described above, a data subject may at any time prevent our website from setting cookies, by selecting the appropriate setting in his or her web browser and thus permanently disallowing cookies from being set. Such a web browser setting would also prevent Alphabet Inc. from placing a cookie on the data subject's computer system. In addition, a data subject may at any time delete any cookies already placed by Alphabet Inc., through his or her web browser or some other software program.

Google AdSense also makes use of so-called tracking pixels. A tracking pixel is a miniature graphic embedded in web pages which allows for log file recording and analysis and in turn statistical analysis. These embedded tracking pixels make it possible for Alphabet Inc. to determine whether a web page was accessed by a data subject and if so when, and which links were clicked by the data subject. Among other purposes, tracking pixels serve to analyse the flow of visitors to a website.

Through Google AdSense, personal data and information, which also include a data subject's IP address which is required in order to record and bill displayed ads, are transferred to Alphabet Inc. in the U.S. These personal data are stored and processed in the United States. In some cases, Alphabet Inc. then shares these personal data, collected through the technical procedure described, with third parties.

Google AdSense is explained in greater detail at the following link: https://www.google.de/intl/de/adsense/start/.

12. Data protection provisions on the application and use of Google Analytics (including anonymisation function)

The controller has integrated the Google Analytics component (including its anonymisation function) on this website. Google Analytics is a web analytics service. Web analytics refers to the collection, gathering, and analysis of data on the behaviour of website visitors. Among other information, a web analysis service collects data on the website from which a data subject came (the so-called referrer), what sub-pages the data subject visited, how often the data subject accessed each sub-page and how long the data subject spent viewing each sub-page. Web analytics are mainly used for website optimization purposes and in order to carry out a cost-benefit analysis of Internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, U.S.

In order to implement web analytics through Google Analytics, the controller uses the additional function "_gat. _anonymizeIp". Google uses this function to abbreviate and anonymise the IP address of a data subject's Internet connection in cases where our web pages are accessed from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse the user flows on our website. Among other purposes, Google uses the data and information it collects to analyse the use of our website and to compile for us online reports which show the activities on our web pages, and to provide other services associated with the use of our website.

Google Analytics places a cookie on the computer systems of data subjects. The definition of cookies is explained above. By placing cookies, Google makes it possible for the use of our website to be analysed. Every time a data subject calls up one of the individual pages on this website, which is operated by the controller and into which a Google Analytics component is integrated, the web browser on the computer system of the data subject will automatically arrange for data to be transferred to Google through the Google Analytics component, for purposes of online analysis. As part of this technical procedure, Google obtains knowledge of personal data, such as the IP addresses of data subjects. Google then uses these data for various purposes including tracking the origin of website visitors and clicks, thus enabling the creation of commission settlements.

The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. Every time a data subject visits our web pages, these personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States. These personal data are stored by Google in the United States. In some cases, Google then shares these personal data, collected through the technical procedure described, with third parties.

As already described above, a data subject may at any time prevent our website from setting cookies, by selecting the appropriate setting in his or her web browser and thus permanently disallowing cookies from being set. Such a web browser setting would also prevent Google from placing a cookie on the data subject's computer system. In addition, a data subject may at any time delete any cookies already placed by Google Analytics, through his or her web browser or some other software program.

In addition, a data subject has the option of objecting to and preventing a collection by Google Analytics of data related to the use of this website, and to objecting to and preventing Google from processing these data. To do this, the data subject must download and install the browser add-on found at the link https://tools.google.com/dlpage/gaoptout. This browser add-on uses JavaScript to inform Google Analytics that data or information on web page visits must not be transmitted to Google Analytics. Google considers the installation of this browser add-on to be an objection. If the data subject's computer system is later deleted, formatted, or re-installed, the data subject must then re-install the browser add-on should he or she wish to disable Google Analytics. In cases where the browser add-on was uninstalled or deactivated by the data subject or some other individual within the subject's sphere of control, the option is available of re-installing or reactivating the browser add-on.

Additional information as well as the applicable data protection provisions from Google can be found at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/us.html. Google Analytics is explained in greater detail at the following link: https://www.google.com/analytics/.

13. Data protection provisions on the application and use of Google AdWords

The controller has integrated Google AdWords into this website. Google AdWords is an Internet advertising service which allows advertisers to place ads in both Google search engine results as well as the Google advertising network. Google AdWords allows an advertiser to specify specific keywords in advance, through which an ad will be displayed in Google search results only if a user uses the search engine to access a keyword-relevant search result. Ads within the Google Advertising Network are distributed to websites which are related to given topics, by means of an automatic algorithm which takes into account the previously specified keywords.

The operating company for Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

The purpose of Google AdWords is to promote our website through the inclusion of interest-related advertising on third-party websites and in Google search engine results, and the inclusion of third-party advertising on our website.

If a data subject reaches our website via a Google ad, Google places a so-called conversion cookie on the computer system of the data subject. The definition of cookies is explained above. A conversion cookie loses its validity after 30 days and is not used to identify the data subject. Assuming the conversion cookie has not expired, it is used to track whether specific sub-pages, e.g, the shopping cart of an online shop system, were called up on our website. The conversion cookie makes it possible for both Terra Calidus GmbH and Google to track whether a data subject who accessed our website through an AdWords ad generated sales, i.e. executed or cancelled a sale of goods.

Google uses the data and information collected through the use of the conversion cookie to create visit statistics for our website. Terra Calidus GmbH in turn uses these visit statistics to determine the total number of users who were referred to us through AdWords ads, i.e. to determine the success or failure of a given AdWords ad and to optimize our AdWords ads in the future. Neither our company, nor any other Google AdWords advertising customer, obtains information from Google which could identify a data subject.

Conversion cookies are used to store personal information, for example the web pages visited by a data subject. As a result, every time a data subject visits our web pages, these personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States. These personal data are stored by Google in the United States. In some cases, Google then shares these personal data, collected through the technical procedure described, with third parties.

As already described above, a data subject may at any time prevent our website from setting cookies, by selecting the appropriate setting in his or her web browser and thus permanently disallowing cookies from being set. Such a web browser setting would also prevent Google from placing a conversion cookie on the data subject's computer system. In addition, a data subject may at any time delete any cookies already placed by Google AdWords, through his or her web browser or some other software program.

In addition, a data subject has the option of objecting to interest-related advertising placed by Google. To do this, the data subject must access the link www.google.de/settings/ads from any web browser he or she uses and make the desired settings there.

Additional information as well as the applicable data protection provisions from Google can be found at https://www.google.com/intl/en/policies/privacy/.

14. Data protection provisions on the application and use of YouTube

The controller has integrated components of YouTube on this website. YouTube is an Internet video portal which allows video publishers to post video clips free of charge, and allows other users to view, rate and comment on these clips, likewise free of charge. YouTube makes it possible for users to publish all kinds of videos, so that users can use that web portal to access not only complete movies and TV broadcasts, but also music videos, trailers, and videos made by users themselves.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, United States. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

Every time a data subject calls up one of the individual pages on this website, which is operated by the controller and into which a YouTube component (YouTube video) was integrated, the web browser on the computer system of the data subject will automatically arrange for, through the YouTube component, a display of the corresponding YouTube component to be downloaded by YouTube. Additional information about YouTube can be found at https://www.youtube.com/yt/about/en/. As part of this technical procedure, both YouTube and Google obtain knowledge of what specific sub-page on our website was visited by the data subject.

If the data subject at the same time is also logged onto YouTube, YouTube can also identify, with each call to a sub-page which contains a YouTube video, what specific sub-page of our website was visited by the data subject. This information is compiled together by YouTube and Google and assigned to the YouTube account of the data subject.

As a result, YouTube and Google always obtains, through the YouTube component, information that a data subject has visited our website, assuming the data subject is also logged onto YouTube at the time he or she accessed our website. This takes place regardless of whether or not the data subject actually clicks on a YouTube video. Should a data subject not wish for such a transfer of information to YouTube and Google to take place, the data subject may prevent this transfer by logging off from his or her YouTube account before accessing our website.

YouTube's data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information on how YouTube and Google collect, process and use personal data.

15. Legal basis for processing

Art. 6(1) lit. a of the GDPR serves as the legal basis for our company for the processing operations for which we obtain consent for a specific processing purpose. Should the processing of personal data be necessary in order to fulfil a contract to which a data subject is party, as is the case, for example, when processing operations are necessary to supply goods or provide some other service, this processing shall be based on Article 6(1) lit. b of the GDPR. The same applies to such processing operations as are required in order to carry out pre-contractual measures, for example in the case of inquiries concerning our products or services. In cases where our company is subject to a legal obligation which requires that personal data be processed, such as for the fulfilment of tax obligations, such processing is based on Art. 6(1) lit. c of the GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. Such would be the case, for example, if a visitor to our company were injured and his name, age, health insurance information and other vital information would need to be shared with a doctor, hospital or some other third party. In this case, the processing would be based on Art. 6(1) lit. d of the GDPR. Finally, processing operations may be based on Article 6(1) lit. f of the GDPR. This legal basis is used for processing operations which are not covered by any of the aforementioned legal bases, when processing is necessary to ensure the legitimate interests pursued by our company or by a third party, provided these are not outweighed by the interests, fundamental rights and freedoms of the data subject. Such processing operations are permitted of us, in particular because they have been specifically mentioned by European legislators. Legislators considered that a legitimate interest in this regard could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 of the GDPR).

16. Legitimate interests in processing pursued by the controller or by a third party

In cases where the processing of personal data is based on Article 6(1) lit. f of the GDPR, our legitimate interest is to carry out our business activities in order to benefit the well-being of all our employees and our shareholders.

17. Period for which personal data are stored

The criterion used to determine the length of time for which personal data are stored is the applicable retention period under law. The corresponding data are routinely deleted upon expiration of that period, provided the data are no longer necessary in order to fulfil or initiate a contract.

18. Legal or contractual regulations governing the provision of personal data; necessity for contract conclusion; obligation of data subject to provide personal data; possible consequences of failure to provide such data

We wish to make it clear to you that the provision of personal data is sometimes required by law (e.g. tax regulations) or can be required due to contractual provisions (e.g. information on the contractual partner). Every now and then it may be necessary, when concluding a contract, for a data subject to provide us with personal data which must subsequently be processed by us. For example, a data subject is obligated to provide us with personal data when our company concludes a contract with him or her. Not providing these personal data would have the consequence that it would be impossible to conclude the contract with the data subject. Before a data subject provides us with personal data, he or she must contact one of our employees. Our employee will clarify with the data subject, on a case-by-case basis, whether provision of the personal data is required by law or by the contract or is necessary for conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

19. Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

Point of contact for data privacy

If you have any questions regarding the collection, processing or use of your personal data, or if you would like to obtain information on, correct, block or erase your personal data or withdraw any consent you have given, please contact: Terra Calidus GmbH, Ms. Annett Weber, Siemensstraße 37, 07546 Gera, Germany, +49 365 5161 8989, info@terra-calidus.de.


update status: May 2018