Data privacy

a) Introduction

We take the protection of your data very seriously and abide strictly by the applicable provisions of data protection legislation. Personal details are only captured on this website to the extent necessary for technical and organizational reasons. The following explanation gives you an overview of how we go about assuring the protection of your personal details and what type of data is captured, and for what purpose.

To safeguard the security of your data during the transmission process, we also use the state-of-the-art SSL/TLS encryption process.

b) Responsible entity

Name and address of the responsible party

Directors authorised to represent the company:

Nikolaus Kerssenbrock and Florian Laube

Petek Reinraumtechnik GmbH
Wilhelm-Moriell-Str. 1
D – 78315 Radolfzell

Data Protection Officer

If you have any questions or wish to receive information, you can contact our external Data Protection Officer at any time. Here are his contact details:

Oliver Offenburger, M.Sc.

eye-i4 GmbH
Data Protection Department
Mönchweilerstrasse 12
78048 Villingen-Schwenningen
Telefon: 07721 69724 00
Fax: 07721 69724 01
Web: https://eye-i4.de

Our preferred form of communication is e-mail. However, you are also welcome to contact our Data Protection Officer by post or over the phone. If you wish to encrypt your e-mail to our Data Protection Officer, we advise you to read the following section.

Notes about enquiries:

For any e-mail enquiry during the normal hours of business, we confirm receipt of your message on the same day. If you do not receive confirmation, please phone us. If you wish to send in a question by post, we shall send you an acknowledgement of receipt on the day of delivery 
and no later than one day after delivery. If you do not receive an acknowledgement from us, please phone us.

To make a telephone enquiry, please using the direct-line phone number of our data protection partner, eye-i4 GmbH.

Encryption of e-mails to our Data Protection Officer

We always recommend the encryption of e-mail messages. To safeguard confidentiality and integrity, we therefore ask you to encrypt your enquiries to our Data Protection Officer.

We use PGP for encryption. You can find information about free-of-charge ways of using this and the facility on our website for our Data Protection Officer. See the following link:

https://eye-i4.de/blog-kostenlose-pgp-verschluesselung.html

You can download our PGP key from the following link:

Link to the PGP key

If you wish to have verification of the fingerprint, please contact our data protection partner, eye-i4 GmbH.

For any other questions about encryption, you can consult our Data Protection Officer.

c) General points on data processing

Scope for processing personal details

Without exception, we only process the personal details of our users to the extent that this is necessary to provide a functionally capable website and is required in relation to our contents and services. The processing of the personal details of our users takes place regularly, and only with the consent of the user. An exception only applies in cases in which the prior obtaining of consent is not possible for genuine reasons, and where the processing of data is permitted by legislative stipulations.

The legal basis for the processing of personal details

To the extent that we retrieve the consent of the person involved for any processing transactions involving personal details, Art. 6 Para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as a legal basis.

When processing personal details required to fulfil a contract and where the party to contract is the person involved, Art. 6 Para. 1 lit. b of GDPR serves as a legal basis. This also applies to the processing of transactions required to perform pre-contractual measures.

To the extent that the processing of personal details is required to fulfil a legislative obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR serves as a legal basis.

In the event of the life-crucial interests of the person involved or of another natural person making it necessary to process their personal details, Art. 6 Para. 1 lit. d GDPR serves as a legal basis.

If processing is required to protect a justified interest of our company or of a third party, and if the interests, basic rights and basic freedoms of the party involved do not outweigh the aforementioned prior interest, Art. 6 Para. 1 lit. f GDPR serves as a legal basis for processing.

Deletion of data and length of time in storage

The personal details of the person involved are deleted or blocked as soon as the purpose of storage no longer applies. Storage can also occur if provision is made for this to happen in European or national legislation, in EU-wide directives, laws or other stipulations to which the responsible party is subject. Blockage or deletion of data can also take place if a storage period specified in the aforementioned standards expires, unless a need for continued storage of those details exists for the conclusion of a contract or for fulfillment of a contract.

d) Creation of log files

Description and scope of data processing

Every time our website is called up, our system automatically records data and information from the IT system of the computer that made that call.

The following items of data are logged in this process:

  • Domain
  • Anonymised Client-IP: To identify the source of any attacks from the hosting server, we keep a record of IP addresses. As is standard in this sector, we store these for a maximum of seven days. Then these details are anonymised.
  • Timestamp: this contains the details of the date and time of any visit to this website.
  • Request line: This is the path of the target address without the domain.
  • Status code
  • Size of the Response Body: Whenever a visitor goes to this website, he downloads temporary data. This can for example include the images and texts that the visitor sees on his browser. The log file shows the volume of this data.
  • Referrer, sent by the client: This box shows the page from which the visitor came to this website.
  • User Agent, sent by the Client: Type and version of the browser and operating system used by the visitor.

No storage of this data is combined with the storage of other personal details of the user.

Legal basis for data processing

The legal basis for temporary storage of data and logfiles is Art. 6 Para. 1 lit. f GDPR.

Purpose of data processing

The storage of the IP address in log files takes place to safeguard the functional capability of the website. Furthermore, this data is used to optimize the website and to safeguard the security of our IT systems. No evaluation of this data for marketing purposes takes place in this context.

These purposes also include our justified interest in data processing as defined in Art. 6 Para. 1 lit. f GDPR.

Length of time in storage

In the event of storage of data in logfiles, storage is restricted to a maximum period of 90 days.

Scope for objection and remedial action

The recording of data to provide to the website and the storage of data in logfiles is vitally necessary for operation of the website. Consequently, the user has no right of objection.

e) Consent Management Platform

The Usercentrics Consent Management Platform tool is used to manage cookies.

This is a consent management service.

Processing company
Usercentrics GmbH
Sendlinger Str. 7, 80331 Munich, Germany

Data processing purposes

  • Compliance with legislative obligations
  • Storage of consent

Technologies used

  • Local storage
  • Cookies

Data attributes

  • Consent “Yes” or “No”
  • Log file data (IP (anonymised))

Data captured

This list contains all (personal) details collected from or through use of this service.

The request URLs on the website and on the side path are data that are recorded by the Taglogger. The Taglogger is always active and tracks which technologies are enabled. Users then only have access to this data if the Taglogger function has been enabled for them. Data is only transmitted if this function is not enabled.

  • Device information
  • Browser information
  • Anonymised IP address
  • Opt-in- and opt-out data
  • Date and time of visit
  • Request URLs for the website: Side path on website
  • Geographical location

Legal basis

The following section is named after the legal basis defined in Art. 6 I 1 of GDPR for the processing of personal details.
Art. 6 para. 1 s. 1 lit. c GDPR

Location of processing

European Union (consent database is located in Belgium)

Storage period

The consent data (consents granted and revoked) are stored for three years. Data is exported at the end of the term of contract.

Data recipient

Usercentrics GmbH

Data protection officer of the processing company

The next section contains the e-mail address of the Data Protection Officer of the processing company.

datenschutz@usercentrics.com

Further information and opt-out
Click here to read the data protection provisions of the data processor https://usercentrics.com/privacy-policy/

f) Contact form and e-mail contact

Description and scope of data processing

There is a contact form on our website that can be used for making contact electronically. If a user takes this opportunity, the data entered in the input screen are then transferred to and stored by ourselves. These data are:

First name, surname, e-mail address, telephone number, free text

Im Zeitpunkt der Absendung der Nachricht werden zudem Datum und Uhrzeit gespeichert.

When the message is sent out, the date and time are also saved.

For the processing of data, your consent is obtained as part of the sending process, with reference to this data protection statement.

Alternatively, contact can be established using the e-mail address provided. In such cases, the personal details of the user communicated by e-mail are stored. However, please note that the confidentiality of e-mails or of other forms of electronic communication on the Internet is not assured in any shape or form. For confidential information, we therefore recommend that you use the postal system.

This prevents any communication of data to third parties in this context. The data will only be used for processing the conversation.

Legal basis for data processing

Art. 6 Para. 1 lit. a GDPR is the legal basis for processing data, once the consent of the user has been obtained.
Art. 6 Para. 1 lit. f GDPR is the legal basis for processing data communicated as part of the transmission of an e-mail. If the e-mail contact is aimed at conclusion of a contract, the additional legal basis for processing is provided by Art. 6 Para. 1 lit. b GDPR.

Purpose of data processing

We only process personal details from the input screen for getting in contact with you. In the event of contact being made by e-mail, the required and justified interest in processing data also proceeds from this.
The other personal details processed during the Send process serve to prevent misuse of the contact form and to safeguard the security of our IT systems.

Length of time in storage

The data are deleted as soon as they are no longer needed to achieve the purpose for which they were recorded. This is then the case for the personal details from the input screen on the contact form and the details transmitted by e-mail once the conversation with the user is over. The conversation is deemed to be over if circumstances make it clear that the affected content has been concluded in full.

The personal data captured during the Send operation are deleted no more than seven days later.

Scope for objection and remedial action

At any time, the user has the option of revoking his consent to the processing of his personal details. If the user makes contact with us by e-mail, he can revoke any storage of his personal details at any time. In such cases, the conversation will not be continued.
The user can also object to the option of having his personal details stored with a postal letter.
The user can also object to the option of having his personal details stored with a postal letter.
All personal details stored in the process of making contact are deleted in cases of this kind.

g) Application form

Description and scope of data processing

There is an application form on our website that can be used for communicating application documents electronically. If a user takes this opportunity, the data entered in the input screen are then transferred to and stored by ourselves. These data are:

Personal details: Surname, first name, street/house number, postcode, town, e-mail address, telephone number

When the message is sent out, the date and time are also saved.

For the processing of data, your consent is obtained as part of the sending process, with reference to this data protection statement.

Legal basis for data processing

Art. 6 Para. 1 lit. a GDPR is the legal basis for processing data, once the consent of the user has been obtained.
Art. 6 Para. 1 lit. f GDPR is the legal basis for processing data communicated as part of the transmission of an e-mail. If the e-mail contact is aimed at conclusion of a contract, the additional legal basis for processing is provided by Art. 6 Para. 1 lit. b GDPR.

Purpose of data processing

We only process personal details from the input screen for getting in contact with you. In the event of contact being made by e-mail, the required and justified interest in processing data also proceeds from this.
The other personal details processed during the Send process serve to prevent misuse of the contact form and to safeguard the security of our IT systems.

Length of time in storage

The data are deleted as soon as they are no longer needed to achieve the purpose for which they were recorded. For personal details from the input screen on the application form, this applies if the advertised vacancy has been filled.

Scope for objection and remedial action

At any time, the user has the option of revoking his consent to the processing of his personal details. If this is the case, application processes cannot be continued.

h) Transferring of personal details to third parties

Font Awesome

To ensure a uniform presentation of fonts and icons, our website uses what are known as Web Fonts and Icons respectively, provided by Fonticons, Inc.. When a page is called up, your browser loads the Web Fonts and/or Icons it needs into the browser cache to display texts, fonts and icons correctly.

For this purpose, the browser link used by you must connect up to the Fonticons, Inc. servers. This informs Fonticons, Inc. that our website has been called up by your IP address. Font Awesome is used in the interests of a uniform and appealing presentation of our online offers. This constitutes an entitled interest as defined in Art. 6 Para. 1 lit. f of GDPR.

If your browser does not support Font Awesome, a standard font from your computer is used. You can find more information about Font Awesome at https://fontawesome.com/help and in the data protection declaration from Fonticons, Inc.: https://fontawesome.com/privacy.

Google Analytics

General procedure when using Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; „Google“). Use includes the Universal Analytics operating mode. This makes it possible to assign data, sessions and interactions across several devices to a pseudonym user ID and then to analyze the activities of a user across a range of appliances.

Google Analytics uses what are known as cookies. Cookies are text files that are placed on your computer to permit an analysis of your use of the website. The information generated by the cookies with respect to your use of this website will be generally transmitted to and stored by a Google server in the USA.

However, should you access this website from a member state of the European Union or from another country that is party to the Agreement on the European Economic Area, and in case IP anonymization is activated on this website, Google will truncate your IP address before transmission. Only in exceptional cases is the full IP address transferred to the server of Google in the US and truncated there. The IP address transferred by your browser via Google Analytics will not be merged with other Google data. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website to compile reports on website activities and to provide the website operator with other services relating to website activity and internet usage. Our justified interest in data processing resides in these purposes.

The legal basis for using Google Analytics is Section 15 Para. 3 TMG or Art. 6 Para. 1 lit. f GDPR. The data sent to us and linked to cookies, forms of user identification (e.g. user ID/userid) or advertising IDs are deleted automatically after 14 months. The deletion of data that has reached the end of its storage period takes place automatically once a month.
For more information about conditions of use and data protection, please consult https://www.google.com/analytics/terms/de.html bzw. https://policies.google.com/?hl=de.

You can prevent cookies from being stored by changing your browser software settings accordingly; however, please be advised that in such a case you might not be able to use all functions of this website to their full extent. Furthermore, you can prevent collection of the data generated by the cookie regarding your use of the website (incl. your IP address) and the processing of these data by Google by downloading and installing the browser plug-in provided by Google for deactivation of Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=de).

Opt-out cookies prevent your data from being captured at a future date when you visit this website. To prevent the capture of your details by Universal Analytics across a range of different devices, you must perform the Opt-Out on all of the systems you have used. If you click here, the Opt-Out cookie is set:

j) Deletion and management of cookies

j) Rights of the affected person

Right to information

You can require of the responsible party confirmation that your personal details are being processed by us.
If such processing is being performed, you can demand that the responsible party provides you with the following items of information:

  1. the purposes to which your personal details are being processed;
  2. the categories of personal details that are being processed;
  3. the recipients and/or categories of recipient to whom your personal details have been sent or will be disclosed;
  4. the planned duration of storage of your personal details or, if specific information cannot be provided, the criteria that govern the length of storage time;
  5. the existence of a right to correct or delete your personal details, a right to restrict the processing of those details by the responsible party or a right of objection to this processing;
  6. the existence of a right to object to a supervisory authority;
  7. all available information about the origin of data if the personal details were not obtained from the person involved or affected;
  8. the existence of an automated decision-making process in respect of profiling as defined in Art. 22 Para. 1 and 4 GDPR and – at least in these cases – substantive information about the logic involved and the extent of it, and the sought after implications of processing of this nature on the affected person.

You have the right to demand information about whether your personal details have been communicated to a third country or to an international organization. In this context, you can demand, through the appropriate guarantees enshrined in Art. 46 GDPR, to be duly notified of any such transfer of your personal details.

Right to correction

You have a right to correction and/or completion in favor of the responsible party, provided that your processed personal data are inaccurate or incomplete. The responsible party must make the correction immediately.

Right to restriction of processing

Under the following circumstances, you can demand the right to restrict the processing of your personal details:

  1. if you dispute the accuracy of your personal details for a period that enables the responsible party to check the accuracy of those personal details;
  2. the processing is unlawful and you decline to have your personal details deleted and instead stipulate that a restriction be placed on the use of your personal details;
  3. the person responsible no longer needs your personal details for the purposes of processing but where you need to have them to enforce, exercise or defend legal claims, or
  4. if you have objected to this processing in accordance with Art. 21 Para. 1 GDPR and it has not yet been established whether the justified grounds of the responsible party outweigh your own grounds.

If the processing of your personal details has been restricted, this data – except for your storage of same – can then only be processed with your prior consent or used to enforce, exercise or defend legal claims or to protect the rights of another natural person or legal entity of for reasons of an important public interest of the European Union or of one of its member states.
If the restriction on processing arose for one of the reasons listed above, you will be notified by the responsible person before the restriction is lifted.

Right to deletion

Deletion obligation

You can demand that the responsible person deletes your personal details without delay and the responsible person is then obliged to delete those details immediately, providing that one of the following reasons applies:

  1. your personal details are no longer required for the purposes for which they were recorded or were processed in some other manner;
  2. you revoke your consent on the basis of which processing as defined in Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a is founded upon GDPR and in the absence of any other legal basis for the processing of that data;
  3. you raise an objection in accordance with Art. 21 Para. 1 GDPR to the processing of that data and there are no priority grounds justifying this processing, or if you object to the processing in accordance with Art. 21 Para. 2 of GDPR;
  4. your personal details were processed unlawfully;
  5. deletion of your personal details is required to fulfil a legal obligation founded upon EU Law or upon the law of a member state to which the responsible party is subject;
  6. your personal details were recorded with reference to services offered to the information society in acc. with Art. 8 Para. 1 GDPR.

Information to third parties

If the responsible party has placed your personal details in the public domain and is obliged in accordance with Art. 17 Para. 1 GDPR to delete those details, that party shall instigate appropriate and also technical measures reflecting available technology and implementation costs to inform the people responsible for data processing and who are processing your personal details to the effect that you, as the affected person, have demanded that they delete all links to this personal data, as well as all copies or replications of those personal details.

Exceptions

The right to deletion does not apply if processing is essential

  1. to exercise the right to freedom of expression and information;
  2. to fulfil a legal obligation to which the processing of data is subject under EU Law or the law of one of its member states to which the responsible party is subject, or to perform a task that is in the public interest or in the exercise of government power entrusted to the responsible party;
  3. for reasons of public interest in the field of public health in accordance with Art. 9 Para. 2 lit. h as well as i Art. 9 Para. 3 GDPR;
  4. for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes as defined in Art. 89 Para. 1 GDPR, provided that the right named in section “Right to deletion / deletion obligation” can be presumed to render the achievement of these objectives impossible or poses a serious impediment to them, or
  5. for the enforcement, exercise or defence of legal claims.

Right to notification

If you have invoked the right to correct, delete or restrict processing on the part of the responsible party, that party is obliged to communicate to all recipients to whom your personal details were disclosed that those details have been corrected or deleted, or that a restriction has been placed upon processing, unless this proves to be impossible or to entail a disproportionate amount of time and effort.
You have the right to be advised of these recipients by the responsible party.

Right to the transferability of data

You have the right to obtain the personal details that you provided to the responsible party in a structured, accessible and machine-readable format. You also have the right to transfer this data to another responsible party without impediment from the responsible party to whom your personal details were first provided, subject to

  1. processing being based on consent as defined in Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract in accordance with Art. 6 Para. 1 lit. b GDPR and
  2. processing takes place with the help of automated procedures.

In exercising this right, you also have the right to have your personal details communicated directly from one responsible party to another, to the extent that this is technically feasible. This action must not adversely affect the freedoms and rights of other people.

The right to transferability of data does not apply to the processing of personal details required for the performance of a task that is in the public interest, nor in the exercise of government power, where such authority has been invested in the responsible party.

Right of objection

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal details, in accordance with Art. 6 Para. 1 lit. e or f GDPR; this also applies to any profiling based upon these provisions.
The responsible party will then cease to process your personal details unless compelling grounds associated with data protection verify that this processing operation outweighs your interests, rights and freedoms, or that processing serves the enforceability, exercise or defence of legal claims.
If your personal details are processed in the context of direct advertising efforts, you have the right to object at any time to the processing of your personal details for this kind of advertising. This also applies to profiling, to the extent that this is associated with direct advertising of this kind.
If you object to this processing for the purposes of direct advertising, your personal details will then cease being processed for these purposes.
You have the option, in conjunction with the use of the services of the information society – regardless of Directive 2002/58/EC – to exercise your right of objection by means of an automated process in which technical specifications are used.

Right to revocation of the declaration of consent associated with data protection legislation

You have the right in accordance with data protection legislation at any time to revoke your declaration of consent. Revocation of your consent does not affect the legitimate nature of any processing that may have taken place before your revocation.

Automated decision in individual cases, including profiling

You have the right not to be the subject of a decision reached solely by a process of automated processing – including profiling – that reveals itself to run counter to your legal interests or that adversely affects you in some similar way. This does not apply if the decision

  1. is required for the conclusion or fulfillment of a contract between you and the responsible party,
  2. is permitted under the legal stipulations of the European Union or its member states to which the responsible party is subject and if these legal stipulations include appropriate measures to safeguard your rights and freedoms and your justified interests or
  3. occurs with your express consent.

However, these decisions must not be based upon particular categories of personal details as defined in Art. 9 Para. 1 GDPR unless Art. 9 Para. 2 lit. a or g GDPR applies and if adequate measures were taken to protect your rights and freedoms and your justified interests.
In respect of the cases named in (1) and (3), the responsible party shall take appropriate measures to protect your rights, freedoms and justified interests, whereby at least the right of the responsible party to act in response to the intervention of a person shall pertain to enable a personal point of view to be presented, and to defend a contested decision.

Right to object to a supervisory authority

Regardless of any other form of administrative legislation or court legal assistance, you have the right to object to a supervisory authority, in particular in the member state where you have your place of residence, your place or work or the place where the alleged infringement or violation took place, if you are of the view that the processing of your personal details is in violation of GDPR legislation.
The supervisory authority to whom the objection is submitted shall notify the plaintiff of the status and outcomes of the objection, including the scope for obtaining legal assistance in accordance with Art. 78 GDPR.