Privacy Policy
Privacy Policy
We are very pleased with your interest in our company. Data protection is of particular importance for Taurus® management.
The use of Taurus® websites is generally possible without providing personal data. However, if a person wishes to use our company’s special services via our website, the processing of personal data may be necessary. If personal data needs to be processed and there is no legal basis for this processing, we generally obtain the consent of the data subject.
The processing of personal data, such as a person's name, address, email address, or phone number, is always carried out in compliance with the General Data Protection Regulation and the national data protection regulations applicable to Taurus®. Through this data protection statement, our company aims to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. Additionally, the data subjects are informed about their rights through this privacy notice.
Taurus® is the data controller and has implemented numerous technical and organizational measures to ensure the most comprehensive protection of personal data processed on this website. However, internet-based data transfers may, in principle, involve security risks, which is why absolute protection cannot be guaranteed. Therefore, each data subject has the right to share their personal data with us through alternative methods, such as by phone.
1. Definition of Terms
The Taurus® privacy policy is based on the terms used by the European Directives and Regulators when the General Data Protection Regulation (GDPR) was established. Our privacy statement is intended to be easily readable and understandable for both the public as well as our customers and business partners. To ensure this, we would like to first explain the terms used.
In this privacy policy, we use the following terms:
• a) Personal Data
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural, or social identity of that person.
• b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.
• c) Processing
Processing refers to any operation or set of operations performed on personal data, whether by automated means or without automation. These operations include the collection, recording, organization, structuring, storage, alteration or modification, retrieval, consultation, use, transmission, distribution or provision in another way, comparison or combination, restriction, erasure, or destruction of personal data.
• d) Restriction of Processing
Restriction of processing refers to marking stored personal data in order to limit its future processing.
• e) Profiling
Profiling is a type of automated processing of personal data, where such data is used to evaluate certain personal aspects related to a natural person. Specifically, it involves analyzing or predicting aspects such as the person's work performance, economic situation, health, personal preferences, interests, reliability, behavior, residence, or movements.
• f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information. This additional information must be kept separate and subject to technical and organizational measures to ensure that the personal data cannot be attributed to a specific identified or identifiable natural person.
• g) Controller or Data Controller
The controller or data controller is the entity that determines the purposes and means of processing personal data.
The controller or data controller is the natural or legal person, public authority, agency, or other body that alone or jointly determines the purposes and means of processing personal data. If the purposes and means of processing are determined by EU law or the law of member states, the controller or specific assignment criteria are established in accordance with EU law or the law of the member states.
• h) Data Processor
A data processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
• i) Recipient
A recipient is a natural or legal person, public authority, agency, or other body to whom personal data is disclosed; this applies regardless of whether they are a third party. However, public authorities that may receive personal data under EU law or the law of member states in the context of a specific inquiry are not considered recipients.
• j) Third Party
A third party is any natural or legal person, public authority, agency, or other body who is not the data subject, the controller, the data processor, or any person authorized to process personal data under the direct responsibility of the controller or data processor.
3. Collection of General Data and Information
The Taurus® website collects a set of general data and information each time it is accessed by a data subject or an automated system. These general data and information are stored in the server's log files. The following data may be collected: (1) types and versions of the browser used, (2) the operating system used by the accessing system, (3) the website from which an accessing system has reached our website (so-called referrer), (4) the subpages of our website that are accessed via an accessing system, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information that serve to protect our information technology systems in the case of cyberattacks.
Taurus® does not draw any conclusions about the data subject when using this general data and information. This information is necessary for (1) presenting the content of our website correctly, (2) optimizing the content and advertisements on our website, (3) ensuring the continuous functionality of our information technology systems and website, and (4) providing the necessary information to law enforcement agencies in the event of a cyberattack. These anonymously collected data and information are evaluated statistically by Taurus® and are also used to enhance data protection and data security within our company. This helps to ensure an optimal level of protection for the personal data we process. The server log’s anonymous data is stored separately from all personal data provided by the data subject.
4. Possibility of Contact via the Website
The Taurus® website contains information that enables quick electronic communication with our company, as required by legal regulations; this also includes the so-called email address. If a data subject contacts the data controller via email or a contact form, the personal data transmitted by the data subject will be automatically stored. These personal data, voluntarily provided by the data subject to the data controller, are stored for the purpose of processing or contacting the data subject. These personal data will not be transferred to third parties.
5. Routine Deletion and Blocking of Personal Data
The data controller is required to process and store the data subject’s personal data only for as long as necessary to achieve the purpose of storage; or as stipulated by the European directives and regulations, or other laws or regulations to which the data controller is subject.
When the purpose of storage no longer exists, or when the retention period specified by the European directives and regulations, or other competent legislative bodies, has expired, personal data will be routinely blocked or deleted in accordance with legal regulations.
6. Rights of the Data Subject
• a) Right to Confirmation
Every data subject has the right, in accordance with the rights granted by the European directives and regulations, to request the data controller to confirm whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they may always contact an employee of the data controller.
• b) Right to Information
Every data subject whose personal data is being processed has the right, under the rights granted by the European directives and regulations, to obtain free information from the data controller about the personal data stored concerning them and to obtain a copy of this information. Additionally, the European directives and regulations grant the data subject the right to obtain the following information:
The data subject has the right to know whether their personal data has been transferred to a third country or to an international organization. If such a transfer occurs, the data subject also has the right to be informed about the appropriate safeguards concerning the transfer.
If a data subject wishes to exercise this right to information, they may always contact an employee of the data controller.
• c) Right to Rectification
Every data subject whose personal data is being processed has the right, under the rights granted by the European directives and regulations, to request the immediate correction of any inaccurate personal data concerning them. Additionally, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing; this may also be done by providing an additional statement.
If a data subject wishes to exercise this right to rectification, they may always contact an employee of the data controller.
• d) Right to Erasure (Right to be Forgotten)
Every data subject whose personal data is being processed has the right, under the rights granted by the European directives and regulations, to request the immediate deletion of personal data concerning them, provided that one of the following conditions is met and processing is no longer necessary:
If one of the conditions mentioned above applies, and a data subject requests the deletion of their personal data stored by Taurus®, they may always contact an employee of the data controller. The Taurus® employee will initiate the necessary procedures to ensure the deletion request is carried out promptly.
If the personal data has been made public by Taurus® and the company is obligated to delete the personal data under Article 17, paragraph 1, Taurus® will take appropriate measures, considering the costs of current technology and implementation, to inform other data controllers that the data subject has requested the deletion of all links, copies, or replications of personal data held by these other data controllers, where processing is no longer necessary. The Taurus® employee will initiate the necessary actions in each case.
• e) Right to Restriction of Processing
Every data subject whose personal data is being processed has the right, under the rights granted by the European directives and regulations, to request the restriction of processing by the data controller, if one of the following conditions is met:
If one of the conditions mentioned above applies, and a data subject wishes to request the restriction of their personal data stored by Taurus®, they may always contact an employee of the data controller. The Taurus® employee will ensure that the processing is restricted accordingly.
• g) Right to Object
Every data subject whose personal data is being processed has the right, under the rights granted by the European directives and regulations, to object at any time to the processing of their personal data, which is carried out on the basis of Article 6(1)(e) or (f) due to their specific situation. This includes the creation of profiles based on these provisions.
If the data subject lodges an objection, Taurus® will no longer process the personal data. However, this will not apply if the data controller can demonstrate compelling legitimate grounds for the processing that override the data subject's rights and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
If Taurus® processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing, which includes profiling related to direct marketing. If the data subject objects to the processing of personal data for direct marketing purposes, Taurus® will no longer process the personal data for such purposes.
Additionally, the data subject has the right to object to the processing of their personal data for scientific, historical research, or statistical purposes at Taurus®, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object, the data subject may directly contact any employee of Taurus® or another staff member. Furthermore, the data subject has the right to object using automated means related to the use of information society services, in accordance with Directive 2002/58/EG, and may do so using technical specifications.
• h) Automated Decisions in Individual Cases, Including Profiling
Every data subject whose personal data is being processed has the right, under the rights granted by the European directives and regulations, not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning the data subject or similarly significantly affects them, unless one of the following conditions applies:
- The decision is necessary for the performance or the conclusion of a contract between the data subject and the data controller;
- The decision is based on the data controller's legal obligations under Union or Member State law, which include appropriate safeguards for the rights and freedoms, as well as the legitimate interests, of the data subject;
- The decision is based on the explicit consent of the data subject.
If the decision is necessary for the conclusion or performance of a contract, as described in point 1, or if it is based on the explicit consent of the data subject as mentioned in point 2, Taurus® takes the necessary measures to protect the data subject's rights, freedoms, and legitimate interests. These measures at a minimum include the right for the data subject to obtain human intervention, to express their point of view, and to contest the decision.
If a data subject wishes to exercise their rights regarding automated decisions, they can always contact an employee of the data controller.
• i) Right to Withdraw Consent for Data Processing
Every data subject whose personal data is being processed has the right, under the rights granted by the European directives and regulations, to withdraw their consent for the processing of their personal data at any time.
If a data subject wishes to exercise their right to withdraw consent, they can always contact an employee of the data controller.
7. Legal Basis for Processing
Article 6 of the GDPR provides the legal basis for processing operations within our company in situations where consent is obtained for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party — for example, in cases such as the delivery of goods or the provision of another service — the processing is considered valid under Article 6(1)(b) of the GDPR. This also applies to pre-contractual operations, such as requests related to our products or services. If our company is subject to a legal obligation that requires the processing of personal data — such as fulfilling tax obligations — the processing is valid under Article 6(1)(c) of the GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another individual. For example, if a visitor at our business is injured and their name, age, health insurance information, or other vital details need to be provided to a doctor, hospital, or other third parties, the processing will be valid under Article 6(1)(d) of the GDPR.
Finally, processing operations may also be valid under Article 6(1)(f) of the GDPR. This legal basis applies to processing operations that are not covered by any of the aforementioned legal bases, but where the processing is necessary for the legitimate interests of our company or a third party, and the interests, rights, and freedoms of the data subject are not overridden by those interests. Such processing operations are specifically recognized by European legislative bodies. In this context, it has been expressed that the legitimate interest may be recognized when the data subject is a customer of the data controller (Recital 47, sentence 2 of the GDPR).
8. Legitimate Interests Pursued by the Data Controller or a Third Party
If the processing of personal data occurs under Article 6(1)(f) of the GDPR, our legitimate interest is to carry out our business operations in order to ensure the well-being of all our employees and shareholders.
9. Retention Period for Personal Data
The retention period for personal data is determined by the applicable legal retention period. Once this period expires, the relevant data is routinely deleted, unless it is still necessary to fulfill contractual requirements or pre-contractual processes.
10. Legal or Contractual Provisions Regarding the Provision of Personal Data; Requirement for Contract Signing; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Not Providing Data
We would like to note that the provision of personal data may be partly required by law (e.g., tax regulations) or may arise from contractual provisions (e.g., information about the contract party). In some cases, in order to sign a contract, the data subject may be required to provide us with personal data, which must then be processed. For example, if the data subject is going to sign a contract with our company, they are obligated to provide personal data. Failure to provide personal data may prevent the contract from being signed with the data subject. Before providing personal data, the data subject should contact one of our employees. Our employee will provide information tailored to the situation, explaining whether the provision of personal data is legally or contractually required, whether it is necessary for signing the contract, and the possible consequences of not providing the personal data.
11. Automated Decision Making
As a responsible company, we do not engage in automated decision making or profiling.
This privacy policy has been created in collaboration with data protection experts from DGD Deutsche Gesellschaft für Datenschutz GmbH, who serve as the external Data Protection Officer in Oberbayern, and the lawyers from WILDE BEUGER SOLMECKE | Law Firm.