We are very pleased that you are interested in our company. We understand that the handling of your personal data is important to you and appreciate your trust in us to handle this data carefully and conscientiously. This data protection declaration should give you comprehensive insight into the processing of your personal data.
Inhalt
1. GENERAL INFORMATION
1.1 Responsibilities and contact information
1.2 Hosting
1.3 Definitions
2. 2. COLLECTION AND STORAGE OF PERSONAL DATA, NATURE AND PURPOSE OF ITS USE
2.1 Visit of the website
2.2 Use of our contact form
2.3 General contact information
3. SHARING OF DATA
4. DATA TRANSFER TO THIRD COUNTRIES
5. PROTECTION OF YOUR DATA
6. USE OF ANALYSIS AND TRACKING TOOLS
6.1 Technically necessary cookies
6.2 Statistical cookies and marketing cookies
7. STORAGE AND DELETION OF YOUR DATA
8. SUPPLEMENTARY DATA PROTECTION INFORMATION
8.1 For business partners
8.2 For applicants
9. INFORMATION ABOUT THE RIGHTS OF DATA SUBJECTS
9.1 Information to be provided (Art. 13, 14 GDPR)
9.2 Right of access (Art. 15 GDPR)
9.3 Right to rectification (Art. 16 GDPR)
9.4 Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
9.5 Right to restriction of processing (Art. 18 GDPR)
9.6 Right to data portability (Art. 20 GDPR)
9.7 Right to object (Art. 21 GDPR)
9.8 Right of appeal to a data protection supervisory authority
10. QUICK AND EASY CONTACT OPTIONS
11. STATUS AND UPDATES TO THIS PRIVACY POLICY
1. GENERAL INFORMATION
1.1 Responsibilities and contact information
Controller’s name and address
Sälzer Electric GmbH
Mr. Matthias Jacob
Clemens-Pfau-Platz 27
09396 Rochlitz
DPO’s name and address (Data Protection Officer)
dokuworks GmbH
Mr. Markus Weber
Birlenbacher Str. 20
57078 Siegen
Tel.: +49 271 77237-60
Email:
datenschutz@doku.works
1.2 Hosting
The content of our website is hosted with the following provider:
reaze GmbH, Martinshardt 2, 57074 Siegen
Details can be found in the Privacy Policy of the provider:
https://www.reaze.com/de/privacy
We have a legitimate interest in our website being displayed as reliably as possible. Therefore, we decided to use the named provider on the legal basis of Article 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting). The consent can be revoked at any time.
1.3 Definitions
If you have any questions or suggestions on the subject of data protection, you can reach out to us as the controller or to our data protection officer at any time.
The Privacy Policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our Privacy Policy should be legible and understandable for the general public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
Data processor
A processor is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the person responsible.
Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.
Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.
Restriction of processing
A restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Consent
A consent is any expression of will voluntarily given by a data subject in an informed manner and unequivocally for a specific case in the form of a declaration or other clear confirmatory action with which the data subject indicates that they consent to the processing of their personal data.
Recipient
A recipient is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.
Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier and one or more special features, expresses the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.
Profiling
Profiling is any type of automated processing of personal data, which consists in using this personal data to evaluate, analyze or to predict certain personal aspects relating to a natural person; in particular aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation.
Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information; provided that such additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
Controller
The controller (or the person responsible for the processing) is the natural or legal person, public authority, agency or other body which, alone or together with others, decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the Member States, the controller or the specific criteria for the naming can be provided for by Union law or the law of the Member States.
Processing
Processing is any process carried out - with or without the help of automated processes - or any such series of processes in connection with personal data; such as collecting, recording, organizing, arranging, storing, adapting or changing, reading out, querying, using, disclosing through transmission, distribution or any other form of provision, matching or linking, restricting, deleting or destroying.
2. COLLECTION AND STORAGE OF PERSONAL DATA, NATURE AND PURPOSE OF ITS USE
2.1 Visit of the website
Type and purpose of processing
When you visit our website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer
- date and time of access
- name and URL of the retrieved file
- website from which access is made (Referrer-URL)
- browser used and, if applicable, the operating system of your computer and the name of your access provider.
The data mentioned are processed by us for the following purposes:
- ensuring a smooth connection establishment of the website
- ensuring comfortable use of our website
- evaluation of system security and stability as well
- for other administrative purposes.
Legal basis
The legal basis for data processing is Art. 6 para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
Recipients
Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.
Storage duration
The data will be deleted as soon as they are no longer required for the purpose of collection. This is generally the case for the data used to provide the website when the respective session has ended. If the data is stored in log files, this is the case after 14 days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are anonymized so that it is no longer possible to assign the calling client.
Provision prescribed or required
The provision of the aforementioned personal data is neither required by law nor by contract. Without the IP address, however, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted. For this reason, an objection is excluded.
2.2 Use of our contact form
If you have any questions, we offer you the opportunity to contact us using a form provided on the website. It is necessary to provide a valid e-mail address so that we know who sent the request and can answer it. Further information can be provided on a voluntarily basis. Data processing for the purpose of contacting us takes place in accordance with Article 6 para. 1 Clause 1 lit. a GDPR on the basis of your voluntarily given consent. The personal data collected by us for the use of the contact form will be automatically deleted after the request you have made has been dealt with.
2.3 General contact information
If you contact us (e.g. via contact form, chat or e-mail), we process your details to process your request and in the event that follow-up questions arise.
If the data processing is carried out for pre-contractual measures that are carried out at your request or, if you are already our customer, to carry out the contract, the legal basis for this data processing is Article 6 para. 1 Sentence 1 lit. b GDPR.
3. SHARING OF DATA
A restrictive transfer of your personal data to third parties only takes place in the following cases:
- if you have given your express consent (legal basis Art. 6 para. 1 S. 1 lit. a DSGVO)
- the disclosure is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data (legal basis Art. 6 para. 1 S. 1 lit. f GDPR)
- in the event that there is a legal obligation for the transfer (legal basis Art. 6 para. 1 S. 1 lit. c GDPR)
- it is legally permissible and necessary for the processing of contractual relationships with you (legal basis Art. 6 para. 1 S. 1 lit. b GDPR)
Other transfers of your personal data to third parties for purposes other than those listed here do not take place.
4. DATA TRANSFER TO THIRD COUNTRIES
With regard to the transfer of data to so-called third countries, all companies are currently confronted with the following situation: In 2020, the European Court of Justice (ECJ) made a decisive judgment by changing the legal basis for data transfers to the USA, the so-called EU-US Privacy Shield Agreement, has been voided. Companies with international business relationships are now faced with the problem of providing sufficient guarantees that not only the recipient in a so-called third country guarantees an adequate level of data protection, but also that the recipient country itself (e.g. the USA) cannot undermine such contractually agreed standards. According to the judgment of the ECJ, this cannot be guaranteed in the USA, since the US authorities have access to transmitted data. In addition, there are hardly any legal protection options for data subjects, so that judicial enforcement of rights against surveillance measures is not possible. Only an ombudsman procedure is currently available, but this does not correspond to the legal standards of the EU.
In order to ensure a level of security that corresponds to that of the GDPR, we conclude so-called standard contractual clauses (SCC) with service providers. In addition, a transmission of personal data is possible if the data subject has given their express consent to the processing in accordance with Article 49 (1) sentence 1 lit. a GDPR and they have been informed beforehand of the associated risks. For this reason, reference is once again expressly made to the legal risks mentioned above.
In addition, all companies that receive personal data from us for the purpose of processing or are given access to it must undertake not only to conclude a data processing agreement, but also to maintain data secrecy and comply with the necessary technical and organizational specifications for data protection. This is checked by us before the start of the contract and regularly thereafter, so that the obligations are actually met in practice and the protection of your data is always maintained. Insofar as we ourselves or processors instructed by us transmit or make personal data accessible to a recipient in a third country, we ensure that suitable guarantees in accordance with Art. 46 para. 2, para. 3 and Art. 47 GDPR exist and are observed. In addition, this step is only carried out subject to positive risk assessments for the data transmission (so-called transfer impact assessments).
5. PROTECTION OF YOUR DATA
We use various organizational and technical measures to protect your data against unauthorized disclosure, unlawful use, modification and destruction. To do this, we maintain physical, electronic and procedural safeguards. Our servers are secured with firewalls and virus protection. Backup and recovery as well as role and authorization concepts are a matter of course for us. In order to increase the security of your data, we use encryption methods (e.g. SSL for transmission over the Internet). Despite all the technical measures we have carefully taken, we would like to point out in fairness that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A 100% protection of data against access by third parties is not possible.
Our employees are committed to data secrecy and must observe the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG-neu) and any other data protection regulations when handling data.
All companies that receive personal data from us for the purpose of processing must conclude a data processing agreement and agree to maintain data secrecy and to comply with the necessary organizational and technical data protection requirements. This is checked by us before the start of the contract and regularly thereafter, so that the obligations are actually implemented in practice and the protection of your data can always be kept.
6. USE OF ANALYSIS AND TRACKING TOOLS
Cookies
Cookies are small text files that are placed on your device and collect data that can later be read by a web server in the domain that placed the cookie.
Our website uses cookies and similar technologies to provide users of this website with a more user-friendly service, to analyze the performance of our products and for other legitimate purposes.
By means of a corresponding setting in the used internet browser, you can prevent the setting of cookies by our website at any time and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If you deactivate the setting of cookies in the used internet browser, not all functions of our website may be fully usable.
Cookies can be divided into the following types:
- Technically necessary cookies
- Statistical cookies and marketing cookies
6.1 Technically necessary cookies
Technically mandatory cookies are those that secure the basic functions of the website and thus enable its operation. This is only about the technical necessity, not about economic aspects.
The legal basis is our legitimate interest in providing a functioning website in accordance with Article 6 para. 1 lit. f GDPR or in fulfilling a legal obligation in accordance with Article 6 para. 1 lit. c GDPR.
For the aforementioned purposes, we use the services of the third parties listed below, who are responsible for the data processing that takes place via their respective service in accordance with Article 4 para. 7 GDPR. Further information on data processing by these providers and your rights as the person concerned can be found in the following linked Privacy Policies of the providers:
Google reCAPTCHA (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland)
http://www.google.de/intl/de/privacy
6.2 Statistical cookies and marketing cookies
Statistical cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Marketing cookies store user information regarding the website visited. For example, this data is used to display advertisements tailored to user interests, to optimize offers, to recognize the user or to simplify the use of the website.
The legal basis is your consent in accordance with Article 6 para. 1 lit. a GDPR.
For the aforementioned purposes, we use the services of the third parties listed below, who are responsible for the data processing that takes place via their respective service in accordance with Article 4 para. 7 GDPR. Further information on data processing by these providers and your rights as a data subject can be found in the following linked Privacy Policies of the providers:
Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
https://policies.google.com/privacy?hl=de
jQuery (OpenJS Foundation, 1 Letterman Drive, Building D, Suite D4700, San Francisco, CA94129)
https://openjsf.org/wp-content/uploads/sites/84/2021/04/OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf
Data transfer to the USA
The services required for these performance purposes may transmit data about your use of this website to the USA. There is currently no decision by the EU Commission according to which the USA offers an appropriate level of data protection. There are also no other suitable guarantees, enforceable rights and effective legal remedies to protect your data in the United States. Therefore, there is a risk that your data will not be protected in the same way by the US service providers involved as it would be the case in the European Union. The activation of these services and the associated transmission of your data to the USA therefore only takes place on the basis of your expressly declared consent in accordance with Article 49 para. 1 lit. a GDPR.
7. STORAGE AND DELETION OF YOUR DATA
We adhere to the principles of data avoidance and data minimization. This means that we generally only process data from you that is absolutely necessary to achieve the respective permissible purposes. Unless otherwise and specifically stated, your personal data will only be stored for as long as is necessary to fulfill the purposes pursued and in accordance with the relevant legal bases. Your data will then be deleted.
In some cases, the legislator prescribes the retention of personal data, for example in tax or commercial law. In these cases, the data will only be stored by us for these legal purposes, but will not be processed in any other way and will be deleted after the statutory retention periods have expired.
8. SUPPLEMENTARY DATA PROTECTION INFORMATION
8.1 For business partners
At this point we inform our business partners about the specific data processing of personal data in the context of an existing business relationship in accordance with Art. 13 GDPR.
You can find more information about our company, details of the persons authorized to represent us and other contact options at
https://www.saelzer.com/_de/impressum.php?lng=de.
What personal data is processed as part of a business relationship and for what purposes?
We only process personal data that we receive from you or, if applicable, from publicly accessible sources as part of our business relationship.
Personal data within the meaning of Art. 4 no. 1 GDPR are usually: names, telecommunications and address data. In addition, we also process offer, inquiry and order data, data from the fulfillment of our contractual obligations, product and documentation data and other data comparable to the categories mentioned.
Information about the requirement of data
The provision of your personal data is necessary for the initiation, implementation and processing of the contractual relationship. If it is not provided, it is unfortunately not possible for us to contact you in order to clarify pre-contractual or contractual questions.
What is the legal basis for the processing of personal data?
The processing of your personal data takes place in accordance with the legal provisions of the GDPR and the Federal Data Protection Act for the fulfillment of contractual obligations or for measures to initiate a contract (Art. 6 para. 1 S. 1 lit. b GDPR). In addition, we may use this data for additional purposes within the framework of our business relationship.
How long is the data stored?
We process and store your personal data for the duration of our business relationship and at least in accordance with the statutory retention periods, e.g. Commercial Code or Tax Code.
To whom is the data passed on and where is it processed?
We only use the personal data for our own purposes in the course of the business relationship.
We would like to point out that we always assume that our e-mail correspondence has business content and that, for better service, we may forward e-mails to their representatives if employees are absent.
8.2 For applicants
The controller collects and processes the personal data of applicants for the purpose of handling the application process. The processing can also take place electronically. This is particularly the case if an applicant sends the relevant application documents electronically, for example by email or via a web form on the website, to the person responsible for the processing. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.
The legal basis for this processing is § 26 para. 1 S. 1 BDSG-neu in conjunction with Art. 88 para. 1 GDPR.
If the person responsible for processing does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
In this case, the legal basis is Art. 6 para. 1 lit. f GDPR and Section 24 (1) no. 2 BDSG-neu. Our legitimate interest lies in legal defense and enforcement.
If you expressly agree to a longer storage of your data, e.g. for your inclusion in an applicant or interested party database, the data will be processed based on your consent. The legal basis is then Article 6 para. 1 lit. a GDPR. However, you can of course revoke your consent at any time in accordance with Art. 7 para. 3 GDPR by declaring this to us with effect for the future.
9. INFORMATION ABOUT THE RIGHTS OF DATA SUBJECTS
Please find your rights regarding your personal data as follows:
9.1 Information to be provided (Art. 13, 14 GDPR)
The right to information is another expression for the information obligations. It includes, for example, information about the rights of data subjects, the storage of data and the purposes of data processing. We map all of this for you in this Privacy Policy.
9.2 Right of access (Art. 15 GDPR)
If you send us a request for information, we will provide you with information about your data in accordance with data protection regulations. Since this is subject to certain deadlines and conditions, we ask that you inform us of your request for information in writing.
9.3 Right to rectification (Art. 16 GDPR)
Every data subject can request the correction or completion of their personal data. Our aim is to ensure that data is always up-to-date and accurate. However, if incorrect information has been recorded, we will correct it immediately after a corresponding request.
9.4 Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
At the request of a data subject, the personal data of this person must be deleted. Furthermore, data must be deleted in any case if:
- the purposes for which they are processed are no longer current
- the data subject revokes its consent if the processing is based on it
- data are processed unlawfully
The right to erasure does not exist if the processing (and the associated storage) is necessary to fulfill a legal or contractual obligation.
9.5 Right to restriction of processing (Art. 18 GDPR)
Under certain conditions, data subjects can request that their personal data will be processed for a certain period of time only to a limited extent.
9.6 Right to data portability (Art. 20 GDPR)
A data subject has the option of requesting his or her data. The release of the data must be done in a structured and machine-readable format.
9.7 Right to object (Art. 21 GDPR)
Data subjects have the right to object to the processing of their personal data - but only if they are in a special situation that justifies such an objection.
9.8 Right of appeal to a data protection supervisory authority
In addition to exercising your rights towards us, you also have the right to lodge a complaint with the competent data protection supervisory authority if you suspect a violation of data protection regulations (Article 77 GDPR).
10. QUICK AND EASY CONTACT OPTIONS
If you have any questions about this Privacy Policy or general questions about data protection at Sälzer Electric GmbH, please feel free to contact our internal data protection coordinator quick and easy via the following e-mail address:
ds-intern@salzer.de
Alternatively, neutral advice from our data protection officer (DPO) is possible:
dokuworks GmbH
Birlenbacher Str. 20
57078 Siegen
Tel.: +49 – (0) 271 /77237-60
E-Mail:
datenschutz@doku.works
11. STATUS AND UPDATES TO THIS PRIVACY POLICY
This Privacy Policy has been last updated in April 2023. Due to the further development of our website and offers on it, or also due to changed legal and official requirements, it may occasionally become necessary to change the data protection declaration and any additional data protection notices. You can call up and print out the current status at any time on our website
https://www.saelzer.com.