Supfina Grieshaber GmbH & Co. KG (hereafter “we”) takes the protection of your personal data very seriously. With the help of this data-protection declaration, we hereby inform you comprehensively about the processing of your personal data and the rights to which you are entitled.
“Personal data” for the purposes of this statement means any information relating to an identified or identifiable natural person, such as your name, address, telephone number, or e-mail address.
2. Controller as defined by the EU General Data Protection Regulation (GDPR)
Supfina Grieshaber GmbH & Co. KG
3. Contact details of our Data Protection Officer
Datenschutzbeauftragter der Supfina Grieshaber GmbH & Co. KG
c/o TÜV SÜD Akademie GmbH
4. Your rights as data subject
- In accordance with the applicable data-protection provisions, you have the following rights with regard to the personal data concerning you under the relevant statutory conditions:
– Right of access;
– Right to rectification or deletion;
– Right to restriction of processing;
– Right to object against the processing;
– Right to data portability;
– Right to revoke any consent given with future effect.
You will not incur any costs in exercising these rights.
- You may contact the competent data protection supervisory authority to lodge any complaints concerning the processing of your personal data.
5. Legal bases for the collection and use of data
We collect and use your personal data only if we are entitled to do so on the basis of a statutory provision or your consent.
- The legal basis for the processing of personal data required for the fulfilment of contracts is Art. 6 Para. 1 S. 1 lit. b DS-GVO.
- If we process personal data on the basis of a legal obligation, this is permissible in accordance with Art. 6 para. 1 sentence 1 lit. c DS-GVO.
- If we process data to safeguard the legitimate interests of our company or third parties and there are no overriding interests of affected parties, this is permitted under Art. 6 para. 1 sentence 1 lit. f DS-GVO. In the following, we shall name the relevant legal basis for the individual uses.
- The permissibility of the use of data on the basis of given consent results from Art. 6 Para. 1 S. 1 lit. a and Art. 7 DS-GVO.
6. Collection of personal data when visiting our website
- Data concerned
If you only visit our website in order to inform yourself of the content, we may collect the personal information listed below, which is transmitted to our server by your browser:
– IP address
– Date and time of enquiry
– Time zone difference from Greenwich Mean Time (GMT)
– Content of request (specific page)
– Access status/HTTP status code
– Data quantity transmitted
– Website from which the request comes
– Browser – Operating system and its interface
– Language and version of browser software.
The collection of this data is necessary for the display of the website and to ensure stability and security.
When you visit our website, cookies will be saved to your computer. Cookies are small text files saved to your hard drive that are associated with the browser you use and through which we receive certain information. Cookies cannot execute any programs or transfer viruses to your computer. They serve to make our Internet presence more user-friendly and more effective.
You can configure your browser settings as you wish, for instance, to refuse specific or all cookies. This may, however, mean that you cannot use all of the functions of the website.
The cookies currently used, together with a more detailed description of their function and duration, can be found in the attachment.
- Web Storage
Our website also uses web storage (also known as DOM storage) technology. You can find details in the attachment.
- The legal basis for the above processing operations is GDPR Article 6(1)(f).
7. Processing of personal information when making contact
- If you contact us with questions using the contact form integrated on our website, we will save and use the personal information you provide (e.g., your e-mail address; possibly also your name, telephone number, or address) in order to answer your questions. The legal basis for this is GDPR Article 6(1)8f), where our legitimate interests are to acquire you as a customer and to maintain a long-term business relationship.
- If a contract or order is negotiated, or contracts are concluded and performed on the basis of such a contact, we will process any personal data collected using this contact for these further purposes. These business relationships also include the handling of deliveries and payments, or in connection with complaints, repair, or maintenance work or in warranty cases, or to prepare and respond to requests for quotations from individuals, to determine the terms of the contractual relationship and with respect to product development activities. The legal basis for this is GDPR Article 6(1)(b) (performance of contracts).
- Furthermore, we will also use the postal address of your company and the name of a contact person provided when contacting us in order to send you interesting information about the products and services we offer by addressed direct mail. The legal basis for this is GDPR Article 6(1)(f). Such direct mail does not require prior consent according to the law (German Fair Trade Practices Act) (Gesetz gegen unlauteren Wettbewerb, UWG), S. 7. You may object to the sending of such mail at any time with future effect (see also Section 14(2) of this data privacy statement).
- In addition, we are subject to various legal obligations (Art. 6 para. 1 lit. C DS-GVO) that may make the processing of your personal data necessary. These legal obligations may arise, for example, from tax, foreign trade, or sanction regulations.
8. e-mail newsletter
- If we offer e-mail newsletters, you will receive our newsletter if you have given us your consent using the user interface provided. In the newsletter, you will receive interesting information about the product and services we offer.
- We use the double opt-in procedure for consent to our newsletter. After your registration, we will also send an e-mail to the e-mail address provided asking you to confirm that you have consented to receiving the newsletter. If you do not confirm your registration within 24 hours, we will delete the information provided when requesting the newsletter, unless you have provided us with this information for other purposes (e.g., to make contact, to respond to questions, or within the context of contracts to be performed) and we still need this information for these other purposes. We will also store your IP address and time point of registration and confirmation, so that we can provide evidence of your registration and resolve any possible misuse of your personal data.
- You are only required to provide your e-mail address in order to receive the newsletter. The separate entry of your name is optional and is only used to provide a personal greeting in the newsletter.
- After your confirmation, we will save your e-mail address for the purpose of sending the newsletter.
9. Online applications using our website
- If we enable online applications using our website, we will only process the personal data stated there in order to process the application and to carry out the application procedure, or to do so in respect of other positions than that mentioned in the application that we deem appropriate according to the stated qualifications.
- We are only able to consider online applications where the mandatory fields provided in the user interface have been completed. Any other information is optional. The provision of special types of personal data, such as on racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health, pregnancy or sex life is unlawful and will not be processed by us.
- Only persons who are involved in the application procedure as per their duties shall have access to personal application data. We treat your personal data with the strictest confidentiality.
- In the event of an unsuccessful online application, we will retain the personal data for up to two (2) years in order to be able to access it for future vacancies, if you have given your express and separate consent (revocable at any time) after receiving a rejection.
- You may object to the processing of your personal data at any time. In the event of an objection, we will delete all data provided in the online application.
- The legal basis for the processing of personal application data described above is GDPR Article 6(1)(f) and Section 26 of the German Federal Data Protection Act (BDSG).
10. Other functions and services on our website (e.g. Partner Portal)
- Use of Google Web Fonts in the Supfina Partner Portal
On this website we use Google Web Fonts, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google Web Fonts allows us to use external fonts, so-called Google Fonts. For this purpose, the required Google font is loaded from your web browser into the browser cache when you access our website. This is necessary so that your browser can display an optically improved display of our texts. The integration of these web fonts takes place through a server call, usually at a Google server in the USA. This means that the server is informed which of our Internet pages you have visited. The IP address of the browser of your terminal device is also stored by Google. We have no influence on the extent and further use of the data collected and processed by Google through the use of Google Web Fonts. If your browser does not support this function or — which is possible with the help of appropriate browser settings — you prevent access to the Google servers, a standard font will be used by your computer to display the data.
- Google has signed and is certified under the Privacy Shield Agreement between the European Union and the United States. By doing so, Google undertakes to comply with the standards and regulations of the European data-protection law. Further information can be found here:
For general information about privacy, please visit the Google Privacy Center at: http://www.google.com/intl/de-DE/privacy/.
- We use Google Web Fonts to improve the use of our website for you and to make it more user-friendly. This is our legitimate interest in the processing of the above data by the third party provider. The legal basis for this is Art. 6 Para. 1 S. 1 lit. f DS-GVO.
11. Web analysis services
In order to analyze the behavior of users of our website, we use the following web analysis services on the legal basis of GDPR Article 6(1)(f) and hereby provide the following information:
- Google Analytics
(b) The IP address that your browser transmits as part of Google Analytics will not be coordinated with any other data held by Google.
(c) You can prevent the storage of cookies by selecting the corresponding setting in your browser software. However, please note that you may not be able to use all of the functions on this website if you choose this option. You can also prevent Google’s collection and use of data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(d) This website uses Google Analytics with the “_anonymizeIp()” extension, so that only your shortened IP address is processed. This excludes the possibility of identifying specific persons. If the data collected that concerns you allows identification, this will be immediately excluded and the personal data thus immediately deleted.
(e) We use Google Analytics in order to be able to analyze the use of our website and regularly improve it. The statistics obtained allow us to improve our service and make it more interesting for you as the user. In the exceptional case where personal data is transferred to the USA, Google is a signatory to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
(g) This website also uses Google Analytics to perform a cross-device analysis of visitor traffic for a user ID. You can deactivate the cross-device analysis of your use in your customer account under “My data,” “Personal data.”
- Google AdWords und Google Conversion-Tracking
(a) This website may use Google AdWords. AdWords is an online advertising program provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
(b) Within the scope of Google AdWords, we use conversion tracking. If you click on an ad delivered by Google, a cookie for the conversion tracking will be set. Cookies are small text files stored on the user’s computer by the Internet browser. These cookies expire after 30 days and do not serve to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we are able to recognize that the user has clicked on the ad and was forwarded to this page.
(c) Every Google AdWords customer receives a different cookie. The cookies cannot be tracked using the websites of AdWords customers. The information obtained with the help of the conversion cookie serves to create conversion statistics for AdWords customers that have opted for conversion tracking. The customers see the total number of users that clicked on their advertisement and were forwarded to a page with a conversion tracking tag. However, they do not receive any information that could be used to personally identify the user. If you do not wish to participate in tracking, you can object to this use by simply disabling the Google conversion tracking cookie under the user settings in your Internet browser. You will then not be included in the conversion tracking statistics.
(d) The storage of conversion cookies takes place on the basis of GDPR Article 6(1)(f). The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising.
12. Embedding of YouTube videos
- We have embedded YouTube videos in our website, which are stored on http://www.YouTube.com and can be replayed directly on our website. These are all integrated in the “extended data-protection mode,” which means that no data concerning you as the user is transferred to YouTube if you do not play the videos. Only if you play the videos will the data mentioned in paragraph 2 be transferred. We have no control over this data transfer.
- By visiting the website, YouTube will be informed that you have accessed the corresponding subpage of our website. The data mentioned in point 3 of this paragraph will also be transferred. This takes place regardless of whether YouTube provides a user account through which you are logged in or if there is no user account. If you are logged into Google, your data will be associated directly to your account. If you do not wish your profile to be associated by YouTube, you must log out before pressing the button. YouTube will save your data as a usage profile and use it for purposes of advertising, market research, and/or to configure the website according to demand. Such an analysis takes place (even for users not logged in) in order to deliver demand-oriented advertising and in order to inform other users of the social network of your activities on our website. You have a right to object to the formation of this user profile, but must contact YouTube to exercise this right.
- The legal basis for this use is GDPR Article 6(1)(f).
13. Recipient of personal data
Within the company, only authorized employees of Supfina Grieshaber with appropriate responsibilities have access to your personal data.
We only use your information internally and only share it with other companies when we contract them to perform a service, such as delivering mailings or credit checks on a sales order or product delivery.
14. Revocation of consent given and objection to data processing
- If you have given your consent to the processing of your data, you may revoke this consent at any time with future effect.
- If we base the processing of your personal data on the pursuit of our interests as provided for by law (e.g., GDPR Article 6(1)(f) ), you may object to the processing of your personal data. You may object at any time with regard to the processing of your personal data for the purposes of advertising and data analysis, and also if the processing is not necessary for the performance of a contract or the provision of a specific service or order which you request.
15. Duration of processing
We will delete data once the storage is no longer necessary for the purpose of the stated processing. If deletion is contrary to statutory retention obligations or if we require the data to pursue or defend legal claims or to fulfill statutory obligations, we will restrict the use accordingly.
Supfina Grieshaber GmbH & Co. KG
As at: 05.09.2018
|Default Expiration Time
|Saves whether the cookie notification has been confirmed.
|2 years from set/update
|Used to throttle request rate.
|30 minutes from set/update
|Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.
|End of browser session
|6 months from set/update
|Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.
|2 years from set/update
Web storage, sometimes known as DOM storage (Document Object Model storage), provides web application software methods and protocols used for storing data in a web browser.
Web storage supports persistent data storage, similar to cookies but with a greatly enhanced capacity and no information stored in the HTTP request header.
There are two main web storage types: local storage and session storage, behaving similarly to persistent cookies and session cookies respectively.
Source: Wikipedia https://en.wikipedia.org/wiki/Web_storage
The web storage is not used by us. In the future, we may use Web Storage to store information that does not need to be transmitted to the server with every request. Thus, cookies and traffic can be reduced.