Data protection notice
With this data protection notice, we would like to inform you about how we process your personal data in connection with the use of our website and our online shop and inform you about our data protection measures.
1. Who processes your personal data?
The controller within the meaning of Art. 4 No. 7 of the German Data Protection Regulation ("GDPR") is
UVIS UV-Innovative Solutions GmbH
Aachener Str. 24
(hereinafter also referred to as "UVIS", "we", "us" or "our/s").
If you have any questions about this data protection declaration, the processing of your personal data, or if you wish to exercise your data protection rights, please contact us at the following address:
2. What data do we process from you and how?
When using our website or in the context of a business relationship, we process various categories of personal data. This includes the initiation, implementation and execution of a contract for our products and services. The relevant personal data includes, in particular, your personal and contact details (e.g. name, address, telephone number or e-mail address). Details and further information on specific processing operations can be found below.
3. Categories of personal data, purposes and legal bases
We process your personal data for various purposes based on the following legal framework:
In the case of merely informatic use of our website, only personal data transmitted by your browser is processed. This is the following personal data:
Date and time the website was accessed
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request came
Browser type and version
Operating system and its interface
The purpose of the processing is the trouble-free and system-safe provision of our website for the public and for the possible contacting of potential customers and interested parties regarding our products and services. In addition, we use statistical information about the use of our website.
For the trouble-free and system-secure provision of our website for the purely informative use of our website, the corresponding processing activity is carried out based on our legitimate interest (Art. 6 para. 1 lit. (f) GDPR). Our legitimate interest is the trouble-free and system-secure online presence in order to provide information about our company and the products and services we offer.
With regard to the use of statistical information about the use of our website, the corresponding processing activity is also based on our legitimate interest (Art. 6 para. 1 lit. (f) GDPR). In this context, we have a legitimate interest in obtaining information about the use of our website, for example for the optimisation of our online presence.
3.2 Contact forms
By using our contact forms, we process the personal and contact data you provide, at least your e-mail address.
The purpose of our contact forms is to receive and process enquiries about our company or our products and services.
The legal basis for our general contact form is our legitimate interest (Art. 6 para. 1 lit. (f) GDPR). We would like to process your enquiry in full and get in touch with you as soon as possible to address your concerns.
For the contact forms for our workshops, consulting services and the products TiTANO, ESCALITE and in our online shop for SOLUVA, the processing is based on the fulfilment of the contract, respectively for the implementation of pre-contractual measures (Art. 6 para. 1 lit. (b) GDPR). We would like to inform you comprehensively about our service portfolio and find solutions for your project together with you.
If you use our online shop to purchase our products (such as SOLUVA), we process your purchase data (e.g. order number, payment method, delivery and invoice addresses, delivery and order status) and your payment data (e.g. payment method, invoice address). Payment data includes further information in connection with payment processing. This concerns in particular your PayPal ID, but only if you wish to pay with PayPal.
The purpose of our online shop is to be able to offer you certain products from our range. Should you decide to purchase a product from our online shop, a further purpose is the execution of the purchase contract (including shipping and payment processing and the handling of, for example, returns and warranty cases), which also includes offering a customer service tailored to your needs. The legal basis for these processing activities is the implementation of pre-contractual measures or the fulfilment of the contract (Art. 6 para. 1 lit. (b) GDPR).
3.4 Service performance
If you have decided to make use of our services and/or products, the following data will be processed:
Account or payment data
Contract data, such as contract ID and contract history.
The purpose is to ensure a trouble-free performance of our business relationship. The basis of these processing operations is the fulfilment of the contract (Art. 6 para. 1 lit. (b) GDPR). Without the provision of this personal data, it is not possible for us to contact you and process the services offered.
3.5 Google Maps
We use Google Maps on our website to show the location of our company. The function enables the visual display of geographical information and interactive maps. In the process, Google also collects, processes and uses data from visitors to the websites when they call up the pages in which Google Maps maps are integrated. Your data may be transmitted to the USA.
The purpose of the processing is the trouble-free and system-safe provision and optimised presentation of our website for the public and for the possible contacting of potential customers and interested parties regarding our products and services.
For the trouble-free and system-safe provision of our website for the purely informatic use of our website, the corresponding processing activity takes place based on your consent to the processing of the data (Art. 6 para. 1 lit. (a) GDPR).
3.6 Google Fonts
Furthermore, we use Google Fonts. When a user calls up the website, the fonts are loaded via a Google server. This external call-up causes data to be transferred to Google, possibly also to the USA.
The purpose of this data processing is to ensure that our website is designed to meet the needs of our users, to ensure a uniform presentation of our website, and to improve the loading time and thus the performance of the website. In addition, the use of Google Fonts can bring an advantage in search engine placement.
The corresponding processing activity is therefore carried out based on our legitimate interest (Art. 6 para. 1 lit. (f) GDPR). Our legitimate interest is the trouble-free, fast and system-secure online presence in order to provide information about our company and the products and services we offer.
5. Third party websites
Our website contains links to and from third-party websites, for example, to our online presences on social networks such as Facebook, Instagram, Twitter, LinkedIn or XING. If you choose to click on one of these links and visit the respective website, we do not assume any responsibility or warranty for their content, or the privacy policies of the respective website operators.
6. Who are the recipients of your data and process them?
The personal data processed by us will only be disclosed to third parties if this is necessary for the fulfilment of the contract, if third parties have a legitimate interest in the disclosure, or if you have given your consent for this. In addition, personal data may be disclosed to third parties where we are required to do so by law or by enforceable governmental or court order. Your personal data may be disclosed to the following categories of recipients:
Subcontractors, in particular IT service providers for hosting, data processing and the provision of our website;
external consultants and service providers, such as tax advisors, lawyers;
Service providers for order processing
Shipping service providers, logistics companies
Payment service provider
7. Transfers of personal data to third countries
Your personal data may be transferred to third countries if this is necessary for the provision of our services or required by law, or if you have given your consent for this. In addition, your personal data may be transferred to our processors in third countries.
Please note that not all third countries offer an adequate level of data protection in the opinion of the European Commission. For transfers of personal data to third countries that do not have an adequate level of data protection in the opinion of the European Commission, we ensure before the transfer that an adequate level of data protection can be established through certain measures within the meaning of Art. 44 et seq. DSGVO (for example, by concluding standard contractual clauses) or that you have given us your express consent to do so. You can obtain a copy of these measures at any time. Please use the contact details provided above for this purpose.
We transfer your personal data to the following processors and third parties in third countries:
40 Namal Tel Aviv
Tel Aviv, Israel 6350671.
1600 Amphitheatre Parkway, Mountain View
CA 94043, USA
8. How long do we store your data?
We only store your personal data for as long as necessary. The duration of the processing of your personal data depends primarily on how this is necessary for the fulfilment of the contract, or we have a legitimate interest in the continued storage of your personal data.
We store the personal data processed as part of your use of our website (clause 3.1) for a maximum of seven (7) days in order to investigate malfunctions and for security reasons (for example, to investigate attempts to attack our website) and then delete it. If certain information that may contain personal data relating to you needs to be stored for longer for evidentiary purposes, it will exceptionally be stored for longer, if necessary, until the respective incident has been clarified.
We store the personal data processed in the context of a contact request (section 3.2) for as long as is necessary to process your request and then delete it.
In addition, we are bound by various statutory retention and documentation obligations, which result, for example, from the German Commercial Code (HGB) and the German Fiscal Code (AO). These periods can be up to ten years.
9. What are your obligations to provide personal data?
You only need to provide the personal data that is necessary for the initiation, implementation and settlement of our business relationship or that we are legally obliged to collect. If you do not provide us with this personal data, it will not be possible for us to establish the business relationship. Beyond this, there is no obligation to provide personal data.
10. Does automated decision making take place?
We do not intend to process your personal data for any automated decision-making process (including profiling).
11. What rights can you exercise regarding the processing of your personal data?
As a data subject, you are entitled to the following data protection rights in relation to your personal data, subject to the legal requirements:
Information (Art. 15 GDPR)
You have the right to request information about the data we hold about you and the extent to which we process your personal data, and to receive a copy of the personal data we hold about you.
Rectification (Art. 16 GDPR)
You have the right to demand the immediate rectification of incorrect personal data relating to you and the completion of incomplete personal data stored by us about you.
Erasure (“right to be forgotten”) (Art. 17 GDPR)
You have the right to demand the immediate erasure of the personal data we hold about you if the legal requirements are met. This is the case in particular if the following conditions are met:
Your personal data is no longer needed for the purposes for which it was collected;
The exclusive legal basis for the processing was your consent and you have withdrawn it;
You have objected to processing based on our legitimate interests (or those of a third party) on personal grounds and we cannot demonstrate that there are overriding legitimate grounds for processing;
Your personal data has been processed unlawfully; or
Your personal data must be erased to comply with legal requirements.
If we have transferred your data to third parties, we will inform them of the deletion where required by law. Please note that your right of erasure is subject to restrictions. For example, we do not have to or may not delete data that we still have to store due to legal retention periods. Data that we need to assert, exercise or defend legal claims are also excluded from your right of deletion.
Restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing (i.e. the marking of stored personal data with the aim of limiting their future processing) under certain conditions. The conditions are:
You dispute the accuracy of the personal data and we need to verify the accuracy of the personal data;
The processing is unlawful, but you object to the erasure of the personal data and instead request the restriction of the use of the personal data;
We no longer need your personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims;
You have objected to the processing and it is not yet clear whether our legitimate grounds outweigh yours.
In case of restriction of processing, the data will be marked accordingly and will – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or an EU Member State.
Data portability (Art. 20 GDPR)
Insofar as we process your personal data automatically based on your consent or a contract with you, you have the right to receive the data in a structured, common and machine-readable format and to transmit this data to another controller without hindrance from us. You also have the right to have the personal data transferred directly from us to another controller, insofar as this is technically feasible and insofar as this does not affect the rights and freedoms of other persons.
Objection (Art. 21 GDPR)
If we process your personal data based on legitimate interests or in the public interest, you have the right to object to the processing of your data on personal grounds. In addition, you have an unrestricted right to object if we process your data for our direct marketing.
In certain cases, we also grant you an additional, unrestricted right of objection as part of the balancing of interests.
Withdrawal of consent (Art. 7 (3) GDPR)
If you have given your consent for the processing of your personal data, you can withdraw this consent at any time. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.
Complaint to a supervisory authority (Art. 77 GDPR)
Furthermore, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data is not lawful. The right of appeal is without prejudice to any other administrative or judicial remedy. The contact details of the supervisory authority responsible for us are:
State Commissioner for Data Protection and Freedom of Information
Latest update: 01.06.2021