The protection of your personal data during the processing of personal data on the occasion of your visit to our homepage is an important concern for us. Your data will be protected within the framework of the statutory provisions. We would like to inform you below about the nature and extent of the processing of personal data via this website in accordance with Article 13 of the General Data Protection Regulation (DSGVO).
I. Details of the responsible body
SHERA Werkstoff-Technologie GmbH Espohlstraße 53 49448 Lemförde Tel.: +49 (0) 5443/99330 E-Mail: firstname.lastname@example.org
II. information on the data protection officer
If you have any questions regarding data protection, please contact our external company data protection officer: Dr. Hans Daldrop of GINDAT GmbH Wetterauer Str. 6, 42897 Remscheid Mail: email@example.com Tel. +49 (0) 2191 / 909 430
III. data processing via the website
Your visit to our website is logged. The following data, which your browser transmits to us, are initially recorded:
- the IP address currently used by your PC or router
- Date and time
- Browser type and version
- the operating system of your PC
- the pages you viewed
- Name and size of the requested file(s)
- and, if applicable, the URL of the referring website.
This data is collected solely for the purposes of data security, to improve our website and for error analysis on the basis of article 6 paragraph 1 f DSGVO. We reserve the right to use this data in the event of system misuse in order to determine the reasons and the trigger for the misuse and to take legal action if necessary. Otherwise, the IP address of your computer will only be evaluated anonymously (shortened by the last 3 digits).
You can visit our website without providing any personal information.
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible. You should therefore send confidential data to us by other means, e.g. by post.
The controller processes the personal data of applicants for the purpose of processing the application procedure. The legal basis is § 26 para. 1 S.1 BDSG. The processing can also take place electronically. This is particularly the case if an applicant submits relevant application documents to the data controller by electronic means, for example by e-mail or via a web form on the website. If the data controller concludes an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents are deleted after the advertised position has been filled, taking into account the statutory provisions, provided that no other legitimate interests of the controller conflict with deletion. Other legitimate interests in this sense include, for example, a duty of proof in proceedings under the General Equal Treatment Act (AGG). For this purpose, the data will be stored for 6 months after completion of the application procedure and then deleted.
Applications can only be processed by us if they are sent to the e-mail address "firstname.lastname@example.org" or submitted via our application portal. If you use a different e-mail address from our company, your application will unfortunately not be recognised by our systems and therefore not be considered. Please remember that an e-mail is not a secure medium. Should your application reach our e-mail server at the above-mentioned e-mail address, we will protect your application with high technical and organisational measures. On the way of your application to our company, through the public internet, we have no influence and cannot guarantee the level of protection of your application. If your sending e-mail server supports STARTTLS, our e-mail server will also use STARTTLS and thus guarantee transport encryption.
Personal data (e.g. your name, address data or contact data) which you provide us with, e.g. in the context of an enquiry or in any other way, will be stored by us and processed only for correspondence with you and only for the purpose for which you have made this data available to us. The processing of this data is based on our legitimate interest in a prompt reply to enquiries from interested parties on the basis of Art 6 Para. 1 lit. f. DSGVO.
You can register on our website to use additional features on the site. We will only use the data entered for this purpose for the purpose of using the respective offer or service for which you have registered. The mandatory data requested during registration must be provided in full. Otherwise we will refuse the registration. In the event of important changes, for example in the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way. The data entered during registration is processed on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke any consent you have given at any time. All you need to do is send us an informal notification by e-mail. The legality of the data processing already carried out remains unaffected by the revocation. The data collected during registration is stored by us for as long as you are registered on our website and is then deleted. Legal retention periods remain unaffected.
We offer you the possibility to order a newsletter via our homepage. Personal data will be collected from you when ordering. To make sure that the newsletter was ordered by you or your e-mail address, you will first receive a confirmation e-mail. Only when you click on the activation link contained in this mail will you be added to our e-mail distribution list and receive the newsletter. The order of the newsletter will be logged for verification purposes (IP address, date, time) You have the possibility to unsubscribe from the newsletter at any time by informing us, in particular you can use the link at the end of each newsletter for your unsubscription. Legal basis is article 6 paragraph 1 a DSGVO.
Wir verwenden den Google-Dienst reCaptcha, um festzustellen, ob ein Mensch oder ein Computer eine bestimmte Eingabe in unserem Kontakt- oder Newsletter-Formular macht. Google prüft anhand folgender Daten, ob Sie ein Mensch oder ein Computer sind: IP-Adresse des verwendeten Endgeräts, die Webseite, die Sie bei uns besuchen und auf der das Captcha eingebunden ist, das Datum und die Dauer des Besuchs, die Erkennungsdaten des verwendeten Browser- und Betriebssystem-Typs, Google-Account, wenn Sie bei Google eingeloggt sind, Mausbewegungen auf den reCaptcha-Flächen sowie Aufgaben, bei denen Sie Bilder identifizieren müssen. Rechtsgrundlage für die beschriebene Datenverarbeitung ist Art. 6 Abs. 1 lit. f Datenschutz-Grundverordnung. Es besteht ein berechtigtes Interesse auf unserer Seite an dieser Datenverarbeitung, die Sicherheit unserer Webseite zu gewährleisten und uns vor automatisierten Eingaben (Angriffen) zu schützen.
We use the newsletter service CleverReach to send the newsletter. This service processes the data exclusively in accordance with our orders and instructions in the sense of Art 28 DSGVO.
Secure data transmission
In order to protect the security of your data during transmission, we use a state-of-the-art encryption process (SSL) via HTTPS.
Processing data (customer and contract data)
We process personal data only to the extent that they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We process personal data on the use of our Internet pages (usage data) only to the extent necessary to enable or charge the user for the use of the service. The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transmission when concluding contracts for services and digital content
We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with the handling of payments. A further transmission of the data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. The basis for data processing is Art. 6 Para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
IV. Recipients of personal data
For the implementation and handling of processing procedures, we may make use of service providers by way of commissioned data processing.
The contractual relationships with our service providers are regulated in accordance with the provisions of Art. 28 DSGVO, which contain the legally required points regarding data protection and data security.
V. Data collection through Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Ltd. ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-mail: email@example.com. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. The basis for the data processing is Art. 6 para. 1 f) DSGVO.
However, in the event that IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. We would like to point out that on this website Google Analytics has been extended by the code "anonymizelp" in order to guarantee an anonymized version of the IP address.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the internet. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google.
The basis for data processing is your consent in accordance with Art 6 Para. 1 letter a DSGVO. You can revoke your consent at any time with effect for the future by making the appropriate setting in our Cookie Content Tool.
VI. Google Web Fonts
This site uses so-called web fonts, which are provided by Google, for the uniform display of fonts. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: firstname.lastname@example.org . When you view a page, your browser loads the required web fonts into your browser cache to display text and fonts correctly. For this purpose, the browser you use must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If your browser does not support Web Fonts, a standard font from your computer will be used. Further information on Google Web Fonts can be found in the Google data protection declaration:
VII Google Maps
This site uses the map service Google Maps via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: email@example.com.
To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of an attractive presentation of our online offers and easy findability of the locations we have indicated on the website. This represents a legitimate interest in the sense of Art. 6 Para. 1 lit. f DSGVO.
The "eXactly GDPR Google Maps" plugin used for Google Maps comes from www.eXactly-webdesign.de
Some of the cookies we use are deleted immediately after closing your browser (so-called session cookies).
Other cookies remain on your end device and make it possible to recognize your browser on your next visit (persistent cookies).
The data processing in connection with cookies, which are used solely to create the functionality of our online offer, is based on our legitimate interest according to Art. 6 I f) DSGVO.
If you do not wish cookies to be used, you can set your browser to not accept cookies. Please note, however, that in this case you may not be able to use all functions of our website.
Facebook Business Tools
We use the Facebook Pixel, a Facebook business tool from Facebook Ireland Limited (Ireland, EU), on our website. For information on the contact details of Facebook Ireland and the contact details of the Facebook Ireland data protection officer, please refer to the Facebook Ireland data policy at www.facebook.com/about/privacy.
- Information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
- Specific pixel information such as the pixel ID and the Facebook cookie;
- Information about buttons clicked by visitors to the site;
- Information present in the HTTP header, such as IP addresses, web browser information, page location, and referrer;
- Information about the status of disabling/restricting ad tracking.
Some of this event data is information that is stored in the device you are using. In addition, cookies are also used via the Facebook pixel, via which information is stored on your end device used. Such storage of information by the Facebook pixel or access to information that is already stored in your end device only takes place with your consent.
Tracked conversions appear in the dashboard of our Facebook Ads Manager and Facebook Analytics. We may use the tracked conversions there to measure the effectiveness of our ads, to set Custom Audiences for ad targeting, for Dynamic Ads campaigns, and to analyze the effectiveness of our website's conversion funnels. The features we use through the Facebook Pixel are described in more detail below.
Processing of Event Data for AdvertisingPurposes
Event data collected through the Facebook Pixel is used for targeting our ads and improving ad delivery, personalising features and content, and improving and securing Facebook products.
For this purpose, event data is collected on our website by means of the Facebook Pixel and transmitted to Facebook Ireland. This only takes place if you have previously given your consent to this. The legal basis for the collection and transmission of personal data by us to Facebook Ireland is therefore Art. 6 (1) a DSGVO.
This collection and transfer of event data is carried out by us and Facebook Ireland as joint controllers. We have entered into a joint controller agreement with Facebook Ireland which sets out the allocation of data protection obligations between us and Facebook Ireland. In this agreement, we and Facebook Ireland have agreed, among other things,
- that we are responsible for providing you with all the information pursuant to Art. 13, 14 DSGVO on the joint processing of personal data;
- that Facebook Ireland is responsible for enabling the rights of data subjects under Articles 15 to 20 of the GDPR in respect of personal data held by Facebook Ireland following joint processing.
You can access the agreement concluded between us and Facebook Ireland at www.facebook.com/legal/controller_addendum.
Facebook Ireland is the sole controller of the subsequent processing of the submitted event data. For more information on how Facebook Ireland processes personal data, including the legal basis on which Facebook Ireland relies and how you can exercise your rights against Facebook Ireland, please see Facebook Ireland's Data Policy at www.facebook.com/about/privacy.
Processing of Event Data for Analytics
We have also engaged Facebook Ireland to report on the impact of our advertising campaigns and other online content based on the Event Data collected through the Facebook Pixel (Campaign Reports) and to provide analytics and insights about users and their use of our website, products and services (Analytics). We transfer personal data contained in the Event Data to Facebook Ireland for this purpose. The personal data submitted will be processed by Facebook Ireland as our processor to provide us with the campaign reports and analytics.
Personal data is only processed for the creation of analyses and campaign reports if you have previously given your consent to this. The legal basis for this processing of personal data is therefore Art. 6 (1) a DSGVO.
A transfer of data to Facebook Inc. in the USA cannot be excluded. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries. Please note the information in the section "Data transfer to third countries".
Google Marketing Services
We use the Google Ads Conversions marketing service provided by Google Ireland Limited (Ireland/EU). Google Ads allows us to place ads relevant to users on the Google advertising network (e.g. in search results, or on other websites), improve campaign performance reports and avoid serving ads to a user more than once. Each Ads client sets a different conversion cookie. These cookies cannot therefore be tracked across the websites of different Ads clients. A cookie ID is used to record which ads are played in which browser. In this way, multiple display of the same campaign can be prevented. Furthermore, cookie IDs can be used to record so-called conversions, i.e. whether a user sees an ad and later visits the advertiser's website and purchases something there.
We use the DoubleClick Floodlight marketing service provided by Google Ireland Limited (Ireland/EU). The service enables us to track and analyse the actions of users who visit our website after they have seen or clicked on one of our advertisements. For this purpose, so-called "floodlight tags" or tracking pixels and cookies are placed on our website. By means of this function, we can determine the efficiency of our online campaigns on our website.
Remarketing allows us to target users who have already interacted with our website. In doing so, our ads are delivered when this target group visits a Google website or a website in the Google advertising network. For these purposes, a code is executed by Google when our website is called up and so-called (re)marketing tags are integrated into the website. With their help, an individual cookie is stored on the user's device. The cookies can be set by various domains, including google.com, doubleclick.net, googlesyndication.com or googleadservices.com. This file records which websites users have visited, what content they are interested in and which offers have been used. In addition, technical information about the browser and operating system, referring websites, time of visit and other information about the use of the online offer are stored. All user data is only processed as pseudonymous data and does not contain any information with which we can personally identify users. The advertisements displayed are therefore not specifically displayed for a person, but for the owner of the cookie.
Google Marketing Services will only be used with your consent pursuant to Art. 6 (1) a DSGVO.
In the case of Google services, the transmission of data to Google Inc. in the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Further information on data protection at Google can be found in Google's data protection information at www.google.com/policies/privacy."
Data transfer to third countries
Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country shall only take place if appropriate safeguards pursuant to Article 46 of the GDPR are in place or if one of the conditions of Article 49 of the GDPR is met.
Unless otherwise stated below, we use the EU standard contractual clauses for the transfer of personal data to processors in third countries as appropriate safeguards: eur-lex.europa.eu/legal-content/DE/TXT/.
IX. Your rights
In accordance with articles 15-21 of the DPA, you may exercise the following rights in relation to the personal data processed by us, provided that the conditions described therein are met.
Data transmission when concluding contracts for services and digital content
In accordance with articles 15-21 of the DPA, you may exercise the following rights in relation to the personal data processed by us, provided that the conditions described therein are met.
Right to information
You have a right to information about the personal data concerning you that is processed by us.
Right of rectification
You can request the correction of incomplete or incorrectly processed personal data.
Right to erasure
You have the right to have personal data concerning you deleted, in particular if one of the following reasons applies
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed
- You revoke your consent on which the processing of your data was based.
- You have asserted a right of objection to the processing and there are no overriding legitimate reasons for the processing.
- Your data were processed unlawfully.
However, the right to deletion does not exist if the legitimate interests of the person responsible conflict with this. Legitimate interest is to be assumed in the following cases:
- Personal data are necessary for the assertion, exercise or defence of legal claims.
- Deletion is not possible due to storage obligations.
If data cannot be deleted, however, a right to restrict processing (hereinafter referred to as "right to restrict processing") may exist.
Right to restrict processing
You have the right to request us to limit the processing of your personal data if
- you dispute the accuracy of the data and we therefore check the accuracy,
- the processing is unlawful and you refuse to delete it and instead request that its use be restricted
- we no longer need the data, but you need the data to assert, exercise or defend legal claims,
- you have lodged an objection to the processing of your data and it is not yet clear whether our legitimate reasons outweigh your reasons.
Right to data portability
You have the right to receive the personal data concerning you that you have provided us with in a structured, common and machine-readable format and you have the right to transfer this data to another person in charge without hindrance by us, provided that the processing is based on consent or a contract and that the processing is carried out by us with the help of automated procedures.
Right of objection
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out pursuant to Article 6(1)(e) or (f) of the DPA, including profiling based on these provisions.
Right of withdrawal
If the processing of your personal data is based on consent, you have the right to revoke this consent at any time.
X. Standard periods for the deletion of data
In the absence of a statutory retention requirement, the data will be deleted or destroyed when they are no longer necessary for the purpose of data processing. Different periods apply to the storage of personal data, e.g. data relevant to tax law is generally stored for 10 years, other data is generally stored for 6 years in accordance with commercial law regulations. Finally, the duration of storage can also depend on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), can generally be three years, but in certain cases up to thirty years.
XI. Right of appeal to a supervisory authority
Under Art. 77 DSGVO, every data subject has a right of appeal to a supervisory authority if he or she believes that the processing of personal data relating to him or her violates the DSGVO. The competent supervisory authority in matters of data protection law is the State Data Protection Commissioner of the federal state in which our company is based:
The State Commissioner for Data Protection of Lower Saxony Prinzenstr. 5 30159 Hanover Phone: 0511 120-4500 Fax: 0511 120-4599 E-mail: firstname.lastname@example.org
Liability for contents
As a service provider we are responsible for our own contents on these pages according to the general laws (according to § 7 Abs.1 TMG). As a service provider, however, we are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity (§8 to §10 TMG). This does not affect our obligations to remove or block the use of information in accordance with general laws. However, liability in this respect is only possible from the time of knowledge of a concrete infringement. If we become aware of any such legal infringements, we will remove the content in question immediately.
Liability for links
Our offer contains links to external websites of third parties, on whose contents we have no influence. Therefore we cannot assume any liability for these external contents. The respective provider or operator of the sites is always responsible for the contents of the linked sites. The linked pages were checked for possible legal violations at the time of linking. Illegal contents were not identified at the time of linking. However, a permanent control of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of any infringements, we will remove such links immediately.