Privacy policy
Sect. 1 General
In the following we inform about the processing of personal data when using our website https://www.1st-commodity.com. The person responsible for data processing is:

1st Commodity GmbH
Beethovenstrasse 1
28876 Oyten
Telephone: 04207 - 909 3520
info[at]1st-commodity.com

Personal data are all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. In this way, we would like to inform you about our processing operations and at the same time comply with the legal obligations, in particular from the EU General Data Protection Regulation (GDPR). We will process your personal data (e.g. title, name, address, e-mail address, phone number) solely in accordance with the provisions of the German data protection law and the data protection law of the European Union (EU). The following provisions will inform you, besides the information about the processing purposes, recipients, legal bases and storage periods, also about your rights and the controller for your data processing. This privacy policy applies only to our websites. If you are directed to other sites via links on our pages, please familiarise yourself with the respective use of your data there.

Sect. 2 Processing of personal data when visiting our website
During the informational use of the website, i.e. the mere viewing without registration and without you providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us. The legal basis is Art. 6 para. 1 p. 1 lit. f) GDPR:

- IP address
- Date and time of the request
- time zone difference to Greenwich Mean Time (GMT)
- Content of the request (page visited)
- Access status/HTTP status code
- amount of data transferred
- previously visited page
- Browser
- operating system
- language and version of the browser software.

Sect. 3 Processing of personal data when contacting us
If you send us inquiries via the contact form, your message/message (comment) including the contact data you provided there will be stored and processed accordingly for the purpose of processing and answering the inquiry as well as for the case of follow-up questions. We do not pass on this data to third parties unless this is necessary in the context of processing and answering your contact request or you have given us your corresponding consent. If you contact us within the framework of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be processed for the purpose of processing and responding to your contact request in accordance with Art. 6 (1) sentence 1 lit. b GDPR (legal basis). Otherwise, to protect our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR for the proper response to customer/contact inquiries.
If you contact us by e-mail or telephone, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent. The processing of this data is based on Art. 6 (1) p. 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 para. 1 p. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 p. 1 lit. a GDPR) if this was requested. The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

Sect. 4 Other purposes of processing
Compliance with legal requirements: We also process your personal data to comply with other legal obligations that may apply to us in connection with our business activities. These include, in particular, retention periods under commercial, trade or tax law. In doing so, we process your personal data in accordance with Article 6 (1) sentence 1 lit. c GDPR (legal basis) to fulfill a legal obligation to which we are subject.
Legal enforcement: We also process your personal data in order to assert our rights and enforce our legal claims. Likewise, we process your personal data to be able to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or prosecute criminal offences. In this regard, we process your personal data to protect our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR (legal basis), insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal acts (legitimate interest).
Consent: Insofar as you have given us consent to process personal data for certain purposes (e.g. sending information material and offers), the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. Please note that the revocation is only effective for the future and processing until then is not affected.

Sect. 5 Recipients of data
Within the company 1st Commodity GmbH, those departments will receive access to your data that need it to fulfill our contractual and legal obligations.
Service providers and vicarious agents used by us (e.g. web hosters, web designers, IT service providers, payment service providers) may also receive data for these purposes. We limit the transfer of your personal data to what is necessary, taking into account the requirements of data protection law. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR. In some cases, the recipients receive your personal data as processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently in their own data protection responsibility and are also obliged to comply with the requirements of the GDPR and other data protection regulations. Finally, in individual cases, we transmit personal data to our consultants in legal or tax matters, whereby these recipients are obligated to maintain special confidentiality and secrecy due to their professional status.

Sect. 6 Automated decision-making/profiling
We do not use automated decision-making that has legal effect on you or affects you.

Sect. 7 Duration of data storage
We initially process and store your personal data for the duration for which the respective purpose of use requires corresponding storage (see above for the individual processing purposes). If applicable, this also includes the periods of initiating a contract (pre-contractual legal relationship) and processing a contract. On this basis, personal data is regularly deleted as part of the fulfillment of our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:

- Fulfillment of legal retention obligations, which result, for example, from the German Commercial Code (§§ 238, 257 para. 4 HGB) and the German Fiscal Code (§ 147 para. 3, 4 AO). The periods specified there for storage or documentation are up to ten years.
- Preservation of evidence taking into account the statute of limitations. According to Sections 194 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.

Sect. 8 Data security
Personal data is protected by us by means of suitable technical and organizational measures in order to ensure an appropriate level of protection and to safeguard the personal rights of the persons concerned. The measures taken serve, among other things, to prevent unauthorized access to the technical equipment used by us and to protect personal data from unauthorized disclosure by third parties. In particular, this website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as your contact requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. Nevertheless, we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is therefore not possible.

Sect. 9 Rights of the data subject
If your personal data is being processed, you are the ‘data subject’ in terms of GDPR and you have the following rights towards the controller:

1. Right of access by the data subject
You may ask the controller to confirm whether your personal data is processed.
In the case of such processing, you may request the following information from the controller:
(1) the purposes of the processing of the personal data;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the estimated period of time for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the right to request from the controller to rectify or erase the personal data or the right to restrict the processing of personal data concerning the data subject or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) the right to all available information on the source of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information for your about the logic involved, as well as the consequences and intended effects of such processing.
As a data subject, you have the right to be informed whether the personal data concerning you are transferred to a third country or to an international organisation. In this regard, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification
You have the right to have corrected and/or completed your personal data from the controller if your personal data processed is incorrect or incomplete. The controller has to make the correction without delay.

3. Right to restriction of processing
You have the right to obtain from the controller restriction of processing where one of the following applies:
(1) if you contest the accuracy of the personal data relating to you for a period of time that enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to erase the personal data and request the restriction of the use of the personal data instead;
(3) the controller no longer needs the personal data for the purposes of processing, but you need them to establish, exercise or defend legal claims; or
(4) if you have lodged an objection against the processing in accordance with Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your grounds.
Where processing of personal data relating to you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the purpose of establishing, exercising or defending legal claims or for the protecting of the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the conditions mentioned above, you will be informed by the controller before the restriction of processing is lifted.

4. Right to erasure
a) Obligation regarding erasure
You have the right to obtain from the controller the erasure of your personal data immediately and the controller is obliged to erase this data without delay where one of the following reasons applies:
(1) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(2) you withdraw your consent on which the processing is based accordance to point (a) of Article 6 (1), or point (a) of Article 9 (2) GDPR and where there is no other legal ground for the processing;
(3) you submit an objection to the processing accordance to Article 21 (1) of the GDPR, and there are no legitimate reasons for the processing, or you lodge an objection against the processing accordance to Article 21 (2) of the GDPR;
(4) your personal data have been unlawfully processed;
(5) your personal data need to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) your personal data have been collected in relation to the offer information society services referred to Article 8 (1);

b) Obligation to inform other controllers (third parties)
If the controller has made your personal data public and is obliged to erase them accordance to Article 17 (1) of the GDPR, he has to take reasonable steps, taking into account the available technology and the cost of implementation, including technical measures, to inform the controllers who process the personal data that you, as the person concerned, have requested the erasure of any links to, or copy or replication of those personal data.

c) Exceptions
The right to erasure does not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for fulfilment of a legal obligation which requires processing by the law of the Union or of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or the exercise of official authority transferred to the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 (2) as well as Article 9 (3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research or for statistical purposes in accordance with Article 89 (1), insofar as the right referred to in paragraph 1 is likely to make it impossible or seriously impair the achievement of the objectives of such processing; or
(5) for the establishing, exercising or defending legal claims.

5. Notification obligation
If you have made use of your right to correct, erase or restrict the processing of your personal data, the controller is obliged to inform all recipients to whom the personal data have been disclosed of this correction or erasure of the data or limitation of the processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.

6. Right to data portability
You have the right to receive the personal data relating to you which you have provided to the data controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller, who has been provided with the personal data, where:
(1) the processing is based on a consent in accordance with the point (a) of Article 6 (1) or point (a) of Article 9 (2) or on a contract in accordance with the point (b) of Article 6 (1); and
(2) the processing is carried out using automated means.
In exercising this right, you also have the right to have your personal data are transmitted directly from one controller to another, as far as this is technically feasible. Freedoms and rights of other persons may not be affected thereby.
The right to data portability is not applicable to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority given to the data controller.

7. Right to object
For reasons arising from your particular situation, you have the right to object at any time to processing of personal data concerning you, which is carried out based on point (e) or (f) of Article 6 (1); this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you, unless the controller can prove that there are compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims. Where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling, insofar as it is related to such direct marketing. Where you object to the processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for these purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility of exercising your right to object by automated means using technical specifications.

8. Right to withdraw the declaration of consent under Data Protection Act
You have the right to withdraw your declaration of consent under Data Protection Act at any time. The withdrawal of the consent does not affect the legality of the processing carried out on the basis of the consent until the withdrawal.

9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on you or which significantly impairs you in a similar manner.
This does not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and a data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions may not be based on special categories of personal data in accordance with Article 9 (1), unless point (a) or (g) of Article 9 (2) applies and appropriate measures to safeguard the rights and freedoms and your legitimate interests are in place.
Regarding the cases referred to in (1) and (3), the data controller has to take appropriate measures to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the data controller, to state his or her own position and to contest the decision.

10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes this Regulation.
The supervisory authority with which the complaint has been lodged is to inform the complainant on the progress and the outcome of the complaint including the possibility of judicial remedy accordance to Article 78.

Sect. 10 Obligation to provide data
In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to provide you with unrestricted access to our website or answer your inquiries to us. Personal data that we do not absolutely require for the above-mentioned processing purposes are marked accordingly as voluntary information.


Status of the Privacy Policy: 23.12.2021
DEU | ENG