We - surface coating - as the operator of these pages - take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this data protection declaration.


Note on the responsible body


The person responsible for data processing on this website is

surface coating
Kindermannstraße 3
97199 Ochsenfurt
Phone: +49 (0)1577 3950618
e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

1. definitions
The data protection declaration of surface coating is based on the terms used by the European legislator for directives and regulations when the Basic Data Protection Regulation (DS-GVO) was issued. Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this data protection declaration:

• personal data
  Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• person concerned
  Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
• Processing
  Processing is any operation or set of operations, performed with or without the aid of automated means, concerning personal data, such as collection, recording, organization, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Restriction of processing
  Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
• Profiling
  Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or change of location of that natural person.
• Pseudonymization
  Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.
• Controller or data controller
  Controller or data controller is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or by the law of the Member States, the controller or the specific criteria for its designation may be provided for by Union law or by the law of the Member States.
• Processor
  Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
• Recipient
  The recipient is a natural or legal person, authority, institution or other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the course of a specific investigation mandate under Union or national law shall not be considered as recipients.
• Third party
  A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
• Consent
  Consent is any freely given, informed and unequivocal expression of the data subject's will in a specific case, in the form of a statement or other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.

2. general notes and mandatory information
Rights of the data subject according to DSGVO

Right to information
The data subject has the right to obtain confirmation from the controller as to whether personal data relating to him/her are being processed; if this is the case, he/she has the right to be informed of such personal data and to receive the following information:

    the purposes of the processing;
    the categories of personal data being processed;
    the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
    if possible, the envisaged duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
    the existence of a right of rectification or erasure of personal data relating to them or of a right of objection to their processing by the controller;
    the existence of a right of appeal to a supervisory authority;
    where the personal data are not collected from the data subject, any available information as to their source;
    the existence of automated decision making, including profiling, as referred to in Article 22(1) and (4) and, at least in those cases, meaningful information as to the logic involved and the scope and intended impact of such processing on the data subject.
    Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 in relation to the transfer.
    1 The controller shall provide a copy of the personal data which are the subject of the processing. 2For any further copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs. 3If the data subject submits the request electronically, the information shall be provided in a standard electronic format, unless the data subject indicates otherwise.
    The right to receive a copy in accordance with paragraph 3 shall not prejudice the rights and freedoms of other persons.

Right of rectification
The person concerned has the right to ask the data controller to rectify incorrect personal data concerning him/her without delay. Taking into account the purposes of the processing, the data subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

Right to erasure ("right to be forgotten")
Any person concerned has the right to request the controller to delete personal data relating to him without delay. The data controller is obliged to delete personal data without delay if one of the following reasons applies:

    the personal data have been collected or otherwise processed for purposes for which they are no longer necessary
    The data subject withdraws his or her consent on which the processing was based pursuant to Art. 6 para. 1 letter a DSGVO or Art. 9 para. 2 letter a DSGVO, and there is no other legal basis for the processing.
    The data subject lodges an objection to the processing pursuant to Art. 21 para. 1 FADP, and there are no legitimate reasons for the processing, or the data subject lodges an objection to the processing pursuant to Art. 21 para. 2 FADP.
    The personal data have been processed unlawfully.
    The deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
    The personal data has been collected in relation to information society services offered in accordance with Art. 8 para. 1 DSGVO.

If the controller has made the personal data public and is obliged to delete them pursuant to paragraph 1, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that a data subject has requested that all links to such personal data or copies or replications of such personal data be deleted.

Right to limit processing
The data subject shall have the right to obtain from the controller the restriction of the processing if one of the following conditions is met

    the accuracy of the personal data is contested by the data subject, for a period of time which enables the controller to verify the accuracy of the personal data
    the processing is unlawful and the data subject refuses the deletion of the personal data and instead requests the restriction of the use of the personal data
    the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to exercise or defend his rights; or
    the data subject has lodged an objection to the processing pursuant to Article 21 paragraph 1 FADP, as long as it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.

Right to data transferability
The data subject shall have the right to obtain the personal data concerning him/her that he/she has provided to a controller in a structured, common and machine-readable format and the right to have such data communicated to another controller without hindrance by the controller to whom the personal data has been provided, provided that the processing is based on consent pursuant to Article 6 paragraph 1 letter a DPA or Article 9 paragraph 2 letter a DPA or on a contract pursuant to Article 6 paragraph 1 letter b DPA and that the processing is carried out by means of automated procedures.

In exercising his or her right to data transfer pursuant to paragraph 1 DSGVO, the data subject has the right to obtain that personal data be transferred directly from one controller to another controller, insofar as this is technically feasible.

The exercise of this right is without prejudice to Article 17 DSGVO.
This right does not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right to data transferability must not affect the rights and freedoms of other persons.


Right of opposition
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out pursuant to Article 6(1)(e) or (f) of the DPA, including profiling based on these provisions.

The controller shall no longer process the personal data unless he can demonstrate compelling reasons for processing which are justified on grounds of protection and which outweigh the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defend legal claims.

Where personal data are processed for the purpose of direct marketing, the data subject shall have the right to object, at any time, to the processing of personal data relating to him/her for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.

If the data subject objects to the processing for the purposes of direct marketing, the personal data shall no longer be processed for those purposes.

The data subject must be expressly informed of the right referred to in Art. 21, paragraphs 1 and 2 DPA at the latest at the time of the first communication with him or her; this information must be provided in a comprehensible form and separate from other information.

Notwithstanding Directive 2002/58/EC, in the context of the use of information society services, the data subject may exercise his right of objection by means of automated procedures involving technical specifications.

The data subject shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out for the purposes of scientific or historical research or for statistical purposes in accordance with Article 89 paragraph 1 of the DPA, except where such processing is necessary for the performance of a task carried out in the public interest.


Automated decisions in individual cases (including profiling)
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way.

This shall not apply if the decision

    is necessary for the conclusion or performance of a contract between the data subject and the controller,
    is authorised by Union law or the law of the Member States to which the controller is subject and that law contains adequate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
    with the express consent of the person concerned.

In cases referred to in points (a) and (c), the controller shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of the controller, to express his point of view and to challenge the decision.

Decisions may not be based on special categories of personal data pursuant to Article 9 paragraph 1 DPA, unless Article 9 paragraph 2 letter a or g DPA applies and appropriate measures have been taken to protect the rights and freedoms as well as the legitimate interests of the data subject.


Right of revocation for data protection consent
The person concerned has the right to revoke his or her consent to the processing of personal data at any time. If the data subject wishes to exercise his or her right to withdraw consent, he or she may contact the controller. The lawfulness of the data processing carried out up to the point of withdrawal shall not be affected by the withdrawal.


Right of appeal to the competent supervisory authority
In the event of violations of data protection laws, the person concerned has a right of appeal to the competent supervisory authority. The competent supervisory authority in data protection matters is the data protection commissioner of the federal state in which our company is located. A list of the data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Legal basis of the processing
Art. 6 I lit. a DS-GVO serves our company as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the supply of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b DS-GVO. The same applies to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which makes it necessary to process personal data, for example to fulfil tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company was injured and his name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. In this case the processing would be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations which are not covered by any of the above legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or of a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the person responsible (Recital 47 Sentence 2 DS-GVO).


Legitimate interests in processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is to carry out our business activities for the benefit of the well-being of all our employees and our shareholders.


Duration for which personal data are stored
The criterion for the duration of storage of personal data is the respective legal retention period. After this period has expired, the corresponding data is routinely deleted if it is no longer required for the fulfillment or initiation of a contract.


Legal or contractual provisions on the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded that a data subject provides us with personal data, which must subsequently be processed by us. For example, the person concerned is obliged to provide us with personal data if our company concludes a contract with him/her. Failure to provide the personal data would mean that the contract with the person concerned could not be concluded. Before the person concerned makes personal data available, the person concerned must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.


Objection to promotional e-mails
The use of contact data published within the scope of the imprint obligation for the transmission of not expressly requested advertisement and information materials is hereby contradicted. The operators of the site expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as through spam e-mails.

3. data collection on our website
Who is responsible for data collection on this website?
The data processing on this website is carried out by
T O P Oberflächen GmbH. Our contact details can be found in the imprint of this website.


What do we use your data for?
Part of the data is collected to ensure error-free provision of the website, to protect us from cyber attacks or, if necessary, to be able to track them or to obtain statistical information on visitors to our website.


Cookies
This website sometimes uses so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of his services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, they are treated separately in this privacy policy.


Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

These are:

    Browser type and browser version
    Operating system used
    Location (country, region, city)
    Screen resolution
    Device
    Time of the visit
    IP address (anonymized)
    Called websites and sub-websites
    Visit duration
    Number of visits (Recurring visitors)
    other similar data and information that serve to avert danger in the event of cyber attacks on our systems

This data is not merged with other data sources.

The basis for data processing is Art. 6 para. 1 lit. f DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.


Contact possibility via the website
Due to legal regulations, this website contains information that enables quick electronic contact with our company as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address).

If you, as a data subject, contact the person responsible for processing by e-mail or via a contact form on the website, the personal data you have provided will be stored automatically. This personal data which you as a data subject voluntarily provide will be stored for the purpose of processing or contacting you.

The processing of the data entered in the contact form is thus exclusively based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out up to the point of revocation remains unaffected by the revocation.

The data entered by you in the contact form will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.

 4. plugins and tools

Google Web Fonts
This website uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.

For this purpose, the browser you are using must connect to the servers of Google. This enables Google to know that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO.

If your browser does not support Web Fonts, a standard font from your computer will be used.

Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in the Google privacy policy: https://www.google.com/policies/privacy/.

Font Awesome
This website uses so-called web fonts provided by Fonticons, Inc. for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.

For this purpose, the browser you use must connect to the servers of Fonticons, Inc. This allows Fonticons, Inc. to know that your IP address was used to access our website. The use of web fonts is in the interest of a consistent and attractive presentation of our online offerings. This represents a legitimate interest in the sense of Art. 6 Par. 1 lit. f DSGVO.

If your browser does not support web fonts, a standard font from your computer will be used.
Further information about Font Awesome can be found at https://fontawesome.com/help and in the privacy policy of Fonticons, Inc.: https://fontawesome.com/privacy.

Google Maps
This site uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an attractive presentation of our online offers and to make it easy to find the places we have indicated on the website. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO.

More information on the handling of user data can be found in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.

5. change of our data protection regulations
We reserve the right to adapt this data protection declaration so that it always meets the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration then applies to your renewed visit.