Bamberger Straße 20
Tel.: +49 (0) 9261 409-0
Fax: +49 (0) 9261 409-199
Data protection officer: firstname.lastname@example.org
Security and protection of your personal data
We, Hans Weber Maschinenfabrik GmbH, consider it our primary task to protect the confidentiality of the personal data you provide and to protect that data from unauthorised access. That is why we use the utmost care and state-of-the-art security standards to ensure maximum protection of your personal data.
In order to protect the data stored by us from accidental or intentional manipulation, loss, destruction, or access by unauthorised persons, we use the appropriate technical and organisational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards. Data exchange to and from our website is always encrypted. We offer HTTPS as the transmission protocol for our website, always using the current encryption protocols (SSL).
As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the German Federal Data Protection Act (BDSG). We have adopted technical and organisational measures to ensure that both we and our external service providers comply with the data protection regulations.
Obligation to provide the data
Obligation to provide the data
Various personal data is necessary for the establishment, execution and termination of the contractual obligation and the fulfilment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides. We have summarised the details on this in the above item for you. In certain cases, data must also be collected or made available due to legal regulations. Please note that it is not possible to process your request or execute the underlying contractual obligation without providing this information.
Legislation requires that personal data be processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’).
1. Personal data
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Lawfulness of the processing
The processing of personal data is only lawful if there is a legal basis for the processing. The legal basis for the processing may be, in accordance with article 6 para. 1 lit. a – f GDPR in particular:
(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Disclosure to third parties
We will only pass on your data to third parties within the scope of the statutory provisions or with the appropriate consent. Otherwise, disclosure to third parties will not take place unless we are required to do so due to mandatory legal regulations (disclosure to external bodies such as supervisory authorities or law enforcement authorities).
Recipients of the data / categories of recipients
Within our company, we ensure that only those persons receive the data who need them to fulfil the contractual and legal obligations.
In many cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection agreements have been concluded with all service providers.
We use hosting service providers for the operation and hosting of our web pages.
Transfer to a third country / intent of transfer to a third country
The transfer of data to third countries (outside the European Union or the European Economic Area) only takes place if it is necessary for the performance of the contractual obligation, is required by law, or you have given us your consent to do so.
Compliance with the level of data protection is ensured by: (e.g. EU standard contractual clauses / binding, corporate data protection regulations, etc.).
A transfer to a third country is currently not taking place.
Storage duration of the data
We store your data as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data continue to be (must be) stored.
This concerns in particular commercial-law or tax-related retention obligations (e.g. commercial code, tax code, etc.).
Unless there are further retention requirements, the data will be routinely deleted once the purpose has been achieved.
In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence within statutory limitation periods of up to thirty years; the regular limitation period is three years.
Information about the collection of personal data and legal basis
In the following we provide information on the collection of personal data when using our website. Personal data is for example name, address, e-mail addresses, user behaviour.
Collection of personal data when visiting our website, art. 6 para. 1 sentence 1 a, f)
If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is art. 6 para. 1 sentence 1 lit. GDPR):
– Date and time of the request
– Greenwich mean time (GMT) time zone difference
– Content of the request (specific page)
– Access status / HTTP status code
– Amount of data transferred
– Website sending the request
– Operating system and its interface
– Language and version of the browser software.
Contact form, art. 6 para. 1 sentence 1 a, f GDPR:
When contacting us by e-mail or via a contact form, we will store the data you provide in order to answer your questions. We delete the data collected in this context after its storage is no longer required, or otherwise limit its further processing if we are required by the law to continue retaining it. (Legal basis is art. 6 para. 1 sentence 1 a, f GDPR)
As part of a contact request, we collect and process the following data:
– Company name (not mandatory)
– First name (not mandatory)
-Name (not mandatory)
– Street / number (not mandatory)
– City or town (not mandatory)
– Telephone number (not mandatory)
– Information regarding your request
(1) In addition to the above-mentioned data, cookies are stored on your computer when using our website. Cookies are small text files that are stored on your hard drive, associated to the browser you are using, and that provide certain information to the site that sets the cookie. Cookies cannot run programmes or transmit viruses to your computer. They serve to make our site more user-friendly and effective overall.
(2) This website uses the following types of cookies, the scope and functionality of which are explained below:
– Transient cookies (see a.)
– Persistent cookies (see b.).
a. Transient cookies are automatically deleted when you close the browser. These include in particular session cookies. These store a session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
b. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie in question. You can delete the cookies at any time in the security settings of your browser.
c. You can configure your browser settings according to your needs and, for example, refuse to accept third-party cookies or all cookies. “Third Party Cookies” are cookies that have been set by a third party, and therefore not by the actual website you are currently visiting. Please note that by deactivating cookies you may not be able to use all functions of this website.
Weitere Funktionen und Angebote unserer Website
(1) In addition to the purely informational use of our website, we offer various services that you may use if you are interested. For this, you will usually need to provide further personal data that we use to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly reviewed.
(3) Furthermore, we may disclose your personal data to third parties if we offer promotions, competitions, contracts or similar services together with partners. You will receive more detailed information on this when you provide your personal data or in the description of the respective offer.
(4) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
Rights of the data subject
First of all, we would like to inform you of your rights as a data subject. These rights are standardised in art. 7, 15 – 22 of the EU-GDPR. This includes:
(1) Withdrawal of consent
If the processing of the personal data is based on a given consent, you have the right to withdraw the consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can contact us at any time to exercise your right of withdrawal.
email@example.com or firstname.lastname@example.org
– Right of access (article 15 EU-GDPR),
– Right to erasure (article 17 EU-GDPR),
– Right to rectification (article 16 EU-GDPR),
– Right to data portability (article 20 EU-GDPR),
– Right to restriction of processing (article 18 EU-GDPR),
– Right to object (article 21 EU-GDPR).
(2) Right to confirmation
You have the right to obtain confirmation from the controller as to whether or not we process personal data concerning you. You can request confirmation at any time using the contact details above.
3. Right to object (art. 21 EU-GDPR)
You have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 paragraph 1 letter e or f GDPR for reasons arising from your particular situation, including profiling based on these provisions. The data controller will no longer process the personal data unless he or she can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
You can exercise your right to object at any time by contacting the respective person responsible.
(4) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have also the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this regulation.
Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service offered by Google Inc. (“Google”). Google Analytics uses what is known as “cookies”, text files that are stored to your computer and allow us to analyse how you use our website. The information generated by the cookie about your use of the website is usually transmitted to and stored on a Google server in the United States. However, if IP anonymisation is activated on this website, your IP address will first be shortened by Google within the member states of the European Union or in other states that are contracting parties to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and internet usage for the website operator.
(2) The IP address transmitted by your browser as part of Google Analytics will not be combined with other data from Google.
(3) You can prevent your browser from storing cookies by selecting the corresponding settings in your browser; however, please note that by doing so, you may not be able to use the website’s full functionality. You can also prevent Google from collecting and processing data created by the cookie related to your use of the website (incl. your IP address) by downloading and installing the browser plug-in that is available here: tools.google.com/dlpage/gaoptout.
(4) This website uses Google Analytics with the “_anonymizeIp()” extension. As a result, IP addresses are processed truncated, excluding any direct reference to individuals. If the data collected about you is personally identifiable, it will be blocked immediately and the personal data deleted as soon as possible.
(5) We use Google Analytics to be able to analyse and regularly improve the use of our website. With the statistics gained, we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the US, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US Framework.The legal basis for the use of Google Analytics is art. 6 para. 1 sentence 1 lit. f GDPR.
(6) Third-party information:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
data protection overview: www.google.com/intl/de/analytics/learn/privacy.html,
You can find links to the social media service of Facebook, Instagram, YouTube, Xing und LinkedIn. You canrecognise links to Facebook, Instagram, YouTube, Xing und LinkedIn by the company logo. If you follow this link, you reach our corporate page on Facebook, Instagram, YouTube, Xing und LinkedIn.
When clicking on a link to a social media service, a connection is created to the servers of the social media service. This way, the fact that you have visited our website is transmitted to the servers of the social media service. In addition, further data is transmitted to the provider of the social media service. These are, for example:
- Address of the website where the activated link is located
- Date and time of calling the website or activating the link
- Information about the browser used and the operating system used
- IP address
If you are already logged in to the corresponding social media service at the time of activating the link, the provider of the social media service may be able to determine your user name and possibly even your real name from the transmitted data and match this information to your personal user account with the social media service. You can preclude this possibility of matching to your personal user account if you log out of your user account beforehand.
Facebook servers may be located in the US or other countries outside the European Union. The data can therefore also be processed by the provider of the social media service in countries outside the European Union. Please note that companies in these countries are subject to a data protection law which generally does not generally protect personal data to the same extent as is the case in the member states of the European Union.