Privacy

We place great importance on the protection of personal data. For this reason, personal data are processed in accordance with the valid European and national legislation.

You can of course withdraw your declaration(s) of consent at any time with effect for the future. To do this, please consult the responsible party in accordance with § 1.

The personal data of the party concerned are deleted or blocked as soon as the purpose of their storage ceases to apply. Storage beyond this may be carried out if this is intended by the European or national legislator in Union directives, laws or other regulations by which we are governed. Blocking or deletion of the data is also carried out if a storage period specified by the stipulated standards expires unless it is necessary to continue to store the data in order to conclude or fulfil an agreement.

§ 1 The responsible party and the Data Protection Officer

(1) Name and address of the responsible party

The responsible party pursuant to the General Data Protection Regulation and other national data protection laws of the member states as well as other legal data protection regulations is:

ALLMATIC-Jakob Spannsysteme GmbH
Herbert Mayr
Jägermühle 10
87647 Unterthingau
Germany

Phone: +49 (0)8377/929-0
E-Mail: info@allmatic.de
Website: www.allmatic.de

(2) Name and address of the Data Protection Officer

ALLMATIC-Jakob Spannsysteme GmbH

Mrs Sina Schäfler

Jägermühle 10

87647 Unterthingau

Phone: 08377 929-126

E-mail: s.schaefler@allmatic.de

§ 2 Definitions

The data protection declaration is based on the definitions used by the European regulatory authority in accordance with the decree of the General Data Protection Regulation of the EU (referred to in the following as “GDPR”). The Data Protection Regulation should be easily legible and understandable. To ensure this, the main terms are described in the following:

  • Personal data designates all information relating to an identified or identifiable natural person (referred to in the following as the “party concerned”). A natural person is considered as identifiable if he or she can be identified directly or indirectly, in particular by assignment to an identifier such as a name, identification number, location details, online identification or to one or more particular characteristics which are an expression of the physical, physiological, genetic, psychic, economic, cultural or social identity of this natural person.
  • The party concerned is every identified or identifiable natural person whose personal data are processed by the party responsible for processing.
  • Processing is any procedure carried out with or without the aid of automated processes or any such series of procedures in connection with personal data, such as the collection, logging, organisation, classification, storage, adjustment or alteration, reading out, querying, use, publication via transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.
  • Profiling is any type of automated processing of personal data which consists of these personal data being used to evaluate certain personal aspects which refer to a natural person, in particular to analyse or predict aspects with regard to work performance, economic situation, health, personal preferences, interests, reliability, conduct, place of abode or relocation of this natural person.
  • Pseudonymisation refers to processing of personal data in such a way that the personal data can no longer be assigned to a specific party concerned insofar as this additional information is stored separately and is subject to technical and organisational measures which ensure that the personal data are not assigned to an identified or identifiable natural person.
  • The person responsible or the person responsible for processing is the natural or legal entity, authority, institution or other office which decides solely or together with others on the purposes and means of processing of personal data. If the purposes and means of this processing are stipulated by European Union law of the member states, the responsible party or the certain criteria of his / her nomination can be stipulated in accordance with European Union law or the law of the member states.
  • The order processor is a natural person or legal entity, authority, institution or other office which processes personal data on behalf of the person responsible.
  • The recipient is a natural person or legal entity, authority, institution or other office to whom personal data are divulged, regardless of whether this is a third party or not. However, authorities which may receive personal data in the course of a certain inspection order in accordance with European Law or the law of member states are not deemed to be recipients.
  • A third person is a natural person or legal entity, authority, institution or other office apart from the party concerned, the person responsible, the order processor and the persons who are authorised under the direct responsibility of the party responsible or of the order processor to process the personal data.
  • Permission is every declaration of intent voluntarily issued by the party concerned for the relevant case in an informed manner and unambiguously in the form of a declaration or any other clear confirmatory action with which the party concerned indicates that he / she agrees to processing of his or her personal data.

§ 3 Provision of the website and creation of logfiles

In the event of use of the website for information purposes only, i.e. without subscribing or providing us with other information, we automatically collect the following data and information from the computer accessing the website:

  • the IP address of the user
  • information on the browser type and version used
  • the operating system of the user
  • date and time of access
  • websites from which the system of the user accesses the website.

The data are stored in the logfiles of our server. These data are not stored together with other personal data of the user.

When using these data, we do not draw any conclusions with regard to the party concerned. The data are only evaluated for statistical purposes.

The legal basis for temporary storage of the logfiles is Art. 6 Section 1 sentence (f) GDPR.

Temporary storage of the data by the system is necessary in order to

  • deliver the website to the computer of the user. To this end, the IP address of the user must remain stored for the duration of the session.
  • optimise the contents of our website and advertising thereof
  • ensure operability of our IT systems and the technology of our website
  • provide law enforcement agencies with the necessary information for prosecution in the event of a cyber-attack.
  • The temporary storage of banner data by the system is necessary in order to comply with data protection regulations.

For these purposes, our legitimate interest also lies in data processing pursuant to Art. 6 Section 1 sentence 1 (f) GDPR.

The data are deleted as soon as they are no longer required to achieve the purpose of their collection – in this case when no longer used. In the case of storage of the data in logfiles, this is after a maximum of seven days. Storage is possible beyond this. In this case, the IP addresses are deleted or anonymised so that it is no longer possible to assign them to the calling client.

Data logging to provide the website and storage of the data in logfiles is essential to operate the website, for which reason it cannot be withdrawn.

§ 4 Use of cookies

4.1 General information

This website uses so-called cookies. Cookies are small text files which are transmitted by a server to your browser as soon as you visit a website and are stored locally on your terminal (PC, notebook, tablet, smartphone, etc.) and filed on your computer and provide the user (i.e. us) with certain information. Cookies do not damage the computer and any contain viruses. Every cookie contains a characteristic string (so-called cookie ID) which allows a clear identification of the browser when called again.

Permanent cookies remain stored even if the browser session is ended and can be called up again when you visit the site again. The cookies are stored on your computer and transmitted from it to our website. You therefore have full control over the use of cookies. If you do not wish data to be collected via cookies, you can set your browser via the menu under “Settings” so that you are informed about the setting of cookies or generally exclude the setting of cookies or can also delete cookies individually. However, please note that deactivating cookies may limit the functionality of this website. Session cookies are automatically deleted after you leave the website.

When you access our website, you will be informed about the use of cookies and your consent to the processing of the personal data used in this context will be obtained. In this context, reference is also made to this privacy policy.

4.2 Technically necessary cookies

Technically necessary cookies are used to keep the website functional. Technically necessary cookies are used to keep the website functional. Some elements of our website require that the accessing browser can be identified even after a page change. To a lesser extent, we use technically necessary cookies to comply with legal requirements or to make our website more user-friendly; the following data may be stored and transmitted for this purpose: Language settings, items in a shopping cart, login information, currency settings, time zone, playout in a correct display. The user data collected by technically necessary cookies is not used to create user profiles.

The legal basis for processing personal data using technically necessary cookies is Art. 6 Section 1 sentence 1 (f) GDPR.

4.3 Technically not necessary cookies

We also use technically unnecessary cookies on our website,

  • that enable an analysis of your surfing behavior (Google Analytics; Custom Audiences)
  • for the user-friendly use of our website by integrating third-party cookies (YouTube videos, TagManager).

The purpose of using technically unnecessary cookies is to improve the quality of our website and its content.

  • Section 25 (1) TDDDG further stipulates that the storage of information in the end user’s terminal equipment or access to information already stored in the terminal equipment is only permitted if the end user has consented on the basis of clear and comprehensive information. Consent must be given in accordance with the GDPR.

According to Section 25 (2) TDDDG, consent is not required in very limited exceptional cases, e.g.

  • where the sole purpose of storing information in the end-user’s terminal equipment or the sole purpose of accessing information already stored in the end-user’s terminal equipment is to carry out the transmission of a communication over a public telecommunications network.
  • if the storage of information in the end user’s terminal equipment or access to information already stored in the end user’s terminal equipment is strictly necessary to enable the provider of a telemedia service to provide a telemedia service explicitly requested by the user.

Therefore, cookies that are not technically necessary require user consent.

Therefore, cookies that are not technically necessary require user consent.

The legal basis for processing personal data using technically unnecessary cookies is Art. 6 para. 1 lit. a) GDPR, provided that consent has been obtained.

You can configure your cookie settings in your browser. Furthermore, you can change the cookie settings at any time via our consent banner, which appears in the corner, and thereby revoke your consent.

§ 5 Consent-Banner Cookiebot

We use the consent banner of the company Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter: cookiebot.com). We use this data to ensure the full functionality of our website and to request any necessary consent in relation to cookies and other data transfers. In this context, your browser may transmit personal data to cookiebot.com. The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in ensuring the error-free functioning of the website and in ensuring that consent is obtained in compliance with data protection regulations. The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transferred data can be found in cookiebot.com’s privacy policy: https://www.cookiebot.com/de/privacy-policy/.

You can prevent the collection and processing of your data by cookiebot.com by disabling the execution of the script code in your browser or by installing a script blocker in your browser.

§ 6 Contact form and e-mails

Our website contains a contact form which can be used for making contact in electronic form. For this, you must first decide which means of communication you prefer. According to this type of communication, the data entered in the input mask are sent to us and stored. These data are:

  • e-mail adress
  • message
  • name
  • company
  • telephone number
  • Request categorization
  • Optional: address, country

When the message is sent, the following data are also stored:

  • the IP adress of the user
  • date and time of registration

You are welcome to contact us by e-mail. In this case, the personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data will be used exclusively for processing the conversation.

​The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. f) GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The legal basis for the processing of optional data is Art. 6 para. 1 sentence 1 lit. a) GDPR if this data is entered, unless it is used to prepare or execute a contract.

​The processing of personal data serves us solely to process the contact. We will, of course, use the data from your e-mail inquiries exclusively for the purpose for which you provide it to us when contacting us. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. This is also our legitimate interest. Insofar as this is optional information, you also consent to us using it, e.g. to contact you.

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. If the email contact is aimed at the execution of a contract, the data will be deleted after the expiry of the statutory (commercial or tax law) storage periods required for this purpose.

You have the option to revoke your consent to the processing of optional data at any time. In such a case, the conversation cannot be continued. Please contact the controller in accordance with § 1. However, this revocation option only exists if the data is not used to prepare or execute a contract.

§ 7 Newsletter

7.1 General information

With your permission, you can subscribe to our free newsletter, which we inform you of current interesting offers. The advertised goods and services are specified in the declaration of consent. For subscriptions to our newsletter, we use the so-called double opt-in process. This means that after you sign up, we will send an e-mail to the address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be restricted and automatically deleted after one month. Additionally, we store the IP addresses you use and the timestamps of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

If you purchase goods or services from us and provide your e-mail address for this, we may subsequently use it ourselves to send you a newsletter. In such a case, the newsletter is used exclusively for direct advertising of our own related goods or services.

The only mandatory information for sending the newsletter is your e-mail address.

The purpose of collecting the user’s e-mail address is to deliver the newsletter. The collection of other personal data (IP address, time of registration/confirmation) as part of the registration process is intended to prevent misuse of the services or the e-mail address used.

The data are forwarded to our marketing service provider.

The legal basis for the processing of data after the user registers for the newsletter is Art. 6 para. 1 sentence 1 lit. a) GDPR, provided consent has been given. The legal basis for sending the newsletter based on the customer relationship is Art. 7 para. 3 UWG.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Your e-mail address will therefore be stored for as long as the subscription to the newsletter is active.

You can cancel the receipt of our newsletter at any time and thereby revoke your consent by clicking on the ‘Unsubscribe’ link in our newsletter footer or by sending us an e-mail to the provided e-mail address or a message to the contact details given in the legal notice.

7.2. Tracking

We would like to inform you that we evaluate your user behavior when sending the newsletter. For this analysis, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the data mentioned in § 3 [log files] and the web beacons with your e-mail address and an individual ID. The data is collected exclusively in pseudonymized form, i.e. the IDs are not linked to your other personal data, and direct personal identification is excluded. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We track when you read our newsletters, which links you click on, and infer your personal interests from this. We link this data to the actions you take on our website.

This is also our legitimate interest. The legal basis for tracking is Art. 6 para. 1 sentence 1 lit. f) GDPR.

This data is analyzed by our marketing service provider. The data is analyzed by our newsletter service provider.

You can object to this tracking at any time by clicking on the unsubscribe link provided in each email or by contacting us through another channel. The information is stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely for statistical and anonymous purposes.

7.3. Newsletter service

To send the newsletter, we use the CleverReach service of the provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service with which the newsletter dispatch can be organized and analyzed. For this purpose, the logged data described above (IP address, time of registration/confirmation) and the data entered are stored on CleverReach servers in Germany and Ireland. The data is collected exclusively in pseudonymized form, i.e. the IDs are not linked to your other personal data, and direct personal identification is excluded. The use of Clever Reach enables us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. With the help of conversion tracking, we can also analyze whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. This in turn serves to learn about the reading habits of users and to adapt the content accordingly; however, the purpose is not to observe individual users. This is also our legitimate interest. Further information on data analysis by CleverReach newsletters can be found at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

The data processing with regard to the analysis is based on our legitimate interests (Art. 6 para. 1 lit. f) GDPR).

If you do not want CleverReach to analyze your data, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter message.

The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe and will be deleted from both our servers and the CleverReach servers after you unsubscribe. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this. You can find more details in CleverReach’s privacy policy at: https://www.cleverreach.com/de/datenschutz/. We have concluded a contract with CleverReach for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using CleverReach.

§ 8 Registration for the training center

We offer you the opportunity to register on our website by providing personal data. The data is entered into an input mask and transmitted to us and stored. This data will not be passed on to third parties unless there is a legal obligation to pass it on or it serves the purpose of criminal or legal prosecution. The following data is collected as part of the registration process:

  • e-mail address
  • self-selected password
  • name
  • company
  • country
  • Optional: Salutation, address, number of trainees, number of milling machines, activation of a newsletter subscription (see section 7)
  • IP adress
  • date and time of registration

You can manage and modify all information in the secure customer area (dashboard).

Furthermore, you can create and manage a trainee account for your apprentices. The following data of the apprentices will be collected: Name, completed training videos, certificate.

We use the so-called double opt-in procedure for registration. This means that after you register, we will send you an email to the provided email address, asking you to confirm that you wish to complete the registration. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. Additionally, we store the IP addresses used and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to investigate any potential misuse of your personal data.

Registration is required to provide certain content and services on our website, as well as to prevent misuse and, if necessary, to investigate criminal offenses. By registering, the training videos will be available for the apprentices. The apprentices have the opportunity to train free of charge using the videos and earn a certificate.

The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. b) GDPR.

When trainees use the portal, their data may become accessible in the company account. The data regarding the exam results and the name of the trainee are forwarded to us so that we can issue the certificate.

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. This applies to the data collected during the registration process as soon as you delete your account.

§ 9 SSL Encryption

Our website uses SSL encryption for the transmission of confidential or personal data. This encryption is used, for example, for payment transactions and for inquiries to us via this website. To ensure that the encryption is active, you need to monitor this yourself. The status of the encryption can be recognized by the browser address bar, which changes from “http://” to “https://” when encryption is active. When encryption is active, your data cannot be read by third parties. If encryption is not active, please contact us confidentially through another contact option.

§ 10 Purchases/Shop

If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order.

To be able to place an order, the buyer must first register. The following data is collected:

  • name
  • address
  • e-mail address
  • telephone
  • password
  • company
  • Optional: address, VAT ID, fax number, mobile number
  • IP adress
  • date and time of order/registration

The mandatory information is clearly marked. The data is entered into a form and transmitted to us for storage.

Providing your address and VAT ID during registration is voluntary. However, for a subsequent order, these details become mandatory for processing the order.

Data will only be shared with third parties if it is necessary for contract processing, billing purposes, payment collection, or if you have expressly consented. In this regard, we only pass on the data that is necessary. The recipients of the data are

  • The respective delivery/shipping company
  • Debt collection companies, if payment needs to be collected
  • Payment institutions/banks
  • Credit agencies for credit checks for customers from abroad

The legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR. For voluntary data, the legal basis for processing the data is Art. 6 para. 1 sentence 1 lit. a) GDPR. The legal basis for credit checks is Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in ensuring the liquidity of our company, as debt collection abroad incurs costs for us.

The mandatory data collected is necessary for the performance of the contract with the user (for the purpose of sending the goods and confirming the contract details). We use the data to respond to your inquiries, process your order, collect payment if necessary, and for the technical administration of the website. The technical data is collected to prevent misuse and, if necessary, to investigate criminal activities. We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you informational emails.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years after the execution of the contract. If a continuing obligation exists between us and the user, we store the data for the entire term of the contract and for a period of ten years thereafter (see above). With regard to the data provided voluntarily, we will delete the data at the end of 10 years after the execution of the contract, provided that no further contract is concluded with the user during this time; in this case, the data will be deleted at the end of 10 years after the execution of the last contract.

If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. Otherwise, you are free to have the personal data provided during registration completely deleted from the controller’s database in accordance with § 1. With regard to the voluntary data, you can declare your revocation to the controller in accordance with § 1 at any time. In this case, the voluntary data will be deleted immediately.

§ 11 Konfigurator

We have integrated a configurator for the creation of products on our website. Once the configuration is complete, you can have an offer created.

The following data is collected for this purpose:

  • Salution
  • name
  • e-mail adress
  • company
  • Address
  • country
  • IP adress
  • date and time of sending the form

The data must also be entered when the customer is logged in to the shop.

The data can be viewed by us. In addition, we use the SMTP server of Microsoft Corp., One Microsoft Way, Redmond, Washington, 98052, USA, as part of the form. The server is located in Germany. An exchange of data to the USA is not ruled out. Microsoft has certified itself under the US-EU agreement. According to the EU Commission, there is an adequate level of data protection. Dealers only have access to this under strict conditions, namely if there are corresponding dealer contracts.

The transfer and storage are carried out for the purpose of creating an offer for the interested party and being able to send it to him, as well as for this purpose, if necessary, also to contact him for consultations.

The legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR.

The mandatory information collected is necessary for the initiation of a contract with the interested party (for the purpose of sending the offer). If a contract is concluded based on the offer, further data processing will be governed by § 10 of this data protection declaration.

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Due to current commercial and tax law requirements, we are obligated to store the request for a period of ten years, provided that a contract is concluded (see § 10). If a contract is not concluded, we will store the data for a period of 6 months from the date of the offer.

§ 12 Forwarding to third parties

  • Links to external websites

This website contains links to external sites. We are personally responsible for our contents. We have no influence on the contents of external links and are therefore not responsible for these. In particular, we do not take ownership of such contents. If you are redirected to an external site, the data protection declaration provided there is valid. If you notice illegal activities or contents on this site, please inform us. In this case we will examine the contents and react accordingly (notice and take-down process).

  • Rented server space

We point out that we use rented server space of the provider Continum AG, Bismarckallee 7bd, 79098 Freiburg, Germany, www.continum.net. By visiting the website, the provider of the server space may automatically receive information. These are automatically stored by the user in so-called server log files (see § 3), which are automatically transmitted by your browser. Further information about the data can be found in § 3.

  • Integration of YouTube videos

We have integrated YouTube videos on our website which are stored at http://www.YouTube.com and can be played directly from our website. The operator of YouTube is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. You Tube LLC is a subsidiary of Google Inc.

These are all integrated in “extended data protection mode”, i.e. no data on you as a user are transmitted to YouTube if you do not view the videos. If you view the videos, the following data are transmitted.

We have no influence on this data transmission. When you visit the website, YouTube receives information that you have accessed the relevant sub-page of our website. The following data are then transmitted:

  • device-specific information, for example the hardware used; the version of the operating system; clear device identification and information on the mobile phone network including your telephone number
  • Protocol data in the form of server logs. These include details on the way in which the services are used, such as search enquiries; IP address; hardware settings; browser type; browser language; data and time of your request; source page; cookies via which your browser or your Google account can be clearly identified
  • Location-based information Google may record information on your actual location. This includes, for example, your IP address, your WLAN access points or mobile phone masts
  • Further information on the data collected by Google Inc. is available at the following link: https://policies.google.com/privacy?hl=de&gl=de.

This is carried out regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data are directly assigned to your account.
The legal basis for the processing of personal data is Art. 6 para. 1 sentence 1 lit. a) GDPR. Google also transfers the data to the USA. An agreement has been concluded between the USA and the EU with the result that the European Commission considers the level of data protection in the USA to be adequate, provided that the companies are certified under the agreement. Google is certified under the agreement with the above-mentioned service.

The integration of the videos serves to make the website more descriptive for the user and to increase the search engine ranking of the website on Google and to refer more specifically to our specially produced videos. YouTube stores your data as usage profiles and uses it for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) for the purpose of providing needs-based advertising and to inform other users of the social network about your activities on our website. If you do not want it to be associated with your YouTube profile, you may not click on the video.

The duration of storage depends on the storage periods at YouTube.

You have a right of revocation against the creation of these user profiles, whereby you must contact YouTube or the controller, namely Google Ireland Ltd., Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in YouTube’s privacy policy. There you will also find further information about your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

§ 13 web analysis through Google Analytics

We use the service of Google Inc. (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website to analyze the surfing behavior of our users. The software places a cookie on your computer (for cookies, see § 4). If individual pages of our website are accessed, the following data is stored:

  • Two bytes of the IP address of the user’s accessing system
  • The accessed website
  • Entry pages, exit pages,
  • The time spent on the website and the abandonment rate
  • The frequency of visits to the website
  • Country of origin and regional origin, language, browser, operating system, screen resolution, use of Flash or Java
  • Search engines and search terms used

The information generated by the cookie about the use of this website by users is generally transmitted to a Google server in the USA and stored there. This website uses Google Analytics with the extension “_anonymizeIp()”. The software is set so that the IP addresses are not stored in full, but only in abbreviated form. In this way, it is no longer possible to assign the shortened IP address to the accessing computer. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. Die im Rahmen von Google However, the IP address transmitted by your browser to Google Analytics will not be merged with other Google data.

The legal basis for the processing of personal data is the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. Google also transfers the data to the USA. An agreement has been concluded between the USA and the EU with the result that the European Commission considers the level of data protection in the USA to be adequate, provided that the companies are certified under the agreement. Google is certified under the agreement with the above-mentioned service.

Google will use this information on our behalf to evaluate your use of the website and to compile reports on website activity. By analyzing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness.

The data is deleted as soon as it is no longer required for our recording purposes. In our case, this is the case after 37 months.

The cookies used are stored on your computer and transmitted from it to our website. Cookies that have already been saved can be deleted at any time. You have the option to revoke your consent to the processing of personal data at any time by preventing the storage of cookies by setting your browser software accordingly (deactivation or restriction); however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

The controller is Google Ireland Ltd, Gordon House, 4 Barrow Street, Dublin, Ireland, Fax: +353 (1) 436 1001. Further information can be found in the terms of use at http://www.google.com/analytics/terms/de.html, in the overview of data protection at http://www.google.com/intl/de/analytics/learn/privacy.html and in the privacy policy at http://www.google.de/intl/de/policies/privacy.

§ 14 Google AdWords Conversion with Remarketing

This website uses Google Adwords. This is a service for integrating advertisements from Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Google AdWords allows an advertiser to specify keywords that are used to display an ad in Google’s search engine results only when a keyword-relevant search result is retrieved using the search engine. In the Google advertising network, the ads are distributed to relevant websites using an automatic algorithm and taking into account the previously defined keywords.

The purpose of Google Adwords is to promote our website by displaying interest-based advertising on third-party sites, in the results of the Google search engine and through third-party advertisements on our site. Our aim is to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs. These advertisements are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies generally lose their validity after 30 days. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

The cookies enable Google to recognize your internet browser (see also § 4). If a user visits certain pages of an Adwords customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked via the websites of Adwords customers. We only receive statistical evaluations from Google. Based on these evaluations, we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising media; in particular, we cannot identify users on the basis of this information. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and store it. We ourselves do not collect and process any personal data in the aforementioned advertising measures.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the data collected, nor are we aware of the full extent of the data collection and the storage period. Your data is transferred to the USA and analyzed there. By integrating AdWords Conversion, Google receives the information that you have accessed the relevant part of our website or clicked on an ad from us; in addition, both Google and we receive information via the conversion cookie as to whether you have generated sales if you have reached our website via an AdWords ad.

Remarketing: In addition to Adwords Conversion, we use the Google Remarketing application. This is a function that enables us to display advertising to Internet users who have previously visited our website. The purpose of this is to show you advertisements that are relevant to your interests. This is done by means of cookies stored in your browser, which are used by Google to record and evaluate your usage behavior when you visit various websites. Each time a website on which the Google Remarketing service has been integrated is accessed, the data subject’s browser automatically identifies itself to Google. This allows Google to determine your previous visit to our website. As part of this technical process, Google obtains knowledge of personal data, i.e. your IP address or your surfing behavior. According to its own statements, Google does not merge the data collected in the context of remarketing with your personal data, which may be stored by Google. However, this data is also transmitted to Google in the USA and stored there.

The legal basis for the processing of the data is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR. Google also transfers the data to the USA. An agreement has been concluded between the USA and the EU with the result that the European Commission considers the level of data protection in the USA to be adequate, provided that the companies are certified under the agreement. Google is certified under the agreement with the above-mentioned service.

You can prevent participation in this tracking process in various ways. You have the option of withdrawing your consent to the processing of personal data at any time by preventing the storage of cookies by setting your browser software accordingly (deactivation or restriction); however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent:

– by setting your browser software accordingly; in particular, the suppression of third-party cookies means that you will not receive any advertisements from third-party providers; in this case, however, you may not be able to use all the functions of our websites.

– by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com, https://www.google.de/settings/ads, whereby this setting will be deleted when you delete your cookies;

– by deactivating the interest-based ads of the providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies;

– by permanently deactivating them in your Firefox, Internet Explorer or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

The controller is Google Ireland Ltd, Gordon House, 4 Barrow Street, Dublin, Ireland, Fax: +353 (1) 436 1001. Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

§ 15 GA Custom Audiences

We use the web analysis service GA Custum Audiences of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f) GDPR).

This technology allows you to see targeted advertising from us on other external pages of the Google Partner Network if you have already visited our website and online services. If, for example, a user is shown advertisements for products in which they have shown an interest on other websites, this is referred to as “remarketing”. For these purposes, so-called “web beacons” are integrated into the website when our and other websites on which Google marketing services are active are accessed. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). This file records which websites you have visited, which content you are interested in and which offers you have clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. This also constitutes our legitimate interests. The IP address is also recorded, whereby we inform you in the context of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to a Google server in the USA and shortened there. The IP address will not be merged with your data within other Google offers. Google may also combine the aforementioned information with such information from other sources. If you subsequently visit other websites, you may be shown ads tailored to your interests.

The data is processed pseudonymously as part of the Google marketing services, i.e. Google does not store and process the name or email address, for example, but the relevant data cookie-related within pseudonymous user profiles. From Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner. The information collected about you by Google Marketing Services is transmitted to Google and stored on Google’s servers in the USA. By storing the data under a pseudonym, your interests as a user are adequately protected.

The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a) GDPR. Google also transfers the data to the USA. An agreement has been concluded between the USA and the EU with the result that the European Commission considers the level of data protection in the USA to be adequate, provided that the companies are certified under the agreement. Google is certified under the agreement with the above-mentioned service.

The controller is Google Ireland Ltd, Gordon House, 4 Barrow Street, Dublin, Ireland, Fax: +353 (1) 436 1001. Further information on the use of data for marketing purposes by Google can be found on the overview page: https://www.google.com/policies/technologies/ads, the Google privacy policy is available at https://www.google.com/policies/privacy.

If you want to object to interest-based advertising by Google marketing services, you can use the setting options provided by Google: http://www.google.com/ads/preferences. You have the option to revoke your consent to the processing of personal data at any time by preventing the storage of cookies by setting your browser software accordingly (deactivation or restriction); however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

§ 16 Vacancies

We offer job advertisements on our website.

If you apply to us via the website, we process the information that we receive from you as part of the application process, i.e.

  • Letter of application
  • Resume
  • Photo
  • Certificates
  • Correspondence

You can send us application documents by e-mail. In this context, we process the information that we receive from you and

  • e-mail address
  • Further information, if applicable, which is transmitted via e-mail

We do not carry out research about you on the Internet (so-called background checks).

Your data will initially be processed exclusively for the purpose of carrying out the application process. If your application is successful, the data will become part of your personnel file and may be used to carry out and terminate the employment relationship. If we are currently unable to offer you employment, we will process your data in order to defend ourselves against any legal claims, in particular due to alleged discrimination in the application process. If you receive cost reimbursements, the corresponding accounting documents will be processed to fulfill the retention obligations under commercial and tax law. The legal basis for data processing is therefore Art. 6 para. 1 lit. b) GDPR, insofar as the data processing serves to decide on the establishment of an employment relationship and insofar as the data is then included in the employment relationship. If the storage serves to safeguard claims, the legal basis is Art. 6 para. 1 lit. f) GDPR. The legitimate interest here is the preservation of evidence documents for possible defense. We process information and documents that are not required for the aforementioned purposes on the basis of your implied consent pursuant to Art. 6 para. 1 lit. a) GDPR, which you have given us by sending it to us. Insofar as you receive cost reimbursements from us, the legal basis is Art. 6 para. 1 lit. c) GDPR.

We store the data required for the successful application and for the employment relationship until the end of the employment relationship and for a period of up to 3 years thereafter. We continue to process the data relating to an application that we had to reject for a period of 6 months after sending the rejection in order to safeguard our legitimate interests. If claims are made against us as part of a process, we store the data until the process is concluded. This also applies accordingly to data received voluntarily. If you receive cost reimbursements, the corresponding accounting documents will be stored until a maximum of March 31 of the eleventh calendar year after payment in order to comply with commercial and tax law retention obligations; in the case of commercial and business letters and other tax-relevant documents, the seventh calendar year after their creation.

You have a right of revocation with regard to the voluntarily provided data, which you can exercise at any time towards the controller in accordance with § 1.

§ 17 Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights towards the controller pursuant to Section 1:

– Right to information
– Right to correction
– Right to restriction of processing
– Right to deletion
– Right to consultation
– Right to data transferability
– Right to objection to processing
– Right to automated decision-making in individual cases, including profiling
– Right not to be subject to an automated decision
– Right to lodge a complaint with a supervisory authority

  • Right to information

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request information free of charge from the controller at any time about the personal data stored about you and about the following information:

  • the purposes for which the personal data are processed;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • the planned storage period of the personal data relating to you or, if concrete information on this is not possible, criteria for definition of the storage period;
  • the existence of a right to rectification or deletion of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • all available information about the origin of the data if the personal data is not collected from the data subject;
  • the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

  • Right to correction

You have the right to obtain from the controller without undue delay the rectification and/or completion of inaccurate or incomplete personal data concerning you.

  • Right to restriction of processing

Under the following conditions, you can demand that the controller immediately restricts the processing of your personal data:

  • if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the deletion of the personal data and request the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
  • if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

  • Right to deletion

You have the right to obtain from the controller the deletion of personal data concerning you without undue delay where one of the following grounds applies:

  • The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  • The personal data concerning you has been processed unlawfully.
  • The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
  • The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

If the controller has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 para. 1 GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, will request the deletion of all links to these data from them. personal data or copies or replications of such personal data.

The right to erasure does not exist if the processing is necessary

  • to exercise the right to freedom of expression and information;
  • o comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the purposes of this processing, or
  • To establish, exercise or defend legal claims.
  • Right to consultation

If you have asserted the right to rectification, deletion or restriction of processing towards the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification/deletion/restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients vis-à-vis the controller.

  • Right to data transferability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

  • the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
  • the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

To assert the right to data portability, the data subject may contact the controller at any time.

  • Right to objection to processing

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point e or f of Article 6(1) GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility to exercise your right to object in connection with the use of information society services – regardless of Directive 2002/58/EC – by means of automated procedures that use technical specifications.

To exercise the right to object, the data subject may contact the controller directly.

  • Right to withdraw consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can contact the controller for this purpose.

  • Right to automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  • is necessary for the conclusion or performance of a contract between you and the controller,
  • is authorized by Union or Member State law to which the controller is subject and which also contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
  • with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

If the data subject wishes to assert rights relating to automated decisions, they can contact the controller at any time.

  • Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR. The authority responsible for us is

The Bavarian State Office for Data Protection Supervision

Promenade 18

91522 Ansbach

Phone: 0981/180093-0

www.lda.bayern.de

§ 18 Changes to the privacy policy

We reserve the right to change our privacy practices and this policy to reflect changes in relevant laws or regulations or to better meet your needs. Possible changes to our data protection practices will be announced here accordingly. Please note the current version date of the privacy policy.

Stand: 19.02.2025