Privacy policy

Name and contact for the controller according to Article 4(7) DSGVO

Süddeutsches Lackwerk
Zelle GmbH & Co. KG  

Velaskostrasse 10
D-85622 Feldkirchen 

Telephone +49 89 9077 840
Fax            +49 89 9044 149

Data protection officer
Süddeutsches Lackwerk
Zelle GmbH & Co. KG 
Thomas di Filippo
Velaskostrasse 10
D-85622 Feldkirchen

Telephone +49 89 9077 840
Fax            +49 89 9044 149

Security and protection of your personal data
We consider it our primary responsibility to maintain the confidentiality of the personal data you provide and protect it from unauthorised access. We, therefore, exercise the utmost care and apply the most up-to-date security standards to ensure the maximum possible protection of your data.
As a private company, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the German Federal Data Protection Act. We have the taken technical and organisational measures to ensure that the data protection rules are respected both by us and our external providers.

The legislation requires personal data to be processed lawfully, in good faith, and be understandable to the person concerned (‘lawfulness, fairness and transparency’). To ensure this, we would like to explain the following individual legal terms (Article 4 GDPR) that are used in this privacy policy:

1. Personal data
‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter the ‘data subject’); an identifiable natural person is one who can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, online identifier, or to one or more features specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

2. Processing
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, reading or retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, matching or linking, restriction, deletion or destruction;

3. Restriction of processing
'Restriction of processing’ means marking stored personal data with the aim of limiting their processing in the future.

4. Profiling
‘Profiling’ means any form of automated processing of personal data which involves the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movements.

5. Pseudonymisation
‘Pseudonymisation’ means the processing of personal data in a manner such that the personal data is no longer attributable to a specific data subject without the provision of additional information, provided that such information is kept separately and is subject to technical and organisational measures so that the personal data are not attributable to an identified or identifiable natural person.

6. Filing system
‘Filing system’ means any structured collection of personal data which are accessible according to specific criteria, whether centralised, decentralised or organised on a functional or geographical basis.

7. Controller
‘Controller’ means a natural or legal person, public authority, agency or body that alone or jointly with others, decides on the purposes and means of processing personal data; where the purposes and means of such processing are laid down by EU law or the law of member states, the controller or the specific criteria for the controller's nomination may be provided for under EU or member state law.

8. Processor
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9. Recipient
‘Recipient’ means a natural or legal person, public authority, agency or another body to which personal data are disclosed, whether this is a third party or not. However, authorities which may receive personal data under EU or member state law in the course of a specific investigation are not considered to be recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing

10. Third party
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor or the person(s) under the direct authority of the controller or processor authorised to process the personal data.

11. Consent
'Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or clear affirmative action, signifies their agreement to the processing of their personal data.

Lawfulness of processing
The processing of personal data is only lawful if there is a legal basis for processing it. According to Article 6(1)(a–f) GDPR, processing shall be lawful only if and to the extent that at least one of the following applies:

a) the data subject has given their consent to the processing of his or her personal data for one or more specific purposes;
b) processing is necessary for the fulfilment of a contract to which the data subject is a party or to carry out pre-contractual measures at the request of the data subject before entering into a contract;
c) processing is necessary to comply with a legal obligation to which the controller is subject;
d) processing is necessary to protect the vital interests of the data subject or of another natural person;
e) processing is necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller;
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or of a third party unless the interests or fundamental rights and freedoms of the data subject requiring personal data protection prevail, in particular where the data subject is a child.

Information on the collection of personal data
1) Below we inform about the collection of personal data when using our website. Personal data is, for example, your name, address, email addresses, or user behaviour.
2) When you contact us using email or a contact form, the data you provide (your email address, name and telephone number, if applicable) will be stored by us to answer your questions. We delete the data collected in this context after storage is no longer required or the processing is restricted if any legal obligations for its storage exist.

Collection of personal data when visiting our website
If you use our website purely for information purposes, e.g. if you do not register or otherwise provide us with information, we will only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data and store them on the website server as ‘server log files’ which are technically required for us to inform you of the services on our website and to ensure its stability and security according to Article 6(1)(f) DSGVO:

– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Name and URL of the requested page
– Access status/HTTP status code
– Each transmitted amount of data
– The website from which the request originates
– Browser
– Operating system and its interface
– Language and version of the browser software

Use of cookies
1) In addition to the previously mentioned data, cookies are also stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and provide certain information to the body that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective.
2) This website uses the following types of cookies, the scope and functionality of which are explained below:
– Transient Cookies (see a)
– Persistent Cookies (see b)

a) Transient cookies get automatically deleted when you close the browser. These also include what are known as session cookies. They store a so-called session ID, with which various requests from your browser can be assigned to the shared session, allowing your computer to be recognised when you return to our website. The session cookies get deleted when you log out or close your browser.
b) Persistent cookies get automatically deleted after a specified period, which may vary depending on each cookie. You can delete cookies in the security settings of your browser at any time
c) You can configure your browser’s settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. These so-called ‘third party cookies’ are cookies that have been set by a third party and, therefore, not by the actual website you are currently visiting. Please note that with cookies disabled, you may not be able to use all the features of this website.

More features and services of our website
1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do this, you generally need to give additional personal information which we use to provide the respective service and for which the previously mentioned data processing principles apply.
2) In some cases, we use external service providers to process your data. These providers have been carefully selected and commissioned by us, are bound by our instructions, and monitored regularly.
3) We may also disclose your personal information to third parties if participation in promotions, competitions, contracts or similar services offered by us are in cooperation with partners. For more information, please refer to your personal data or by viewing the description of the offer.
4) If our service providers or partners reside in a country outside the European Economic Area (EEA), we will inform you of the consequences of this situation in the description of the offer.

Our offers are primarily for adults. Persons under the age of 18 should not submit any personal data to us without the consent of a parent or legal guardian.

Rights of the data subject
1. Withdrawal of consent
If you have consented to the processing of personal data, you have the right to withdraw this consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can contact us at any time to exercise your right of withdrawal.

2. Right to confirmation
You have the right to obtain confirmation from the controller as to whether or not we are processing personal data concerning you. You can ask for confirmation any time using our contact details (above).

3. Right to information
If personal data is processed, you can request information about this personal data and the following information at any time: 

a) the purposes of the processing; 
b) the categories of personal data being processed;
c) the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular to recipients in third countries or to international organisations;
d) if possible, the planned duration for which the personal data shall be stored or, if that is not possible, the criteria used for determining that duration;
e) the existence of the right to rectification or erasure of personal data concerning you or to a restriction of processing by the controller or the right to object to such processing;
f) the existence of a right of appeal to a supervisory authority;
g) if the personal data are not collected from the data subject, all available information on the source of the data;
h) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

If personal data are transmitted to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards under Article 46 of the GDPR in connection with the transfer. We provide a copy of the personal data that is the subject of the processing. For any additional copies you request, we may charge a reasonable fee based on the administrative costs. If you submit the application electronically, the information must be in a standard electronic format, unless otherwise stated. The right to receive a copy under Paragraph 3 shall not infringe the rights and freedoms of others.

4. Right to rectification  
You have the right to demand from us the immediate correction of incorrect personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by way of a supplementary statement.

5. Right to erasure (‘right to be forgotten’)
You have the right to request the controller immediately erase personal data about you without undue delay, and we are obliged to erase personal data without undue delay where one of the following grounds applies:

a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the data subject withdraws the consent on which the processing was based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and where there is no other lawful basis for the processing;
c) according to Article 21(1) of the GDPR, the data subject objects to the processing and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing according to Article 21(2) GDPR.
d) the personal data were processed unlawfully;
e) the erasure of personal data is necessary to fulfil a legal obligation under EU or the member state law to which the controller is subject;
f) the personal data collected were in relation to information society services offered according to Article 8(1) of the GDPR.

If the controller has made the personal data publicly available and is required to delete it according to Paragraph 1, they shall take reasonable measures, including technical measures, taking into account the technology available and the costs of implementation, to inform the data processors who process the personal data, that a data subject has requested them to delete all links to those personal data or copies or replications of those personal data.

The right to erasure (‘right to be forgotten’) does not exist insofar as the processing is necessary:  
– to exercise the right to freedom of expression and information;
– to fulfil a legal obligation under EU or member state law to which the controller is subject, or in the performance of a task in the public interest or in the exercise of official authority vested in the controller;
–on the grounds of public interest with regard to public health under Article 9(2)(h) and (i) and Article 9(3) GDPR;
– for archival, scientific or historical research purposes in the public interest or for statistical purposes under Article 89(1) GDPR, where the law referred to in 1 is likely to render it impossible or seriously affect the achievement of the objectives of that processing, or  
– to establish, exercise or defend legal claims.

6. The right to the restriction of processing
You have the right to demand we restrict the processing of your personal data if any of the following conditions apply:

a) the accuracy of the personal data is disputed by the data subject for a period to allow the controller time to verify the accuracy of the personal data;
b) the processing is unlawful, and the data subject refuses to the erasure of their personal data but instead requests that the use of the personal data be restricted;
c) the controller no longer needs the personal data for processing, but the data subject requires them to establish, exercise or defend legal claims; or
d) the data subject has lodged an objection to processing under Article 21(1) GDPR, while it remains uncertain whether the controller’s legitimate reasons outweigh those of the data subject.

Where there is a restriction of processing in accordance with the above conditions, these personal data shall not be processed, except with the consent of the data subject or for purposes of establishing or defending legal claims or in protecting the rights of another natural or legal person or for reasons of public interest to the EU or a member state. 

The data subject may contact us any time using our contact details (above) to exercise their right to the restriction of processing

7. Right to data portability
You have the right to obtain the personal data you provide to us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without interference from the controller to whom the personal data was provided, where:

a) the processing is based on a consent under Article 6(1)(a) or Article 9(2)(a) or on a contract under Article 6(1)(b) GDPR; and
b) the processing is carried out by automated means.

When exercising your right to data portability according to 1, you have the right to have your data transmitted directly from one controller to another, insofar as this is technically feasible.
The exercise of the right to data portability does not affect the right to erasure (‘right to be forgotten’). This right shall not apply to processing necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller.

8. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you carried out under Article 6(1)(e) or (f) GDPR, including profiling based on these provisions. The controller will no longer process the personal data unless they can demonstrate compelling legitimate reasons for the processing which outweigh the interests, rights and freedoms of the data subject or the processing is for the establishment, exercise or defence of legal claims.

Where personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of your data for the purpose of such advertising, which also includes profiling to the extent that is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

Notwithstanding Directive 2002/58/EC, in relation to the use of information society services, you may exercise your right to object by way of automated procedures using technical specifications..

You have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes under Article 89(1), except when the processing is necessary for the performance of a task in the public interest.  
You may exercise your right to object at any time by contacting the controller concerned.

9. Automated individual decision-making including profiling  
You have the right not to be subject to any decision based solely on automated processing, including profiling, that will have a legal effect or similarly significantly affect on you. This does not apply if the decision:

a) is necessary for the conclusion or performance of a contract between the data subject and the controller;
b) is authorised by EU or member state legislation to which the data controller is subject and where such legislation contains appropriate measures to safeguard the rights, freedoms and the legitimate interests of the data subject; or
c) is based on the data subject’s explicit consent.

The controller shall implement appropriate measures to safeguard the rights, freedoms and the legitimate interests of the data subject, including at least the right to have a person who works for the controller intervene, to state the data subject’s views and to challenge the automated decision.

The data subject may exercise this right at any time by contacting the controller.

10. Right of appeal to a supervisory authority
You also have the right, without prejudice to any other administrative or judicial remedy, of appeal to a supervisory authority, in particular in the member state of your residence, place of work or place of the alleged infringement, if you believe the processing of your data is contrary to the regulations on data protection. 

11. Right to an effective judicial remedy
You have the right to an effective judicial remedy, without prejudice to any available administrative or non-judicial remedy, including the right of appeal to a supervisory authority under Article 77 GDPR, if you are of the opinion that the rights conferred to you by this regulation concerning the processing of your personal data have been infringed.

Use of Matomo (formerly Piwik)
1) This website uses the web analysis service Matomo to analyse and regularly improve the use of our website. The statistics obtained allow us to improve our service and make it more interesting for you as a user. The legal basis for the use of Matomo is under Article 6(1)(1)(f) GDPR. 
2) Cookies are stored on your computer for this evaluation. The information collected in this way is stored exclusively on the controller’s server in Germany for 30 days. You can adjust the evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we would like to point out that you may not be able to use this website to its full extent. The prevention of the storage of cookies is possible by adjusting the settings of your browser. It is possible to prevent the use of Matomo by removing the following check mark, thereby activating the opt-out plug-in: Matomo iFrame.
3) This website uses Matomo with the extension ‘AnonymizeIP’. This means visitors' IP addresses are shortened for further processing and to protect the users' privacy. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.
4) The Matomo program is an open source project. Information on data protection from this third-party provider is available at
5) Duration of storage: the data is deleted as soon as it is no longer needed for our recording purposes. With our website, this is after 180 days.

Use of social media plug-ins
1) We currently use the social media plug-in Facebook. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the provider of the plug-in. You can recognise the provider of the plug-in by the mark on the box above his initial letter or the logo. We offer you the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, will the plug-in provider receive the information that you have called up the corresponding website of our online service. In addition, the data collected during your visit to our website will be transmitted. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymised immediately after collection. When you activate the plug-in, personal data is transmitted from you to the respective plug-in provider and stored there (with US providers in the USA). Since the plug-in provider collects data, in particular via cookies, we recommend that you delete all cookies using your browser’s security settings before clicking on the greyed-out box.

2) We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of processing, nor the duration of storage. We also have no information on the deletion of the collected data by the plug-in provider. 

3) The plug-in provider stores the data collected about you as a user profile and uses this for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out, in particular, (also for users who are not logged in) for the presentation of demand-oriented advertising and to inform other users of the social network about your activity on our website. You have the right to object to the creation of the user profile, whereby you must contact the plug-in provider to exercise this right.

4) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be directly assigned to your existing account with the plug-in provider. If you press the activated button and, for example, if you link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend you log out regularly after using a social network, but especially before activating the button, as this will prevent you from being assigned to your profile by the plug-in provider.

5) For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the privacy policies of these providers. There you will also find further information about your rights and settings options to protect your privacy.

6) Addresses of the plug-in provider and URLs with their data protection information:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;; further information on data collection:, and Facebook has certified to the EU-US Privacy Shield Framework,

We use external service providers (processors), for example, for hosting or website maintenance. A separate data processing addendum (DPA) has been entered into with our service providers in order to ensure the protection of your personal data.

We work together with the following service providers:

Brandsmart GmbH
Andreasstiftstrasse 12
D-85662 Hohenbrunn
Telephone +49 8102 784 5151

Mittwald CM Service GmbH & Co. KG
Königsberger Strasse 4-6
D-32339 Espelkamp
Telephone +49 5772 293 100