PRIVACY

Data privacy policy

I Name and address of the controller

The controller in the sense of the General Data Protection Regulation and other national data protection laws of the member states and other data protection regulations is:

STEINERT GmbH
Widdersdorfer Str. 329-331
50933 Köln

Telephone: +49 221 4984-0
E-Mail: sales@steinert.de

 

II Name and address of the data protection officer

The controller’s data protection officer is:

Nienhaus Informationssysteme im Rheinland U.G. (haftungsbeschränkt)
Roßmühle 23
46499 Hamminkeln
E-Mail: info@n-inf.de

 

III General information about data processing

1. Scope of processing personal data

We generally only process personal data if this is necessary to provide a functioning website as well as our contents and services. Personal data will only be processed with the user’s consent or in cases where prior consent cannot be obtained for practical reasons and where data processing is permitted by law.

2. Legal basis for processing personal data

If we obtain the consent of the data subject for processing personal data, Art. 6 Abs. 1 lit. a EU General Data Protection Regulations (GDPR) serves as the legal basis.

When processing personal data required for the performance of a contract to which the data subject is a party, Art. 6 Abs. 1 lit. b serves as the legal basis. This also applies to processing required for executing precontractual measures.

If processing personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 Abs. 1 lit. c GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 Abs. 1 lit. f GDPR serves as the legal basis for processing.

3. Data deletion and storage duration

The personal data of the data subject is deleted or blocked as soon as the purpose for storage ceases to exist. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

 

IV Provision of the website and creation of log files

1. Description and scope of data processing

On every visit to our website, our system automatically collects data and information from the computer system of the computer being used.

The following data is collected:

1.1. browser type and version
1.2. the operating system used
1.3. the user’s Internet service provider
1.4. the IP address
1.5. data and time of access
1.6. websites from which the user’s system reaches our website
1.7. websites accessed by the user’s system via our website

The data is also stored in the log files of our system. The IP addresses of the user or other data that enables the assignment of the data to a user are not affected by this. Storage of this data together with other data of the user does not take place.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and log files is Art. 6 Abs. 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. The user’s IP address must be stored for the duration of the session for this purpose.

Data is stored in log files to ensure the functionality of the website. The data also helps us to optimise the website and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing in accordance with Art. 6 Abs. 1 lit. f GDPR so lies in these purposes.

4. Storage duration

The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. In the case of data collection for the provision of the website, this is the case when the respective session has ended.

In the case of data being stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the user’s IP address is deleted or distorted so that the assignment of the client is no longer possible.

5. Objection or removal option

The collection of the data for website provision and data storage in log files is necessary for operating the website. As a result, there is no objection option for the user.

 

V Use of cookies

1. Description and scope of data processing

Our website uses “cookies”. Cookies are text files that are stored in the Internet browser or by the Internet browser of the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables the unique identification of the browser when the website is visited again.

We use cookies to make our website more user-friendly. Some elements of our website require that the browser can be identified even after a page change. This includes, for example, access data for closed areas of our website that require a login.

We also use cookies on our site which enable an analysis of the user’s surfing behaviour. When you visit our website, the user is informed of the corresponding use and his consent to the processing of the personal data used in this context is obtained. In this context, there is also a reference to this data protection declaration

2. Legal basis for data processing

The legal basis for processing personal data using cookies is Art. 6 Abs. 1 lit. c Art. 6 Abs. 1 lit. a and Art. 6 Abs. 1 lit. f GDPR.

3. Purpose of data processing

The purpose of using of technically necessary cookies is to simplify the use of websites for users. Not all functions can be offered without using cookies.

The data collected by cookies that are not technically necessary are not used to create user profiles. These types of cookies are also used for the purpose of improving the quality of our website and content. As a result, we learn how the website is used and can constantly optimize our offer.

Our legitimate interest in processing personal data in accordance with Art. 6 Abs. 1 lit. f GDPR also lies in these purposes.

4. Storage duration, objection or removal option

Cookies are stored on the user’s computer and transmitted to our site. Therefore, users also have full control over the use of cookies. Users can deactivate or restrict the transmission of cookies by changing the settings in their Internet browser. Cookies that are already stored can be deleted at any time. This can be done automatically. If cookies are deactivated for our website, it is possible that not all functions can be used to their full extent.

The transmission of Flash cookies cannot be prevented via the browser settings but by changing the settings of the Flash Player.

 

VI Consent Management via cookiebot

1. Description and scope of data processing

We use the cookiebot Consent Management Platform as a consent management tool to obtain and log the necessary consents from users of our website, for example for analytics activities on our website. The technology is form the company Cybot A / S, Havnegade 39, 1058 Copenhagen, Denmark.

The platform collects log file and consent data using JavaScript. This JavaScript makes it possible to inform the user of his consent to certain tags on our website and to obtain, manage and document this.

The following data are processed:

1.1. Consent data (so-called consent data, namely anonymized logbook data, consent ID, processor ID, controller ID, consent status, timestamp),
1.2. Data of the devices used (so-called device data, including abbreviated IP addresses, device information, timestamp,
1.3. User data (so-called user data, including email, ID, browser information, setting IDs, changelog)

The ConsentID (contains the above-mentioned data), the consent status including time stamp are stored in the local memory of the browser of the visitor to our website and at the same time on the cloud servers used. Further processing only takes place if you submit a request for information or if you revoke your consent. In this case, the person responsible (that's us) is provided with the relevant information in a compact data format in an easily readable text form for the purpose of data exchange.

2. Purpose of data processing

The purpose of data processing is the analysis and management of the consents given in order to meet our obligation of a GDPR-compliant consent management. The use of Usercentrics serves the purpose of proving granted and not granted consents as well as their administration. Our legitimate interest in data processing according to Art. 6 Para. 1 lit.f GDPR also lies in these purposes.

3. Legal basis for data processing

The legal basis for processing personal data using cookies is Art. 6 Abs. 1 lit. c GDPR and Art. 6 Abs. 1 lit. f GDPR.

4. Storage duration, objection or removal option

The data will be deleted as soon as they are no longer needed. The associated cookie has a duration of 365days. The storage is based on the one hand in our accountability in accordance with Art. 5 Para. 2 GDPR. This obliges to comply with the processing of personal data in accordance with the General Data Protection Regulation. The revocation receipt of a previously given consent will be kept in accordance with Section 195 of the German Civil Code (BGB). Claims against us are subject to the regular statute of limitations according to § 195 BGB. This limitation period begins at the end of the year in which the claim arose (Section 199 BGB). As a result, the three-year limitation period begins at the end of December 31. of the year in which you revoked your consent and ends three years later on December 31, midnight.

5. Objection and removal options

The function can be switched on and off in our "Privacy settings" by marking the checkbox.

 

VII Operating a LinkedIN page

1. Description and scope of data processing

When you visit our LinkedIN page two companies collect personal data, that is us and LinkedIN, which is operated in Europe by LinkedIN Ireland Unlimited Company, Wilton Place, Dublin 2, Irland. LinkedIN and we are jointly responsible for collecting personal data from visitors to our page. LinkedIN uses this data in accordance with its own data protection declaration, including for analysis services that are made available to us, so-called page insights. Such data collection by LinkedIN can also take place from visitors to the LinkedIN who are not logged in or registered with LinkedIN. Visitors can find information about data collection and further processing by LinkedIN in LinkedIN data protection information.

We cannot understand which user data LinkedIN collects. We also do not have full access to the recorded data or profile data. We can only see the public information of the profiles. Individuals registered with LinkedIN decide which these are in their respective LinkedIN settings.

We receive anonymous statistics on the use and usage of the page from LinkedIN. The following information is provided here, for example:

1.1. Number of people who see a post. Number of interactions on a post. From this it can be deduced, for example, which content is better received than others.
1.2. Number of people who follow us - including growth and development over a defined time frame.
1.3. When advertisements are placed, we receive evaluations of the advertisements.
1.4. Demographic characteristics related to the average age of visitors, gender, place of residence, language.

We also receive personal data via LinkedIN if users use a form with fields filled out in advance with data from their profile to transmit the data to us and actively send the data to us by clicking on a button. Finally, we receive personal data when users comment on or share our posts.

The USA is classified as a country whose level of data protection does not meet the standards in the European Union. There is also no adequacy decision by the EU Commission that rates the level of data protection in the USA as appropriate. In particular, there is a risk that data can be processed by US authorities for control and monitoring purposes and that you may not have sufficient legal remedies.

2. Legal basis for data processing

The legal basis for processing personal data using cookies is Art. 6 Abs. 1 lit. a GDPR and Art. 49 Abs. 1 a GDPR.

3. Purpose of data processing

We use the statistics, from which we cannot draw any conclusions about individual users, to continuously improve our online offer on LinkedIN and to better respond to the interests of our visitors. We cannot link the statistical data with the profile data of our fans. People registered with LinkedIN can use their LinkedIN settings to decide in which form targeted advertising is shown to them.

We use the data when using the chat function to answer the request. The sales and customer care information collected in this way are used to establish contact in order to submit the desired information and offers.

4. Storage duration, objection or removal option

Cookies are stored on the user's computer and transmitted from there to LinkedIN. Therefore, users also have full control over the use of cookies. By changing the settings in the Internet browser, users can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for LinkedIN, it is possible that not all functions of the website can be used to their full extent.

 

VIII Operating a YouTube page

1. Description and scope of data processing

When you visit our YouTube page two companies collect personal data, that is us and YouTube, which is operated in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. YouTube and we are jointly responsible for collecting personal data from visitors to our page. YouTube uses this data in accordance with its own data protection declaration, including for analysis services that are made available to us, so-called page insights. Such data collection by YouTube can also take place from visitors to the YouTube who are not logged in or registered with YouTube. Visitors can find information about data collection and further processing by YouTube in YouTube data protection information.

We cannot understand which user data YouTube collects. We also do not have full access to the recorded data or profile data. We can only see the public information of the profiles. Individuals registered with YouTube decide which these are in their respective YouTube settings.

We receive anonymous statistics on the use and usage of the page from YouTube. The following information is provided here, for example:

1.1. Number of people who see a post. Number of interactions on a post. From this it can be deduced, for example, which content is better received than others.
1.2. Number of people who follow us - including growth and development over a defined time frame.
1.3. When advertisements are placed, we receive evaluations of the advertisements.
1.4. Demographic characteristics related to the average age of visitors, gender, place of residence, language.

We also receive personal data via YouTube if users use a form with fields filled out in advance with data from their profile to transmit the data to us and actively send the data to us by clicking on a button. Finally, we receive personal data when users comment on or share our posts.

The USA is classified as a country whose level of data protection does not meet the standards in the European Union. There is also no adequacy decision by the EU Commission that rates the level of data protection in the USA as appropriate. In particular, there is a risk that data can be processed by US authorities for control and monitoring purposes and that you may not have sufficient legal remedies.

2. Legal basis for data processing

The legal basis for processing personal data using cookies is Art. 6 Abs. 1 lit. a GDPR and Art. 49 Abs. 1 a GDPR.

3. Purpose of data processing

We use the statistics, from which we cannot draw any conclusions about individual users, to continuously improve our online offer on YouTube and to better respond to the interests of our visitors. We cannot link the statistical data with the profile data of our fans. People registered with YouTube can use their YouTube settings to decide in which form targeted advertising is shown to them.

We use the data when using the chat function to answer the request. The sales and customer care information collected in this way are used to establish contact in order to submit the desired information and offers.

4. Storage duration, objection or removal option

Cookies are stored on the user's computer and transmitted from there to YouTube. Therefore, users also have full control over the use of cookies. By changing the settings in the Internet browser, users can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for YouTube, it is possible that not all functions of the website can be used to their full extent.

 

IX Newsletter

1. Description and scope of data processing

On our website there is the option of subscribing to a free newsletter. When registering, at least the following information is transmitted to us from the input screen data:

1.1. First name
1.2. name
1.3. email address

The following data will also be stored at the time of sending the message:

1.4. user’s IP address
1.5. date and time of registration

During the registration process, the user’s consent is obtained for processing and reference is made to this data privacy policy, which also contains the specific consent text below.

No data is passed on to third parties in connection with data processing for sending of newsletters. The data is only used for sending the newsletter.

2. Legal basis for data processing

The legal basis for processing personal data after registering for the newsletter is Art. 6 Abs. 1 lit. a GDPR.

3. Purpose of data processing

Collecting the user’s data is for delivering the newsletter. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Storage duration

The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. The user’s email address will therefore be stored as long as the newsletter subscription is active.

5. Objection or removal option

The newsletter subscription can be cancelled by the user concerned at any time. There is a corresponding link in each newsletter for this purpose.

This also makes it possible to revoke the consent to the storage of personal data collected during the registration process.

 

X Contact form and email contact

1. Description and scope of data processing

There are contact forms on our website that can be used for electronic contact. If a user uses this option, the data entered in the input screen will be transmitted to us and stored. This data includes at least:

1.1. First name
1.2. name
1.3. email address
1.4. Company
1.5. Country

The following data will also be stored at the time of sending the message:

1.6. user’s IP address
1.7. date and time of registration

During contact, the user’s consent is obtained for processing and reference is made to this data privacy policy, which also contains the specific consent text below.

Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted by email will be stored.

Data is not passed on to third parties in connection with this. The data is only used for processing the conversation.

2. Legal basis for data processing

The legal basis for processing data is Art. 6 Abs. 1 lit. a GDPR if the user has given consent.

The legal basis for processing data transferred as part of sending an email is Art. 6 Abs. 1 lit. f GDPR. If the aim of the email is concluding a contract, the additional legal basis for processing is Art. 6 Abs. 1 lit. b GDPR.

3. Purpose of data processing

Processing personal data from the input screen is for processing any contact by us alone. Contact by email also constitutes the necessary legitimate interest in the data processing.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Storage duration

The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. For personal data from the contact form input screen and that which was sent by email, this is the case when the respective conversation with the user is finished. The conversation is terminated when the circumstances show that it is certain that the matter in question has been conclusively resolved.

The other personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Objection or removal option

The user has the option of revoking his/her consent to the processing of personal data at any time. If the user contacts us via email, he/she can object to the storage of his/her personal data at any time. In a case such as this, the conversation cannot be continued.

The revocation of consent and the objection to storage is possible verbally, in writing or by email.

All personal data stored in the course of contacting us will be deleted in this case.

 

XI Web analysis by Google Analytics

1. Scope of processing personal data

We use Google Analytics on our website to analyse our users’ surfing behaviour. The software places a cookie on the users’ computer (see above for more information about cookies). The following data is stored if individual pages on our website are visited:

1.1. two bytes of the IP address of the user’s visiting system
1.2. the website visited
1.3. the website from which the user came to the website visited (referrer)
1.4. the subpages that are accessed from the visited website
1.5. the length of stay on the website
1.6. the frequency of visiting the website

Google uses cookies. The information generated by the cookie about your use of the online service by users is normally transmitted to and stored by Google on a server in the USA. We only use Google Analytics with activated IP anonymisation. This means users’ IP addresses will be truncated beforehand within a member state of the European Union or in other contracting states to the Agreement on the European Economic Area. The IP address transferred by the browser is not associated with any other data held by Google. Users can prevent the storage of cookies by selecting the appropriate settings in their browser software; users can also prevent Google from collecting data generated by the cookie and relating to their use of the online service and from processing this data by downloading and installing the browser plug-in available using the following link. Further information on the use of data for advertising purposes by Google, setting and objection options can be found on Google’s websites How Google uses data when you use websites or apps of our partners, Data use for advertising purposes, Manage information that Google uses to show you advertisements. Google will use this information on our behalf to analyse the use of our online service by users, to compile reports on the activities within this online service and to provide us with other services associated with the use of this website and the use of the Internet. In doing so, pseudonymous user profiles may be created from the processed data.

The USA is classified as a country whose level of data protection does not meet the standards in the European Union. There is also no adequacy decision by the EU Commission that rates the level of data protection in the USA as appropriate. In particular, there is a risk that data can be processed by US authorities for control and monitoring purposes and that you may not have sufficient legal remedies.

2. Legal basis for processing personal data

The legal basis for processing users’ personal data is Art. 6 Abs. 1 lit. a GDPR and Art. 49 Abs. 1 a GDPR.

3. Purpose of data processing

Processing users’ personal data enables us to analyse our users’ surfing behaviour. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness.

4. Storage duration

Sessions and campaigns are terminated after a certain period of time. Sessions are closed after 30 minutes without activity and campaigns after six months as standard. The time limit for campaigns cannot be more than two years. Users will find more information on user conditions and data privacy at www.google.com/analytics/terms/de.html or at policies.google.com.

5. Objection or removal option

Cookies are stored on the user’s computer and transmitted to our site. Therefore, users also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that are already stored can be deleted at any time. This can be done automatically. If cookies are deactivated for our website, it is possible that not all functions can be used to their full extent.

 

XII Web analysis by smartlook

1. Scope of processing personal data

The following data is collected:

1.1. the website from which the user came to the website visited (referrer)
1.2. Requested web page or file
1.3. browser type and version
1.4. the operating system used
1.5. Device type used
1.6. data and time of access
1.7. IP-Address in anonymous form (is only used to determine the location of access)

2. Legal basis for the processing of personal data

Legal basis for the processing of personal data is Art. 6 Abs. 1 lit. a GDPR.

3. Purpose of data processing

Processing users’ personal data enables us to analyse our users’ surfing behaviour. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness.

4. Data deletion and storage duration

The data will be deleted as soon as they are no longer required for our recording purposes. In our case, this is the case after 7 days.

5. Objection or removal option

Cookies are stored on the user’s computer and transmitted to our site. Therefore, users also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that are already stored can be deleted at any time. This can be done automatically. If cookies are deactivated for our website, it is possible that not all functions can be used to their full extent.

 

XIII Rights of the data subject

If users’ personal data is processed, they are the data subject within the meaning of the GDPR and they are entitled to the following rights from the controller, whereby the following list includes all of their rights, not just the rights arising from the use of our services:

1. Right to information

Users can ask the controller to confirm whether personal data concerning you will be processed by us.

If processing has taken place, users can request the following information from the controller:

1.1. the purposes for which personal data is being processed;
1.2. the category of personal data being processed;
1.3. the recipient or categories of recipients to whom the personal data concerning you has been or is still being disclosed;
1.4. the planned storage duration of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
1.5. the existence of a right to have the personal data concerning you corrected or deleted, a right to have processing restricted by the controller or a right to object to this kind of processing;
1.6. the existence of a right to complain to a supervisory authority;
1.7. all available information regarding the origin of the data if the personal data is not collected from the data subject;
1.8. the existence of automated decision-making, including profiling in accordance with Art. 22 Abs. 1 and 4 GDPR and – at least in these cases – significant information on the logic involved and the scope and intended effects of this kind of processing for the data subject.

Users have the right to request information as to whether the personal data concerning them is transferred to a third country or to an international organisation. In this context, they can request to be informed of the appropriate guarantees according to Art. 46 GDPR in connection with the transmission.

2. Right to correction

Users have a right to the correction and/or completion by the controller if the personal data processed concerning them is incorrect or incomplete. The controller must make the correction without delay.

3. Right to restrict processing

Users may request that the processing of personal data concerning them be restricted under the following conditions:

3.1. if users dispute the accuracy of the personal data concerning them for a period of time that enables the controller to verify the accuracy of the personal data;
3.2. processing is unlawful and users refuse the deletion of the personal data and instead request that the use of the personal data be restricted;
3.3. the controller no longer needs the personal data for processing purposes but users need it to assert, exercise or defend legal claims, or
3.4. if users have filed an objection to the processing according to Art. 21 Abs. 1 GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh their reasons.

If the processing of personal data concerning users has been restricted, this data may only be processed – aside from being stored – with their consent or for the purpose of asserting, exercising or defending rights or for protecting the rights of another natural or legal person or on grounds of important public interest of the European Union or a member state.

If the processing restriction has been restricted in accordance with the aforementioned conditions, users will be informed by the controller before the restriction is lifted.

4. Right to deletion

4.1. Deletion obligation

Users can request that the controller delete the personal data concerning them without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:

4.1.1. The personal data concerning users is no longer necessary for the purposes for which it was collected or otherwise processed.
4.1.2. Users revoke their consent on which the processing was based according to Art. 6 Abs. 1 lit. a or Art. 9 Abs. 2 lit. a GDPR and there is no other legal basis for processing.
4.1.3. Users file an objection against processing according to Art. 21 Abs. 1 GDPR and there are no overriding legitimate reasons for processing or they file an objection against processing according to Art. 21 Abs. 2 GDPR.
4.1.4. The personal data concerning the users has been unlawfully processed.
4.1.5. The deletion of personal data concerning the users is necessary to fulfil a legal obligation under EU law or the member state law to which the controller is subject.
4.1.6. The personal data concerning the users has been collected in relation to information society services offered according to Art. 8 Abs. 1 GDPR.

4.2. Information to third parties

If the controller has made personal data concerning users public and is obliged to delete it according to Art. 17 Abs. 1 GDPR it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

4.3. Exceptions

The right to deletion does not exist if processing is required

4.3.1. to exercise the right to freedom of expression and information;
4.3.2. to perform a legal obligation required for processing under EU law or member states’ law to which the controller is subject or to perform a task in the public interest or to exercise public authority that has been given to the controller;
4.3.3. for reasons of public interest in the field of public health according to Art. 9 Abs. 2 lit. h and i such as Art. 9 Abs. 3 GDPR.
4.3.4. for archiving purposes in the public interest, academic or historical research purposes or for statistical purposes according to Art. 89 Abs. 1 GDPR if the right referred to in a) is likely to make it impossible or seriously impair the attainment of the objectives of this processing or
4.3.5. for asserting, exercising or defending legal claims.

5. Right to notification

If users have exercised their right to have the controller correct, delete or limit processing, it is obliged to inform all recipients to whom the personal data concerning them has been disclosed of this correction or deletion of the data or processing restriction, unless this proves impossible or involves a disproportionate effort.

Users shall also have the right to be informed about these recipients by the controller.

6. Right to data transferability

Users have the right to receive the personal data concerning them that they have provided to the controller in a structured, common and machine-readable format. Furthermore, users have the right to transmit this data to another controller without any obstruction by the controller to whom the personal data was made available provided that

6.1. processing is based on consent according to Art. 6 Abs. 1 lit. a GDPR or Art. 9 Abs. 2 lit. a GDPR or on a contract according to Art. 6 Abs. 1 lit. b GDPR and
6.2. processing is carried out using automated methods.

In exercising this right, users also have the right to affect that the personal data concerning them be transferred directly from one controller to another if this is technically feasible. Freedoms and rights of other people may not be affected because of this.

The right to data transferability does not apply to processing personal data necessary for performing a task in the public interest or in the exercise of public authority assigned to the controller.

7. Right to objection

Users have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you under Art. 6 Abs. 1 lit e or f GDPR at any time; this also applies to profiling based on these provisions.

The controller no longer processes the personal data concerning users unless it can prove compelling legitimate reasons for the processing, which outweigh their interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning users is processed for direct marketing purposes, users have the right to object to the processing of personal data concerning them for the purpose of this kind of advertising at any time; this also applies to profiling if it is in connection with this kind of direct marketing.

If users object to the processing for direct marketing purposes, the personal data concerning them will no longer be processed for these purposes.

Users have the option of exercising their right of objection using automated procedures in which technical specifications are used, in connection with the use of information society services, notwithstanding Directive 2002/58/EC.

8. Right to revoking the declaration of consent relating to data privacy

Users have the right to revoke their declaration of consent relating to data privacy at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

9. Automated decision on a case-by-case basis, including profiling

Users have the right not to be subject to a decision based exclusively on automated processing, including profiling, that has legal effect against them or significantly impairs them in a similar manner. This does not apply if the decision

9.1. is necessary for concluding or fulling a contract between them and the controller,
9.2. is admissible due to EU law or the member state law to which the controller is subject and where this law contains appropriate measures to safeguard their rights, freedoms and legitimate interests or
9.3. takes place with their explicit consent.

However, these decisions may not be based on special categories of personal data according to Art. 9 Abs. 1 GDPR unless Art. 9 Abs. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights, freedoms and legitimate interests.

In the cases referred to in 9.1 and 9.3, the controller shall take reasonable measures to safeguard their rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the controller, to state its own position and to challenge the decision.

10. Right to complain to a supervisory authority

Irrespective of any other administrative or judicial remedy, users have the right to complain to a supervisory authority, in particular in the member state in which they are residing, working or suspected of violation, if they believe that the processing of personal data concerning them is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

 

XIV Consent (content texts)

1. Contact form

I agree for STEINERT to process my data entered in the input screen for the purpose of responding to my contact request, whereby processing according to Art. 4 Nr. 2 GDPR means any operation carried out with or without the help of automated procedures or any such set of operations relating to personal data, such as the collection, recording, organisation, classification, storage, adaptation or alteration, selection, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

2. Newsletter

I agree for STEINERT to process my data entered in the input screen for the purpose of transmitting the IR newsletter (investor relations), whereby processing according to Art. 4 Nr. 2 GDPR means any operation carried out with or without the help of automated procedures or any such set of operations relating to personal data, such as the collection, recording, organisation, classification, storage, adaptation or alteration, selection, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

3. Data transfers to the USA

I consent to my personal data being transmitted to the USA.

Steinert GmbH Data Protection Policy

In this Data Protection Policy Steinert GmbH, Widdersdorfer Str. 329-331, 50933 Cologne, Germany, +49 (0)221-4984-0, sales(at)steinert.de (hereafter "we", "us") will provide you with information about how we process your personal data when you access our website.

1. What personal data do we collect?

Personal data is any information relating to a specific or identifiable natural person that you choose to share with us, of which we become aware or which we collect. This includes, for example:

Content data about the services used: if you use our services, we process the resulting content details you input and the information we provided to you. We also collect information about the time, extent and, where applicable, the location of your use of the services.

Server log data (technical specifications): data about your use of our website is temporarily stored in a log file on our servers (this includes the date and time of your visit, pages visited, type and operating system of the device you are using and your IP address).

We use cookies, which are small text files temporarily stored on your computer and saved by your browser. You can set your browser so that cookies are not stored or will be deleted at the end of your internet session.

We create user profiles under a pseudonym. These do not permit direct conclusions to be drawn about you. You can object to the creation of a user profile at any time.

2. Why, on which legal basis and for how long is your personal data processed?

2.1 For the provision of the website and the supply of the services

Processing of server log data is required for technical reasons to provide the web pages, for the provision of services and subsequently to assure system security.

The legal basis for such processing is our legitimate interest (Article 6 (1) f of the General Data Protection Regulation – GDPR). Such processing is imperative for use and there is no right to object.

This data will be erased after 2 weeks at the latest.

The server log data will subsequently be evaluated anonymously for statistical purposes and to improve the quality of our website. There is no link made between the server log data and your personal data and the server log data is not combined with other personal data sources.

2.2 Your contact searches

When you submit a contact search, we process the details entered by you to carry out your search; i.e. to determine your contact person.

The legal basis for such processing is our legitimate interest under Article 6 (1) f of the GDPR to provide you with the "contact search" service described above. An additional legal basis for such processing is Article 6 (1) b of the GDPR if the aim of your contact search is the conclusion of a contract.

This data is erased after you finish using the function.

2.3 Your contact requests

Should you send requests to us via a contact form, by e-mail or via our service hotline, we will collect and use the information you provided therein to respond to your request.

The legal basis for such processing is our legitimate interest under Article 6 (1) f of the GDPR to provide you with the "contact request" service described above. An additional legal basis for such processing is Article 6 (1) b of the GDPR if the aim of your request is the conclusion of a contract.

This data will be erased when our communication with you is concluded, i.e. when the relevant facts have been conclusively determined.

You may object to the processing of your data at any time on the basis of Article 6 (1) f of the GDPR. Communication cannot then be continued.

2.4 Advertising, your requests for information material not freely accessible

To retrieve information material about our products and services from a protected website area, you have to provide certain details and agree to the processing of these details for advertising purposes before the materials are sent. We will then process your details with your express consent to inform you by e-mail and/or by telephone about information and offers (advertising) concerning our products and services about sorting technology and sensor sorting that is personally tailored to you and your interests ("Steinert services"). We will also contact you with written postal advertising about Steinert services without consent and to the extent permitted by law, if applicable.

The legal basis for such processing is your consent, Article 6 (1) a of the GDPR.

You can of course at any time revoke your consent to the use of your personal data for advertising purposes at any time, in whole or in part. Please use the corresponding functions provided for you (e.g. the unsubscribe function in our menu) or send us a corresponding notification in writing (keyword: data protection) or by e-mail to the contact information listed in section 8.

We will then erase this data after consent is revoked or at the latest after cessation of use.

2.5 Product development, right of objection

We would like to use the data you have already entered or that has arisen in your use of our services to improve our products and services (product development).

The pseudonymised user profiles created based on usage data will be utilised to improve the marketing of our products.

 

You can of course at any time object to the creation of pseudonymised data and the use of your personal data for advertising purposes in whole or in part. Please use the corresponding functions provided for you (e.g. the unsubscribe function in our menu) or send us a corresponding notification in writing (keywords data protection) or by e-mail to the contact information listed in section 8.

The legal basis for such processing is our legitimate interest (Article 6 (1) f of the GDPR).

We will then erase this data after your objection or at the latest after cessation of use.

2.6 Consent (content texts)

2.6.1 Contact form

I agree for STEINERT to process my data entered in the input screen for the purpose of responding to my contact request, whereby processing according to Art. 4 Nr. 2 GDPR means any operation carried out with or without the help of automated procedures or any such set of operations relating to personal data, such as the collection, recording, organisation, classification, storage, adaptation or alteration, selection, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

 

2.6.2 Newsletter

I agree for STEINERT to process my data entered in the input screen for the purpose of transmitting the IR newsletter (investor relations), whereby processing according to Art. 4 Nr. 2 GDPR means any operation carried out with or without the help of automated procedures or any such set of operations relating to personal data, such as the collection, recording, organisation, classification, storage, adaptation or alteration, selection, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

3. Disclosure of data

3.1 When we disclose data to service providers for the provision of our services

In compliance with statutory requirements, we partly employ service providers for the practical provision of our services by way of order processing, i.e. on our behalf, according to our instructions and under our control, in particular Hees riconet GmbH for the administration of the website.

3.2 When we use service providers for advertising and marketing

In compliance with statutory requirements, we partly employ service providers for the practical implementation of advertising and marketing by way of order processing, i.e. on our behalf, according to our instructions and under our control, for instance for advertising by telephone and e-mail.

3.3 When we transmit data to other companies in the Steinert Group

If you submit enquiries about products or services supplied by other group companies, we will send your enquiry to them and they will then contact you. Your personal data could be transmitted to a country outside the EU in this context, namely if the other group company has its registered office outside the European Economic Area. We ensure compliance with one of the recognised legal measures in such cases to guarantee an adequate level of protection for such data transmissions to countries outside of the EU, in particular (i) recognition by the European Commission of the adequacy of protection for personal data in relation to the group company's country; (ii) active certification of the group company under the EU–US Privacy Shield (where the group company is registered in the United States); (iii) application of approved and binding corporate rules; or (iv) use of standard EU contractual clauses for those responsible (in their latest version). We can provide you with further information about this on request.

4. Cookies and web analytics

What are cookies?

We and our partners use so-called "cookies" to make our web pages as user friendly as possible, and to increase the relevance of our advertising for visitors to our website. Cookies are small files that are stored on a visitor's hard drive. They permit the retention of information over a certain time period and the identification of the visitor's computer.

Your entry page will display information about data protection with the consent text in cookies on the first occasion that you visit our website. This consent will then be stored on your browser if you continue to use the website and do not object to the use of cookies, so that we do not have to display this information to you on every page. If this indication is missing in your browser (e.g. if you delete the browser history), the information will be displayed again the next time you visit our website.

What cookies do we use?

We use two categories of cookies on our website: (1) Cookies required for technical reasons, without which the functionality of our website would be restricted and (2) optional analysis, targeting or advertising cookies:

Cookies required for technical reasons

These cookies are essential to enable you to move around our website and use its functions. For instance they save those products you have placed in your shopping cart or the progress of your order, or they enable you to easily search by dealers where you can buy our products (e.g. by displaying a map of your surroundings). These cookies do not collect any information about you that is to be used for marketing purposes or that is saved to track where you have been on the Internet. These cookies are session-specific and expire after your visit to the website (session). Disabling this category of cookies would restrict the functionality of the website as a whole or parts thereof.

Analysis, targeting or advertising cookies

Analysis cookies collect information about how visitors use a website, for instance which pages they use most often and whether they receive error messages from web pages. These cookies do not collect any information by which visitors can be identified. All information ascertained by these cookies is used exclusively to understand and improve the website's functionality and service. We use Google Analytics for the analysis of our website. This is a web analysis service provided by Google Inc. The information about your use of this website generated by the use of Google Analytics is transmitted to a Google server in the USA and stored there. The activation of IP anonymisation on this website means that Google will truncate your IP address beforehand within member states of the European Union or in other countries that are signatories to the Agreement on the European Economic Area.

Targeting and advertising cookies are used to coordinate advertising to be more targeted to you and your interests. They also serve to restrict how often do you get to see the same advertisement, to measure the effectiveness of a promotional campaign and to understand people's behaviour after viewing an advertisement. These cookies are commonly placed on their pages by advertising networks with the consent of the website operator (i.e. in this case from us). They detect that a user has visited a website and pass this information on to others, e.g. advertising companies, or use it to correspondingly adapt their own advertisements. They are often linked with the functionality of a website provided by this company. We therefore use these cookies to provide a link to social networks, which can then continue to use the information about your visit to tailor the advertising on other websites to your needs. They also provide information about your visits to the advertising networks we use to ensure that you can subsequently be presented with precisely the advertising in which you may really be interested based on your browsing behaviour.

Disabling this category of cookies does not impair the functionality of our website. We currently use cookies in this category from the following providers, where you can in each case directly obtain information about the cookies and their designation and can object to the use of cookies:

TOOL: Google Analytics
Provider's data protection information: https://support.google.com/analytics/answer/6004245?hl=de
WIDERSPRUCHSMÖGLICHKEIT (OPT-OUT): https://tools.google.com/dlpage/gaoptout?hl=de

If you would prefer to receive further information about these cookies from us, please contact us by e-mail at: datenschutz(at)steinert.de

In order to provide a technically flawless online offer, we use the Smartlook analysis software from Smartsupp.com s.r.o., Millay Horakove 13, 602 00 Brno, Czech Republic.

This software records anonymised mouse movements and interactions on the page. Your personal data will not be transferred and no record will be assigned to any user. If personal data of you or a third party is displayed on the Website, Smartlook will automatically fade it out and does not record it at any time.

If you do not agree with the recording, you can deactivate it using the opt-out switch under Smartlook Opt-Out.

How do I disable cookies?

You can conveniently disable all analysis, targeting and advertising cookies using our Cookie settings [link to Cookie settings]. Or you can use the links in the table above (opt-out options) to disable individual cookies. You can ultimately prevent the use of any cookies by appropriately amending the cookie settings in your browser. Although in this case we should point out that the functionality of our website will be restricted if cookies required for technical reasons are also blocked.

You can find further information about cookies and the individual providers on the website www.youronlinechoices.com, for example. This also offers you the option to object to usage-based online advertising by individual or all tools. To access the Preference Manager directly, please clickhere.

5. Links

We use links to our other online presence hosted by third party websites and services, e.g. on social media channels such as Facebook or LinkedIn. These third parties are solely responsible for data processing by such other service providers on their websites and their data protection policies shall apply.

6. Security

We and our service providers implement technical and organisational security measures to protect your personal data that we manage against accidental or intentional manipulation, loss and destruction and from being accessed by unauthorised individuals. Our data processing and our security measures are continuously improved in line with technological development.

Secure Socket Layer (SSL) encryption is used during the transmission of your personal data to us. Personal data exchanged between you and us or other companies involved is always transmitted via encrypted connections that correspond to the latest technology.

Our staff and our service providers are of course obliged to respect confidentiality.

7. Your rights to information, correction, blocking and erasure

We will be happy at any time to provide information free of charge about the data we store about you if you have any questions regarding our processing of your personal data. You also have a right to correction of inaccurate data, to block / restrict the processing of your personal data or to erasure what is no longer needed and to file a complaint with a data protection supervisory authority.

Please notify us of your concerns in writing (keyword: data protection) or by e-mail to the contact information listed in section 8. We reserve the right to verify your identity so that your personal data is not disclosed to unauthorised individuals.

8. Data Protection Officer

Our Data Protection Officer is André Nienhaus.

Contact: info(at)nienhaus-rechtsanwaelte.de

Nienhaus Informationssysteme im Rheinland (UG), Bosmannshof 5, 46685 Wesel, Germany.

9. Amendments

It is necessary to amend the contents of this Data Protection Policy from time to time. We therefore reserve the right to amend it at any time. We will also publish the amended version of the Data Protection Policy at this location. You should therefore read the Data Protection Policy anew when you visit us again.

Status as at 2018, 23.04.2018