Data protection statement

(1) This data protection statement clarifies the nature, scope and purpose of the processing of personal data as part of our online offering and the associated websites, functions and content (hereinafter collectively referred to as “online offering” or “website”). The data protection statement shall apply irrespective of the domains, systems, platforms and devices (e.g. PC or mobile) used to provide the online offering.

(2) The terms used in this data protection statement correspond to the wording of the General Data Protection Regulation (GDPR), in particular the definitions in Article 4 of the GDPR. For a better understanding, we have defined the terms relevant for this statement below:

(3) We also use the term “user” in this statement. This has the same meaning as the term “data subject” as defined in the GDPR. All of our online visitors are to be included here, regardless of whether we already have contractual associations with them or not.

(4) All terminology used in this statement, such as “user”, shall be neutral in gender.

(5) We abide by the pertinent data protection regulations within the scope of our business activities. We therefore only process users' personal data if legal permission has been granted. In accordance with statutory regulations, we are permitted specifically to process personal data if this processing is required to perform our contractual services (e.g. order processing) and online services, or the processing is based on the statutory obligations imposed on us. We are also permitted to process this data if the data subject has given consent and/or if we process the data in view of legitimate interests (e.g. for tracking (cyber) attacks on our (computer) system that could result in prosecution).

(6) Data processing Controller:

(7) The legal basis for data processing in the context of consent from the data subject is Article 6 (1a) and Article 7 GDPR, for processing to perform our services and implement contractual measures Article 6 (1b) GDPR, for processing to fulfill our legal obligations Article 6 (1c) GDPR, and for the legal basis for processing to safeguard our legitimate interests Article 6 (1f) GDPR.

(1) With regard to safeguarding the personal data of our users, we have implemented the very latest organizational, contractual and technical security measures.

(2) These security measures include in particular the encrypted transmission of data between the browser of the respective user and our Server.

(3) However, we would like to point out that e-mails can be saved and sent without encryption.

(1) Data shall only be disclosed to third parties in line with legal requirements. In general, we shall only disclose user data to (outside) third parties if required for contractual use, e.g. based on Article 6 (1b) GDPR, if we are legally required to do so or if it is in our legitimate interests in accordance with Article 6 (1f) GDPR.

(2) When we employ subcontractors to provide our services, we take the appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the pertinent legal regulations. We also require our subcontractors to comply with data protection regulations, in particular by taking the necessary technical and organizational measures.

(3) If our Internet offering includes content, tools or other material from other providers (hereinafter collectively referred to as “third-party providers”) and their headquarters are located in a country outside the scope of GDPR (in other words, outside the European Union, or European Economic Area), it should be assumed that a data transfer (also) takes place in this country. The transfer of data in such countries (“third countries”) will only take place if there is an adequate level of data protection in these countries, if the users have given their consent regarding this transfer or if legal permission has been granted.

(4) We currently use the following third-party provider applications on our Website:

a. Google Tag Manager

Our website uses Google Tag Manager. Using this service, website tags can be managed via one interface. Google Tag Manager only implements tags and this means that no cookies are used and no personal data is collected. Google Tag Manager triggers other tags which, in turn, may collect data. However, Google Tag Manager does not access this data. If deactivation is carried out at the domain or cookie level, it remains in place for all tracking tags, provided they are implemented with Google Tag Manager.

For more information on Google Tag Manager, see:

HTTPS://SUPPORT.GOOGLE.COM/TAGMANAGER

b. Google Maps

Our website has integrated Google Maps on its subpage: https://www.vollmer-group.com/en/company/locations. This tool is used to display the relevant selected VOLLMER location. Here, the user can choose between the different views, e.g. Terrain, Satellite, StreetView. Users can also move the map as well as zooming in/out.

For additional functions such as directions, which enable the user's location to be determined, the user must, however, switch to the official Google Maps website. The VOLLMER location is not transferred in this case.

c. SurveyMonkey

For individual surveys, the VOLLMER website uses the SurveyMonkey online service (SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland) to create and analyse online surveys. Participation is voluntary. The legal basis is by consent under Article 6(1a) GDPR. The surveys are integrated into our website via a frame.

Even if you participate in an anonymous survey, SurveyMonkey collects information about the device and application that you use to participate in the survey. This includes the IP address, the version of your operating system, the device type and information on the system and performance on the browser type. (Where the data will be stored, how long will it be stored for, when will it be erased?) If you participate in the survey using a mobile device, SurveyMonkey also records the UUID of the device. SurveyMonkey also uses tracking services of third party providers which, in turn, use cookies and page tags to collect usage data and user statistics. The scope of the data collected by SurveyMonkey is beyond the control of VOLLMER.

You can find more information on the cookies used by SurveyMonkey, data protection and the storage period via the following link: https://de.surveymonkey.com/mp/legal/privacy-policy/

Since the data collected by SurveyMonkey may also be transmitted to servers in the USA, Survey Monkey is certified in accordance with the Privacy Shield Framework. (This takes into account the standard contractual clauses. Note: The Privacy Shield Framework has been declared invalid).

https://www.privacyshield.gov/participant?id=a2zt0000000Gn7zAAC&status=Active

As a participant in a survey, you can contact us at any time and request the survey data you have provided to be erased. This includes your personal data, if this has been collected (see also the notes on storage above). It is not possible to subsequently correct individual answers after submitting the survey.

VOLLMER has embedded Survey Monkey on its website in order to measure the satisfaction of (potential) customers in various areas. The feedback can be submitted anonymously by the survey participant by skipping the request for contact details and leaving the fields empty. Therefore not all points are specified as mandatory fields. If the participant wishes us to personally address their constructive criticism after the survey, we ask them to fill out the contact details section.

The questions are primarily formulated as analysis questions, which means that they do not allow any conclusions to be drawn about the participant. In every survey, there is, however, an open question where the participant can provide their own comments or suggestions for improvement. If the participant refers to a specific case here, then it is possible to draw conclusions.

VOLLMER does not use the surveys to process individual complaints, but simply to obtain a broad picture of the satisfaction level with regards to its products and services, so it can continually improve its processes and products in line with certification. The surveys are voluntary and can be aborted at any time, even during processing.

d. YouTube plugin

We also use a plugin from the provider YouTube. YouTube is run by YouTube LLC, which has its principal place of business at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., which has its headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you open web pages featuring this plugin from our websites or click on the YouTube logo, a link to the YouTube servers is established and the plugin is shown. The YouTube server will then receive information regarding which of our web pages you have visited. If you are logged on as a YouTube user, YouTube will assign this information to your personal user account. When you use the plugin, e.g. by clicking the start button on a video, this information will also be assigned to your user account. You can prevent this assignment by logging out of your YouTube user account, and any other user accounts run by the companies YouTube LLC or Google Inc., before using our web page and deleting the relevant company Cookies.

To learn more about the purpose and extent of data collection and the further processing and use of the data by YouTube, as well as your rights in this regard and the settings available to protect your privacy, please see the data protection information from YouTube: www.google.de/intl/de/policies/privacy/

(1) If personal data is sent to us via e-mail, we use it exclusively within the framework of the legal permissions, i.e. to process any inquiry or within the scope of the given consent (Article 6 (1a) GDPR) or – if the e-mail contact results in the conclusion of a contract – to fulfill our contractual obligations in accordance with Article 6 (1b) GDPR. During processing, users' personal data gained in this way is kept separately from other personal data gained in other business operations.

(2) If applications are sent to us electronically, we process the personal data included solely for the purpose of handling the application process (Article 6 (1a) GDPR). If we then go on to conclude an employment contract with the applicant, the data submitted is processed and stored for the purpose of handling the employment relationship while taking the legal requirements into account. If an employment contract does not materialize, the application documents are deleted if and so long as there are no legitimate interests against this on our part, such as a burden of proof in a procedure according to the General Act on Equal Treatment (AGG).

(3) With the following information, we would like to inform you about the content of our newsletter and the registration, shipping and statistical evaluation procedures as well as your rights to object:

(1) We collect data about each access to the server containing this service (server log files). The access data includes the name of the visited website, file, date and time of retrieval, transferred data volume, confirmation of successful retrieval, browser type and version, the user's operating system, referrer URL (previously visited page), IP address and the requesting Provider.

(2) For security reasons (e.g. to clarify any misuse or fraudulent behavior), log file information is stored for a maximum of seven days and then erased. If data has to be kept as evidence, it is excluded from erasure until the specific incident has been conclusively clarified.

(3) This data has to be collected for technical reasons in order to provide our Internet offering, so that data collection is based on our legitimate interests pursuant to Article 6 (1f) GDPR.

To operate our website, we strictly use the necessary cookies based on legitimate interest (Article 6(1f) GDPR). Our legitimate interest is in ensuring that our website works properly and can be used optimally. These types of cookies are also not transferred to third parties. Strictly necessary cookies simply ensure that the strictly necessary functions are operational when you visit our website. This involves, for example, the language selection by session cookies (which are deleted when the browser is closed).

We do not use marketing cookies, personalisation cookies or tracking technologies. We, therefore, do not analyse or pass on personal data.

(1) Users have the right to receive information free of charge at any time about:

(2) The users also have the following rights:

(1) The data stored with us will be erased as soon as it is no longer required for its intended purpose and the erasure does not oppose any legal retention requirements. If user data is not erased because it is required for other and legally authorized purposes, processing of such data is restricted. In other words, the data is locked and not processed for other purposes. This applies, e.g. for user data that has to be stored for commercial or fiscal reasons.

(2) According to legal requirements, data is stored e.g. for six years in accordance with Section 257, paragraph 1 of the German Commercial Code (HGB) (account books, inventories, opening balances, annual financial statements, business letters, accounting records, etc.) and for ten years in accordance with Section 147 paragraph 1 of the German Fiscal Code (AO) (accounts, records, management reports, accounting records, business and commercial letters, taxation-relevant documents, etc.).

(1) We reserve the right to amend the data protection statement in line with changed legal situations, or in the event of changes to services and to data processing. However, this only applies with regard to statements about data processing. Provided that user consent is required or parts of the data protection statement contain regulations for the contractual relationship with the users, the changes will only be made in agreement with the users.

(2) Users are requested to keep themselves up to date with the content of the data protection statement.

Data protection statement last updated May 25th, 2018