Data protection statement

(1) This privacy policy informs you about the type, scope and purpose of the processing of personal data within our online offer and the websites, functions and content connected to it (hereinafter jointly referred to as "online offer" or "website"). The privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) used on which the online offer is executed.

(2) The terms used in this privacy policy correspond to the wording of the General Data Protection Regulation (GDPR), in particular the definitions in art. 4 GDPR. For better understanding, we have defined the terms relevant to this declaration below:

a. „personal data“ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

b. „Data subject“ is any identified or identifiable natural person whose personal data are processed by the controller.

c. „processing“means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

d. „restriction of processing“ means the marking of stored personal data with the aim of limiting their processing in the future;

e. „profiling“ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

f. „pseudonymisation“ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

g. „controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

h. „processor“ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

i. „recipient“ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

j. „third party“ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

k. „consent“ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; The personal data of users processed within the scope of this online offer includes inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of clerks, payment information), usage data (e.g., the web pages visited on our online offer, interest in our products) and content data (e.g., entries in the contact form).

(3) In addition, we use the term "user" in this statement. This has the same meaning as the term "data subject" within the meaning of the GDPR. This includes all visitors to our online offer, regardless of whether we already have a contractual relationship with them or not.

(4) All terms used in this declaration, such as "user", are to be understood as gender-neutral.

(5) In the course of our business activities, we comply with the relevant data protection provisions. We therefore only process users' personal data if we have legal permission to do so. According to the legal regulations, we are permitted in particular to process personal data if this processing is necessary for the provision of our contractual services (e.g. processing of orders) and online services, or if the processing is based on legal obligations imposed on us. In addition, we are permitted to process this data if we have the consent of the data subject and/or if we process the data as a result of legitimate interests (e.g. to track criminal (cyber) attacks on our (computer) system).

(6) Controller for data processing is:

VOLLMER WERKE Maschinenfabrik GmbH

Ehinger Straße 34
88400 Biberach / Riß
Deutschland

Tel.: +49 (0) 7351 / 571 - 0
Fax: +49 (0) 7351 / 571 - 130
E-Mail: INFO@VOLLMER-GROUP.COM

registered office of the company Biberach

Amtsgericht Ulm HRB 640007
Umsatzsteuer Ident-Nr.: DE 144889422
Steuer-Nr.: 54001/00142

Managing directors authorized to represent the company: Dr.-Ing. Stefan Brand and Jürgen Hauger

Chairman of the Supervisory Board: Martin Kapp

VOLLMER WERKE Maschinenfabrik GmbH
Datenschutzbeauftragter
Ehinger Straße 34
88400 Biberach / Riß
Deutschland
E-Mail: DATENSCHUTZ@VOLLMER-GROUP.COM

(7) The legal basis for data processing in the context of consent of the data subject is art. 6 para. 1 lit. a and art. 7 GDRP, for processing for the fulfillment of our services and implementation of contractual measures art. 6 para. 1 lit. b GDRP, for the processing for the fulfillment of our legal obligations art. 6 para.. 1 lit. c GDRP, and for the legal basis for processing to protect our legitimate interests art. 6 para. 1 lit. f GDRP.

(1) In order to protect the personal data of our users, we take organizational, contractual and technical security measures in accordance with the state of the art.

(2) These security measures include, in particular, the encrypted transmission of data between the respective user's browser and our server.

(3) However, we point out that e-mails can be stored and transmitted unencrypted.

(1) Data is only passed on to third parties within the framework of legal requirements. As a matter of principle, we only pass on users' data to (external) third parties if this is necessary, for example, on the basis of art. 6 para. 1 lit. b GDRP for contractual purposes, if we are legally obliged to do so or if this passing on is based on our legitimate interests pursuant to art. 6 para.. 1 lit. F GDRP.

(2) If we use subcontractors to provide our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations. In addition, we also oblige our subcontractors to comply with the provisions of data protection law, in particular by using the necessary technical and organizational measures.

(3) If content, tools or other means from other providers (hereinafter jointly referred to as "third party providers") are used within the scope of our website and their headquarters are located in a country that lies outside the scope of the GDPR (i.e. outside the European Union or the European Economic Area), it must be assumed that a data transfer (also) takes place to this country. However, the transfer of data to such countries ("third countries") only takes place if an adequate level of data protection exists in these countries or if the users have given their consent to this transfer or if they otherwise have legal permission to do so.

(4) At the moment, we use the following third-party programs on our homepage:

a. Google Tag Manager

Our website uses the Google Tag Manager. Through this service, website tags can be managed via an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.

More information about the Google Tag Manager can be found at:

HTTPS://SUPPORT.GOOGLE.COM/TAGMANAGER
 

b. Google Maps

Our site has integrated Google Maps on its subpage Locations (vollmer-group.com). 
The tool serves only to provide a clear representation of the selected Vollmer location. The user has the option to switch between different displays, e.g. terrain, satellite, StreetView as well as to move and zoom the map.

However, for additional functionalities such as route planning, which allow the user to determine the location, the user must switch to the official Google Maps page. The Vollmer location is not adopted in the process.

c. SurveyMonkey

For individual surveys, our site uses the web service SurveyMonkey (SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland) to create and analyze online surveys. Participation is voluntary. The legal basis is consent pursuant to art. 6 para. 1 lit. a of the GDRP. The surveys are integrated into our website via a so-called frame.

Even when participating in an anonymous survey, SurveyMonkey thereby collects information about the device and application that you use to participate in the survey. This includes your IP address, operating system version, device type, system and performance information, and browser type.  If you participate in the survey through a mobile device, SurveyMonkey also collects the UUID of the device. SurveyMonkey also uses so-called third-party tracking services, which in turn use cookies and page tags to collect usage data and user statistics. We have no control over the amount of data SurveyMonkey collects.

For more information about the cookies used by SurveyMonkey, privacy, and retention periods, please see the following link https://de.surveymonkey.com/mp/legal/privacy-policy/.

The data collected by SurveyMonkey may also be transmitted to servers in the USA. Survey Monkey takes into account the standard contractual clauses in this respect.

As a survey participant, you may contact us at any time and request deletion of your transacted survey data, including personal data if collected. It is not possible to correct individual responses after the survey has been submitted.

We have embedded Survey Monkey on our website to query the satisfaction of (potential) customers on different areas. The feedback can be submitted anonymously by the survey participant by skipping the contact information prompt and leaving the fields blank. All items are therefore not set as mandatory fields. If the participant wishes us to respond individually to his constructive criticism in the follow-up to the survey, we ask him to fill in the contact details.

The questions are largely designed as evaluation questions, so that no conclusions can be drawn about the participant. In each survey, however, there is an open question in which the participant can formulate suggestions or proposals for improvement. If the participant refers to an individual case here, it may be possible to draw conclusions.

We do not use the surveys to deal with individual complaints, but merely to gather a comprehensive picture of the mood regarding our products and services, so that it can also continuously improve its processes and products as part of the certification process. The surveys are voluntary per se and can be cancelled at any time, even during processing.

d. Social Media-Plugins (z.Zt. YouTube-Plugin, Facebook, Instagram und LinkedIn)

(1) YouTube

We use a plugin of the provider YouTube. YouTube is operated by YouTube LLC with headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

If you call up the Internet pages of our website provided with this plugin or click on the YouTube logo, a connection is established to the YouTube servers and the plugin is displayed. This transmits to the YouTube server which of our Internet pages you have visited. If you are logged in as a member of YouTube, YouTube assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube user account as well as other user accounts of the companies YouTube LLC and Google Inc. before using our website and deleting the corresponding cookies of the companies.

For the purpose and scope of the data collection and the further processing and use of the data by YouTube, as well as your rights in this regard and setting options for protecting your privacy, please refer to YouTube's privacy policy: www.google.de/intl/de/policies/privacy/

(2) Facebook

On our website, we have also integrated a social plug-in of the social network "Facebook", which is operated by Facebook Ireland Limited, 4 Grand Canal Square, 2 Dublin, Ireland ("Facebook"). When you call up a page that contains such a plug-in, your browser automatically establishes a background connection to Facebook's servers. The content of the plug-in is transmitted by Facebook directly to your browser and only integrated into our site. Through this integration, Facebook receives the information that your browser has loaded a specific page of our website. This also applies if you do not have a Facebook profile or are not currently logged into Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in Ireland and stored there. If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plug-ins, for example by clicking the "Like" button or posting a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook contacts that you have enabled for this purpose.

The legal basis for this processing of your personal data is art. 6 para. 1 lit. a GDRP (if you have registered with "Facebook") and art. 6 para. 1 lit. f GDRP (if you have not registered with „Facebook“). Insofar as the processing is based on art. 6 para. 1 lit. f GDRP, our legitimate interest is to enable user interaction with our content on Facebook.

The primary purpose of the data collection is to offer you a possibility of social interaction linked to Facebook and thus to make our website interactive. The scope of data collection and the further processing and use of the data you leave behind by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy.

Facebook will store the data relevant for the provision of the web service for as long as it is necessary. Insofar as the data is subject to legal retention obligations, it will be deleted after the retention obligation has expired.

If you do not want the social plug-in to be executed by Facebook, you can also prevent its execution by installing an appropriate addon or script blocker. If you do not want Facebook to assign the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website. The options for objection and removal are also based on the general regulations on the right of objection and deletion under data protection law described below in this data protection declaration.

(3)  LINKEDIN

Our website also contains a web service provided by LinkedIn Ireland Unlimited Company, Wilton Place, 2 Dublin, Ireland (hereinafter: LinkedIn). We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to LinkedIn. The legal basis for the data processing is art. 6 para. 1 lit. f GDRP. The legitimate interest consists in an error-free function of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transferred data can be found in the privacy policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.

You can prevent the collection as well as the processing of your data by LinkedIn by disabling the execution of script codes in your browser or installing a script blocker in your browser.

(4) Instagram

Our website also uses so-called social plugins ("plugins") from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera". An overview of the Instagram plugins and their appearance can be found here:

blog.instagram.com/post/36222022872/introducing-instagram-badges

When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Instagram. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged into Instagram. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plugins, for example by clicking the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed there to your contacts.

For the purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your rights in this regard and setting options for protecting your privacy, please refer to Instagram's privacy policy: https://help.instagram.com/155833707900388/

If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the loading of Instagram plugins with add-ons for your browser, e.g. with the script blocker, such as the "NoScript" software (http://noscript.net/).

e. Google Analytics

On our site, we also use this web tracking service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google Analytics). In the context of web tracking, Google Analytics uses cookies that are stored on your computer and enable an analysis of the use of our website and your surfing behavior (so-called tracking). We carry out this analysis based on the tracking service of Google Analytics in order to constantly optimize our website and make it more available. In the course of using our website, data, such as in particular your IP address and your user activities, are transmitted to servers of the company Google Ireland Limited. We carry out this analysis on the basis of Google's tracking service in order to constantly optimize our Internet offering and make it more available. Likewise, we need the web tracking for security reasons. Web tracking allows us to track whether third parties are attacking our website. The information from the web tracker enables us to take effective countermeasures and protect the personal data processed by us from these cyber attacks. By enabling IP anonymization within the Google Analytics tracking code of this website, your IP address will be anonymized by Google Analytics before transmission. This website uses a Google Analytics tracking code that has been extended by the operator gat._anonymizeIp(); to enable only anonymized collection of IP addresses (so-called IP masking).

The legal basis for the data processing is your consent in our information banner regarding the use of cookies and web tracking (consent through clear confirming action or behavior) in accordance with art. 6 para. 1 lit. a GDRP.

On our behalf, Google will use this information for the purpose of evaluating your visit to this website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. Likewise, we need the web tracking for security reasons. Web tracking allows us to track whether third parties are attacking our website. The information provided by the web tracker enables us to take effective countermeasures and protect the personal data processed by us from these cyber attacks.

Google will store the data relevant to the provision of web tracking for as long as it is necessary to fulfill the booked web service. The data collection and storage is anonymized. If there is a reference to a person, the data will be deleted immediately, provided that it is not subject to any legal obligations to retain data. In any case, the data will be deleted after expiration of the retention period.

You can prevent the collection and forwarding of personal data to Google (in particular your - anonymized - IP address) as well as the processing of this data by Google by rejecting the use of cookies in the information banner on our website, deactivating the execution of script code in your browser or activating the "Do Not Track" setting of your browser. You can also prevent the collection of data generated by the Google cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

Google's security and privacy policy can be found at https://policies.google.com/privacy?hl=de.

f. Equipment Cloud

At this time, we are using the EquipmentCloud® product on our IOT platform. The use of this product requires a separate registration for which additional privacy policy applies. This is listed with the corresponding registration and is available on the Equipment Cloud pages.

For the use of the EquipmentCloud product, the data protection information available there shall take precedence over the information resulting from this Privacy Policy. This means that in the event of an objection, the information available there shall apply. In all other respects, this information shall also apply.

g. Webshop „V-Portal“

Our webshop "V-Portal" is linked on our homepage. When using this link, we also use the technical cookie "Route". The route cookie is used for the load balancing of the Commerce Cloud. This ensures that requests from the same client are always sent to the same server.

The use of the "V-Portal" is only possible via a special, own account. For the provision of the "V-Portal" we therefore have to process personal data. This processing is based on your consent, which you have given us by registering to use the "V-Portal" (art. 6 para. 1 lit. a GDPR). This consent can be revoked at any time (please note, however, that in case of revocation of consent, we can only grant you access to the "V-Portal" to the extent that this is possible without the respective processing of personal data).

The prerequisite for the processing of personal data entered after your registration in the "V-Portal" is the existence of a consent under data protection law vis-à-vis the person who entered this data. You can revoke this consent to this person or to us at any time. However, this may also restrict the usability of the "V-Portal" for you.

With regard to the rights to which you are entitled in relation to your personal data and our handling of this data, we refer to Sections VII and VIII of this data protection declaration.

(1) If personal data is sent to us by e-mail, we use it exclusively within the scope of the legal permission, i.e. for processing a possible inquiry or within the scope of a granted consent (art. 6 para. 1 lit. a GDPR) or - if the e-mail contact is aimed at concluding a contract - for fulfilling our contractual obligations pursuant to Art. 6 para. 1 lit. b GDPR.

(2) If applications are sent to us electronically, we process the personal data contained therein solely for the purpose of handling the application process (art. 6 para. 1 lit. a GDPR). If we subsequently conclude an employment contract with the applicant, the transmitted data will be further processed or stored for the purpose of processing the employment relationship in compliance with the legal requirements. If an employment contract with the applicant is not concluded, we will delete the application documents if and as long as there are no legitimate interests on our part to the contrary, such as a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG).

(3) With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection: 

a. Subscription and logging
The subscription to our newsletter by the user includes the consent to receive the newsletter and the procedures described below. This is therefore a consent under data protection law, which we record for the purpose of verifiability.

b. Content of the newsletter
We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletter") only with the consent of the recipient or a legal permission. Insofar as the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. In addition, our newsletters contain information about our products, offers, promotions and our company.

c. Dispatch service provider:
The dispatch of the newsletter is carried out by means of from here please insert the address of the dispatch service provider,, hereinafter referred to as "dispatch service provider". You can view the data protection provisions of the shipping service provider here: enter the link to the data protection provisions of the shipping service provider here.

Furthermore, the dispatch service provider may use this data in pseudonymous form, i.e. without assigning it to a user, to optimize or improve its own services, e.g. to technically optimize the shipping and display of the newsletter or for statistical purposes to determine which countries the recipients come from. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

d. Registration data:
In order to register for the newsletter, it is sufficient to provide the e-mail address of the respective user. In addition, there is the possibility to optionally provide further personal data. The latter serves solely to address the user personally in the newsletter itself.

e Statistical collection and analyses:
Our newsletter contains a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

f. Legal basis:
The use of the dispatch service provider, the performance of statistical surveys and analyses as well as the logging of the registration process are carried out on the basis of our legitimate interests pursuant to art. 6 para. 1 lit. f GDRP. Our interest is focused on the use of a user-friendly and secure newsletter system that serves our business interests and meets the expectations of users.

g. Cancellation/revocation:
Users may cancel receipt of our newsletter at any time, i.e. revoke their consent. This simultaneously terminates the consent to its dispatch by the dispatch service provider and the statistical analyses. A separate cancellation of the dispatch by the dispatch service provider or the statistical analysis is unfortunately not possible. A link to cancel the newsletter can be found at the end of each newsletter. If users have only registered for the newsletter and cancelled this registration, their personal data will be deleted. As a precaution, we would like to point out that the receipt and/or cancellation of the newsletter usually does not incur any costs other than the transmission costs according to the basic tariff.

h. User claims:
Every user has the rights and claims described in more detail in section VII, which can be asserted against us at any time - also with regard to the consent concerning the newsletter dispatch.

(1) We collect data about each access to the server containing this service (server log files). The access data includes the name of the visited website, file, date and time of retrieval, transferred data volume, confirmation of successful retrieval, browser type and version, the user's operating system, referrer URL (previously visited page), IP address and the requesting provider.

(2) For security reasons (e.g. to clarify any misuse or fraudulent behavior), log file information is stored for a maximum of seven days and then erased. If data has to be kept as evidence, it is excluded from erasure until the specific incident has been conclusively clarified.

(3) This data has to be collected for technical reasons in order to provide our Internet offering, so that data collection is based on our legitimate interests pursuant to Article 6 (1f) GDPR.

(1) Our website uses these to enable certain functions of our website and to integrate external web services. The so-called "cookies" are small text files that your browser can store on your access device. These text files contain a characteristic string that uniquely identifies the browser when you return to our website. The process of saving a cookie file is also referred to as "setting a cookie". Cookies can be set here both by the website itself and by external web services.

(2) The legal basis for this processing of personal data with the aid of cookies is provided to us by art. 6 para. 1 lit. f GDRP (legitimate interest) or art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDRP (consent). Which legal basis is relevant in each case can be seen from the cookie table at the end of this privacy policy.

(3) In general, in the case of cookies that are collected on the basis of a legitimate interest, our legitimate interest is to ensure the functionality of our website and the services integrated on it (technically necessary cookies). In addition, it may be that the cookies increase their user-friendliness and enable a more individualized approach. Here, we have weighed your interests against our interests.

(4) With the help of cookie technology, we can only identify, analyze and track individual website visitors if the website visitor has consented to the use of the cookie pursuant to art. 6 para. 1 lit. a GDRP.

(5) The cookies are set by our website or the external web services to maintain the full functionality of our website, to improve the user experience or to pursue the purpose stated with your consent. Cookie technology also allows us to recognize individual visitors by pseudonyms, such as a unique or random IDs, so that we can provide more customized services. Details are provided in the table below.

(6) The cookies listed in the table at the end of this Privacy Policy are stored in your browser until they are deleted (by you) or, in the case of a session cookie, until the session expires. Details are listed in the corresponding table.

(1) Users have the right to obtain information free of charge at any time about:

a. the purposes for which we process the personal data;

b. the categories of personal data which are processed by us;

c. the recipients or categories of recipients to whom the personal data have been or will be disclosed;

d. the planned duration of the storage of the personal data concerning them or, if specific information on this is not possible, criteria for determining the storage period;

e. any available information on the origin of the data, if the personal data are not collected from the data subject;

f. the existence of automated decision-making, including profiling, pursuant to Article 22 para. 1 and para. 4 of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

(2) In addition, users have the following rights:

a. Right to rectification
Users have a right to rectification and/or completion vis-à-vis us, insofar as the processed personal data concerning them are inaccurate or incomplete. We will carry out the rectification without delay.

b. Right to restriction of processing
Users may request the restriction of the processing of personal data concerning them under the following conditions:

i. if they dispute the accuracy of the personal data concerning them for a period of time that allows us to verify the accuracy of the personal data;

ii. the processing is unlawful and they object to the erasure of the personal data and request instead the restriction of the use of the personal data;

iii. we no longer need the personal data for the purposes of processing, but they need it for the assertion, exercise or defense of legal claims; or

iv. if they have objected to the processing pursuant to art. 21 para. 1 GDRP and it has not yet been determined whether the legitimate grounds existing with us outweigh the grounds of the users.

If the processing of personal data concerning the users has been restricted, such data may - apart from being stored - only be processed with the consent of the users or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, we will inform users before the restriction is lifted.
 

c. Right to deletion

i. Obligation to delete
Users may request that we delete the personal data concerning them without undue delay, and we are obliged to delete such data without undue delay, if one of the following reasons applies:

• The personal data in question is no longer necessary for the purposes for which it was collected or otherwise processed.
• The users revoke their consent on which the processing was based pursuant to art. 6 para. 1 lit. a or art. 9  para. 2 lit. a GDRP and there is no other legal basis for the processing.
• The users object to the processing pursuant to art. 21 para. 1 GDRP and there are no overriding legitimate grounds for the processing, or they object to the processing pursuant to art. 21 para. 2 GDRP.
• The personal data concerning the users have been processed unlawfully.
• The erasure of the personal data concerning the users is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
• The personal data concerning the users have been collected in relation to information society services offered in accordance with art. 8 para. 1 GDPR.

ii. Information to third parties

If we have made public the personal data concerning a user and we are obliged to erase it pursuant to art. 17 para. 1 GDPR, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform other data controllers processing the personal data that the user, as a data subject, has requested that they erase all links to, or copies or replications of, that personal data.

iii. Exceptions

The right to erasure does not exist insofar as the processing is necessary for the exercise of the right to freedom of expression and information;

• for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health pursuant to art. 9 para. 2 lit. h and lit. i and art. 9 para. 3 GDRP;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to art. 89 para. 1 GDRP, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
• for the assertion, exercise or defense of legal claims.

d. Right to information

i. If a user has asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning the user have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

ii. The user has the right against us to be informed about these recipients.

e. Right to data portability

Users have the right to receive the personal data concerning them that they have provided to us in a structured, common and machine-readable format. They also have the right to transfer this data to another controller without hindrance from us, provided that

i. the processing is based on consent pursuant to art. 6  para. 1 lit. a GDRP or Art. 9  para. 2 lit. a GDRP or on a contract pursuant to art. 6 para. 1 lit. b GDRP and

ii. the processing is carried out with the help of automated procedures.

In exercising this right, users also have the right to obtain that the personal data concerning them be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

f. Right of objection

Users have the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out on the basis of art. 6 para. 1 lit. e or f GDRP; this also applies to profiling based on these provisions.

We will then no longer process the personal data concerning the users, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the users, or the processing serves the purpose of asserting, exercising or defending legal claims.

If personal data concerning users are processed for the purposes of direct marketing, they have the right to object at any time to the processing of personal data concerning them for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. At the present time, we do not carry out such processing.

If the users object to the processing for direct marketing purposes, the personal data concerning them will no longer be processed for these purposes.

Users have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise their right to object by means of automated procedures using technical specifications.

Likewise, users may revoke consents, in principle with effect for the future, at any time and object to future use of their data, insofar as this is possible on the basis of legal regulations.

g. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, Users shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their residence, place of work or place of the alleged infringement, if they consider that the processing of personal data concerning them infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under art. 78 GDPR.

The competent supervisory authority for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit

Baden-Württemberg
Postfach 10 29 32
70025 Stuttgart

Königstraße 10a
70173 Stuttgart
Germany

Tel.: +49 (0) 711 61 55 41 0
Fax: +49 (0) 711 61 55 41 15

E-mail: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de

(1) The data stored with us will be erased as soon as it is no longer required for its intended purpose and the erasure does not oppose any legal retention requirements. If user data is not erased because it is required for other and legally authorized purposes, processing of such data is restricted. In other words, the data is locked and not processed for other purposes. This applies, e.g. for user data that has to be stored for commercial or fiscal reasons.

(2) According to legal requirements, data is stored e.g. for six years in accordance with Section 257, paragraph 1 of the German Commercial Code (HGB) (account books, inventories, opening balances, annual financial statements, business letters, accounting records, etc.) and for ten years in accordance with Section 147 paragraph 1 of the German Fiscal Code (AO) (accounts, records, management reports, accounting records, business and commercial letters, taxation-relevant documents, etc.).

(1) We reserve the right to change the data protection declaration in order to adapt it to changed legal situations, or in the event of changes to the service as well as data processing. However, this only applies with regard to declarations on data processing. Insofar as user consents are required or components of the data protection declaration contain regulations of the contractual relationship with the users, the changes will only be made with the consent of the users.

(2) Users are requested to inform themselves regularly about the content of the data protection declaration.

Status of this privacy policy 11.07.2023