Privacy Policies

  1. Name and address of the data controllerThe data controller as defined by the General Data Protection Regulation (GDPR) and other national data protection legislation of the EU member states as well as other statutory data protection regulations is:

    Friedr. Trurnit GmbH
    Managing Director: Katharina Trurnit, Dipl.-Betriebswirtin (FH)
    Rahmedestraße 161
    D-58762 Altena
    Telefon +49 (23 52) 95 96 96
    E-Mail:
  2. General information on data processing
    1. Scope of the processing of personal dataIn principle, we collect and use the personal data of our users only insofar as this is required to provide a functioning website as well as our content and services. The collection and use of the personal data of users takes place regularly only with the consent of the user. An exception to this applies in such cases where the obtaining of such consent is not possible for practical reasons and the processing of data is permitted by statutory regulations.
    2. Legal basis for the processing of personal dataIf we ask a data subject for consent to use his or her personal data for processing operations, point (a) of Article 6(1) EU General Data Protection Regulation (GDPR) serves as the legal basis. When it is required that we process personal data to perform a contract to which the data subject is a party, point (b) of Article 6(1) GDPR serves as the legal basis. This also applies to processing operations that are required to carry out pre-contractual measures. If we are required to process personal data to fulfil a legal obligation to which our company is subject, point (c) of Article 6(1) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, point (d) of Article 6(1) GDPR serves as the legal basis. If processing is required to safeguard a legitimate interest of our company or a third-party and the interests, constitutional rights and fundamental freedoms of the data subject do not outweigh the first-named interest, point (f) of Article 6(1) GDPR serves as the legal basis for the processing.
    3. Erasure of data and duration of storageThe personal data of the data subject is erased or blocked as soon there is no longer a purpose for storage. Storage can take place beyond this if it is provided for by Union law directives, laws or other regulations by European or national legislators to which the controller is subject. Data is also blocked or erased if a retention period prescribed by the standards mentioned expires, unless there exists a requirement for further storage of the data for the conclusion of a contract or the performance of a contract.
    4. Protection of transfer by means of SSL/TLS encryptionThis website uses SSL or TLS encryption for security reasons and to protect the transfer of confidential content. The encrypted connection is guaranteed by the hypertext transfer protocol HTTPS (“https://”). In this instance, data which is transmitted to us by a user cannot be read by third parties.
  3. Provision of website and generation of log files
    1. Description and scope of the data processing
      1. Description and scope of the data processing1. Every time our website is accessed, our system automatically captures data and information on the computer system of the accessing computer. The following data is collected:

        (1) Information about the browser type and the version used,
        (2) The user’s operating system,
        (3) The user’s IP address,
        (4) Date and time of access.
        (5) HTTP Status Response Code
        (6) Accessed page
        (7) Page size
        The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
      2. Legal basis for the data processingThe legal basis for the temporary storage of data and the log files is point (f) of Article 6(1) GDPR.
      3. Purpose of the data processingThe temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. The user’s IP address must be stored for the duration of the session. The storage in log files is carried out to ensure the functioning of the website. In addition, the data serves to optimise the website and to ensure the security of our IT systems. An analysis of the data for marketing purposes does not take place in this context. These purposes include our legitimate interest in the data processing pursuant to point (f) Article 6(1) GDPR.
      4. Duration of storageThe data is deleted as soon as it is no longer required to achieve the purpose of its collection. This happens when the particular session has ended, in the event of data being captured for the provision of the website. When data is stored in log files, it is deleted after seven days at the latest. It is possible for data to be stored beyond this point. In this instance, the IP addresses of users are erased or anonymized, so that an association with the accessing client is no longer possible.
      5. Objection and removal optionThe capture of data to provide the website and the storage of data in files is an absolute requirement needed for the operation of the website. Consequently, there is no opt-out option for the user.
  4. Use of cookies
    1. Description and scope of the data processingOur website uses cookies. Cookies are text files that are stored in the web browser or by the web browser on the user's computer system. If a user accesses a website, a cookie can be stored on the user's operating system. Cookies used on our web page are so called session cookies, which are technically important for the web page function but do not store any personal data. Those cookies are being delted right after your visit.
    2. Legal basis for the data processingThe legal basis for the processing of personal data by using cookies is (f) of Article 6(1) GDPR.
    3. Purpose of the data processing
      The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. The Cookies are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO.
    4. Duration of storage, objection and removal optionCookies are stored on the user’s computer and transmitted from there to our website. Therefore, as the user, you have full control over the use of cookies. By changing the settings in your web browser, you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be deleted at any time. This can also be carried out automatically. If cookies are deactivated for our website, it is possible that not all of the functions of the website can be used in full.
  5. Contact form and email contact
    1. Description and scope of the data processingA contact form is available on our website, which can be used for making contact with us electronically. If a user takes this option, the data entered in the input mask is transmitted to us and stored. This data is:

      - Name
      - Company
      - Telephone number
      - Email address
      - Subject
      - Message

      At the time of sending the message, the following data is also stored:

      (1) The user’s IP address
      (2) Date and time
      (3) Information about the browser type and version used
      (4) The user’s operating system

      To process data as part of this sending procedure, your consent is obtained, if required, and you are referred to this data protection statement. The transfer of data is encrypted by means of the SSL or TLS protocol.

      Alternatively, you can contact us using the email address provided. In this instance, the user’s personal data transmitted with the email is stored. Data is not passed on to third parties in this context. Data is used exclusively for the processing of the conversation.
    2. Legal basis for the data processingThe legal basis for the processing of data is the presence of consent by the user pursuant to point (a) of Article 6(1) GDPR. The legal basis for the processing of the data transmitted in the course of sending an email is point (f) of Article 6(1) GDPR. If the purpose of your contact by email is to terminate a contract, the additional legal basis for the processing is pursuant to point (b) of Article 6(1) GDPR.
    3. Purpose of the data processingThe processing of personal data that we obtain from the input mask serves only to enable us to process your contact with us. If you contact us by email, there is also the required legitimate interest in the processing of data. The other personal data processed during the sending procedure serves to prevent misuse of the contact form and to ensure the security of our IT systems.
    4. Duration of storageThe data is deleted as soon as it is no longer required to achieve the purpose of its collection. This is the case for personal data from the input mask of the contact form and the personal data that was sent with the email, if the conversation concerned is finished with the user. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified. The additional personal data collected during the sending procedure is deleted after a period of 14 days.
    5. Objection and removal optionThe user has the option at any time of withdrawing consent to the processing of personal data that concerns him or her. If the user contacts us by email, he or she can object to the storage of his or her personal data at any time. In such an event, the conversation cannot be continued.

      Please send an email to this effect to .

      All personal data that is stored in the course of your making contact with us is, in this instance, deleted.
  6. Plugins and tools
    1. JavaScript jQuery library
      1. Scope of the processing of personal dataThis website uses the JavaScript jQuery library, provided by the third-party provider jQuery Foundation to increase the load speed of our website and to give you a better user experience. This means that it is possible for your data to be processed outside of the EU. We have no influence over the scope of the data collected.
      2. Legal basis for processing personal dataThe legal basis for processing the personal data of users is point (f) of Article 6(1) GDPR
      3. Purpose of the data processingWe have no information on the purpose of the data collection and the further processing and use of the data.
      4. Duration of storageWe cannot give you any information on the duration of any possible storage of transferred data.
      5. Objection and removal optionYou can deactivate JavaScript in your browser settings or completely block the execution of scripts by installing JavaScript blocker, such as the browser plugin “NoScript” (www.noscript.net). This can, however result in function restrictions on websites you visit.
    2. Interactive maps by Google Maps
      1. Scope of the processing of personal dataThis website uses Google Maps to display interactive maps and to create travel directions. Google Maps is a map service by third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, US. By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, can be transferred to Google. If you download a page on our website that contains Google Maps, your browser makes a direct connection to Google's servers. The map content is transmitted directly by Google to your browser and from there integrated into the website. Therefore, we have no influence over the scope of data collected by Google in this way. As far as we know, the following data, at least, are collected:

        (1) Date and time of the visit to the website concerned,
        (2) Web address or URL of the accessed website,
        (3) IP address,
        (4) (Start) address entered as part of route planning.
      2. Legal basis for processing personal dataThe legal basis for processing the personal data of users is point (f) of Article 6(1) GDPR.
      3. Purpose of the data processingPlease obtain information on the scope and purpose of the data capture and the further processing and use of the data from Google's data protection information at policies.google.com/privacy as well as the instructions for use of Google Maps www.google.com/intl/de_de/help/terms_maps.html.
      4. Transmission to third countriesPersonal data is transmitted under the EU-US Privacy Shield on the basis of the adequacy decision of the European Commission in the US. The certificate can be downloaded at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
      5. Duration of storageWe have no influence over the storage of the data transferred through Google and cannot give any information about the duration of storage.
      6. Objection and removal optionBy the use of our website, you state that you agree to the processing of the data that concerns you collected by Google Maps Route Planner in the way described above and for the purposes mentioned.
        If you do not want Google to process data that concerns you via our website, you can deactivate or block JavaScript. In this instance, however, you cannot use the map displays.
  7. Rights of the data subjectIf personal data that concerns you is processed, you are a data subject within the meaning of the GDPR and you have the following rights with regard to the data controller:
    1. Right of accessYou can request confirmation from the data controller about whether personal data that concerns you is processed by us. If such processing takes place, you can request the following information from the data controller:

      (1) the purposes for which the personal data is processed;
      (2) the categories of personal data that is processed;
      (3) the recipients or categories of recipient to whom the personal data has been or will be disclosed;
      (4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
      (5) the existence of a right to request from the data controller rectification or erasure of personal data, a right to the restriction of processing of personal data concerning the data subject or to object to such processing;
      (6) the existence of a right to complain to a supervisory authority;
      (7) all available information about the origin of the data where the personal data is not collected from the data subject;
      (8) the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR and – at least in these instances – meaningful information about the logic involved as well as the consequences and effects aspired to by processing of this kind.

      You have the right to information about whether personal data was transmitted to a third country or to an international organisation. In this connection, you have the right to be informed of suitable guarantees in connection with the transfer pursuant to Article 46 GDPR.
    2. Right to rectificationYou have a right to rectification and/or completion by the controller, provided the processed personal data that concerns you is inaccurate or incomplete. The data controller must carry out the rectification without undue delay.
    3. Right to restrict processingSubject to the following prerequisites, you can request the restriction of processing of the personal data that concerns you:

      (1) if you can test the accuracy of the personal data that concerns you for a period that enables the controller to check the accuracy of the personal data;
      (2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
      (3) the controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
      (4) if you have objected to processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of the data controller override those of the data subject.

      If the processing of the personal data that concerns you is restricted, this data may – apart from its storage – be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of rights of another natural person or legal entity or on grounds of public interest of the Union or a member state. If the restriction of the processing is carried out in accordance with the above-mentioned prerequisites, you are notified by the data controller before the restriction takes place.
    4. Right to erasure
      1. Erasure obligationYou can request that the data controller erases personal data that concerns you without undue delay, and the data controller is obliged to erase this data without undue delay, provided one of the following reasons applies:

        (1) The personal data that concerns you is no longer necessary for the purposes for which it was collected or otherwise processed.
        (2) You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), GDPR and where there is no other legal basis for the processing.
        (3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
        (4) The personal data has been unlawfully processed.
        (5) The personal data has to be erased for compliance with a legal obligation in Union or member state law to which the controller is subject.
        (6) The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
      2. Information given to third partiesIf the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
      3. ExceptionsThe right to erasure does not exist, provided the processing is required

        (1) for exercising the right of freedom of expression and information;
        (2) for compliance with a legal obligation, which requires the processing in accordance with the law of the Union or member states to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
        (3) for reasons of public interest in the area of public health pursuant to point (h) of Article 9(2) and Article 9(3) GDPR;
        (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, provided that the right mentioned under section a) probably makes the realisation of the goals of this processing impossible or seriously impairs it, or
        (5) for the establishment, exercise or defence of legal claims.
    5. Right to notificationIf you have asserted your right to obtain rectification, erasure or restriction of your personal data from the data controller, the controller is obliged to notify all the recipients to whom the personal data affected was disclosed of this rectification or erasure of the data or the restriction of the processing, unless this proves impossible or involves disproportionate effort. You have the right to request that the controller notifies you of these recipients.
    6. Right to data portabilityYou have the right to receive the personal data that concerns you, which you have provided to us, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, provided

      (1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) Article 9(2) GDPR or on a contract pursuant to point (b) Article 6(1) GDPR and
      (2) the processing is carried out by means of automated processes.

      In exercising this right, you have the further right to have the personal data transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by this. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
    7. Right to object7. You have the right for reasons resulting from your special situation to object to the processing of personal data that concerns you, pursuant to point (e) or (f) of Article 6(1) GDPR; this also applies to profiling based on these provisions. The data controller shall no longer process the personal data that concerns you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerned for the purpose of this sort of advertising; this also applies to profiling, provided it is connected to such direct advertising. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. You have the option, in connection with the use of services of the information society – notwithstanding Directive 2002/58/EU – to exercise your right to object by means of automated processes in which technical specifications are used.
    8. Right to withdraw consent regarding data protection lawYou have the right to withdraw your consent regarding data protection law at any time. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent up until the point of withdrawal;
    9. Automated individual decision-making, including profilingYou have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply, if the decision

      (1) is necessary for entering into, or performance of, a contract between the you and the data controller;
      (2) is authorised by Union or member state law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or
      (3) is based on your explicit consent.

      However, decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR, provided point (a) or (g) of Article 9(2) do not apply and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the data controller, to express his or her point of view and to contest the decision.
    10. Right to lodge a complaint with a supervisory authorityIf you consider that the processing of personal data relating to you infringes the GDPR, you have, without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a supervisory authority, in particular in the member’s state of your habitual residence, place of work or place of the alleged infringement. The supervisory authority where the complaint was lodged, informs the complainant of the status and results of the complaint including the possibility of judicial remedy pursuant to Article 78 GDPR.
  8. Date of/changes to the data protection statementUsers are requested to keep themselves informed regularly about the contents of the data protection statement.
    1. Changes to the data protection statementWe reserve the right to change this data protection statement to adapt to changed legal positions or changes to the services and the data processing. However, this only applies in respect of statements on data processing. Provided user consents are required or components of the data protection statement contain regulations of the contractual relationship with users, changes are made only with the agreement of users.
    2. Date of the data protection statementThis data protection statement is currently valid as of 06/07/2018.