Privacy Policy
Responsible person
Thorsten Steinbach
Strahlunger Straße 18
97616 Salz
Germany
E-Mail: thorsten.steinbach@steinbach-gruppe.de
General Managers:
Dipl.-Ing. (FH) Michael Steinbach,
Dipl.-Wi.-Ing. (FH) | MCSc | Dipl.-Kfm. Thorsten Steinbach,
Dipl.-Wi.-Ing. Jochen Steinbach,
Dipl.-Ing. (FH) Bastian Steinbach
Link to the imprint: https://www.fgb.de/en/imprint.html
Data Protection Officer: privacy@draiconsult.de
Types of data processed
• inventory data, such as e.g. names, addresses
• contact data, such as e.g. email addresses, phone numbers
• content data, such as e.g. text entries, photographs, videos
• usage data, such as e.g. web sites visited, particularly interesting content, access times of users
• meta-data/communications data, such as e.g. information about equipment, IP addresses
Categories of data subjects
In general, we refer in the following to users of as well as visitors to our online range as “users”.
Purpose of processing
The purpose of processing is to make our online range, its functions and content available, to answer contact enquiries and to communicate with customers. Furthermore, it is necessary for security reasons and to measure our coverage/marketing.
The terms of use
“Personal data”: refers to identified or identifiable natural persons (hereinafter also described as “data subjects”). A natural person in this sense is identifiable who can be identified directly or indirectly, in particular by allocation to an identifier, e.g. a name, an identification number, specific location data, an online ID (cookies), or one or more special characteristics, which are an expression of the genetic, psychological, economic, cultural, physical physiological or social identity of these natural persons.
“Processing” is any procedure carried out with and without the help of automated processes. This also includes every series of operations which is associated with personally identifiable information. This aspect is therefore very far-reaching and covers almost every type of data handling.
Natural or legal persons, public authorities, facilities or other bodies which alone or together with others decide on the intentions and means of processing personal data are described as “responsible persons“.
Relevant legal basis
We wish to inform you about the legal bases of our data processing according to the stipulations of Article 13 of the GDPR. If the legal basis is not mentioned in the data privacy policy, the following shall apply:
• legal basis for obtaining consents: Article 6 paragraph 1 lit. a and Article 7 GDPR
• legal basis for processing contractual measures for fulfilment of our performance and implementation as well as replying to enquiries: Article 6 para. 1 lit. b GDPR
• legal basis for processing to fulfil our legal obligations: Article 6 para. 1 lit. c GDPR
• legal basis for processing to pursue our legitimate interests: Article 6 para. 1 lit. f GDPR
• the following Article serves as the legal basis in case a vital interest of the data subject or another natural person makes the processing of personal data necessary: Article 6 para. 1 lit. d GDPR
Security measures
We therefore ask you to inform yourself continuously about the content of our privacy policy. If it is necessary for us to edit the changes of the data processing operations carried out by us, we shall adapt the privacy statements accordingly. As soon as a consent on your part or another individual notification is required, we shall inform you about this.
Cooperation with data processors and third parties
If we reveal data to others in connection with our processing, such as persons or companies, i.e. contract processors or third parties, or we permit the transfer of data to these persons or companies or otherwise allow access to the data, this shall only take place in connection with a legal permit, such as for example if a transfer of data to third parties is necessary, i.e. as for example in the case of a payment service provider, in accordance with Article 6 para 1 lit. b GDPR, if you have given your consent, a legal obligation requires this or because of our legitimate interests, for example, when using agents, webhosts, etc.
If we commission third parties with data processing on the basis of a so-called “contract processing agreement”, this shall take place according to Article 28 GDPR.
Transfer to third world countries
If we process data in a third world country, i.e. outside of the European Union (EU) or the European Economic Area (EEA) or if this is the case in the context of third party use or disclosure and/or transfer of data to third parties, this shall only take place in order to fulfil our (pre)contractual obligations if you have given your consent, a legal obligation requires this or on the basis of our legitimate interests. We only have data processed in a third world country if the special conditions of Article 44 ff. GDPR are satisfied subject to legal or contractual permits. This means, for example, that processing is based on specific guarantees, such as one of the officially recognised levels of data protection in the EU (e.g. for the US through the “Privacy Shield”), or is carried out observing the officially recognised special contractual obligations (“standard contractual clauses”).
Rights of data subjects
Article 15 GDPR states that you have the right to ask for confirmation as to whether the data in question is being processed and that you will receive information about this data, further information and copies of the data.
According to Article 16 GDPR, you have the right to demand the completion of the data that concerns you or the rectification of data that is not correct.
According to Article 17 GDPR, you have the right to have the data in question deleted immediately or, as an alternative, to request a restriction of data processing under Article 18 GDPR.
According to Article 20 GDPR, you are entitled to receive and request the relevant data that you have provided to us.
In addition, you have the right according to Article 77 GDPR to lodge a complaint with the competent supervisory authority.
Withdrawal
According to Article 7 para. 3 GDPR, you have the right to withdraw your consent, which may have already been granted, also with effect for the future.
Right of appeal
According to Article 21 GDPR, you have the right to appeal against the dissemination of your data in the future. In particular, this may take place by objecting to processing for the purposes of direct marketing.
Cookies and the right to appeal to direct advertising
Small data files which are stored on the user’s PC are called “cookies”. These allow the storage of various types of information. Cookies are used to store information about a user and/or the device on which the cookie is stored during the visit to the website. If cookies are deleted after a visitor leaves the site and closes his browser, they are called temporary cookies and/or “session cookies” or “transient cookies”. Such cookies can, for example, store the shopping cart content of an online shop or a login status. On the other hand, “permanent” and/or “persistent” cookies are those which remain stored after the browser has been closed if the user visits the site again after several days. In addition, cookies make it possible to store the interests of the user, which can be used for measurement of reach and/or coverage or for marketing purposes. So-called “third party cookies” are those which are provided by providers other than the persons responsible for operating the online offer. If this refers only to their cookies, they are called “first-party cookies”.
Since we have both temporary and permanent cookies in use, we will inform you about this accordingly as part of our privacy policy.
If users do not wish that cookies are stored on their computers, they will be asked to deactivate the corresponding option in their browser system settings. It is also possible to delete the stored cookies in the system settings of the browser. It should be noted that the deactivation of cookies may lead to functional limitations of the online offer.
If users generally wish to object to the use of cookies as a result of online marketing, it is possible to do this by using several of the services which are offered, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Besides this, as already mentioned, the storage of cookies in the browser settings can be deactivated at any time. It should be noted, however, that quite possibly not all functions of the online offer may still be available.
Deletion of data
According to Articles 17 and 18 GDPR, data which are processed by us, may be deleted or restricted in their further processing. User data stored by us are deleted, unless expressly stated otherwise in this privacy policy, as soon as they are no longer necessary for their actually intended purpose and, in addition, there exists no need or legally required retention provision regarding deletion. If the data is required for other purposes which are legally permissible, these are processed in a restricted way and not deleted. This means that the data will be blocked and will not be processed for any other purpose. This applies for certain data, for example, which has to be retained for commercial or fiscal reasons.
Legal requirements for data retention in Germany:
6 years in accordance with Article 257 para. 1 HGB:
• trading accounts, inventories, opening balance sheets, annual financial statements, commercial correspondence, accounting receipts, etc.
10 years in accordance with Article 147 para. 1 AO:
• accounts, records, management reports, accounting receipts, commercial and business correspondence, documents relevant for taxation purposes, etc.
Legal requirements for data retention in Austria:
7 years in accordance with Article 132 para. 1 HGB:
• bookkeeping records, receipts/invoices, accounts, receipts, commercial papers, income and expenses statements, etc.
22 years in connection with property and 10 years for documents in connection with electronically provided services, telecommunications, broadcasting and television services, which were provided to non-entrepreneurs in the EU Member States and for which the Mini- One-Stop-Shop (MOSS) is used.
Business-related processing
We also process the following data:
• contract data, such as the subject and term of the contract, the customer category
• payment data, such as bank account details, payment history
• services and customer care, marketing, advertising and market research of our customers, interested parties and business partners on account of contractually agreed services
Hosting services
We use hosting services for the following:
• infrastructure and platform services
• computing capacity
• memory space and database services
• security services
• technical maintenance services for the provision of online services
According to Article 6 para. 1 lit. f GDPR in connection with Article 28 GDPR (conclusion of a contract processing agreement), we or our hosting provider process usage data, content data, contract data, contact information, inventory data, metadata and communications data of interested parties, customers and guests of our online services in an effective and secure manner for the provision of our online offer based on our legitimate interests.
Collection of access data and log files
We and/or our hosting provider collect data about any type of access to the server on which this service can be found (server log files) based on our legitimate interests. This is done in accordance with Article 6 para. 1 lit. f. GDPR and includes the name of the website visited, the date and time of the call, the file, the amount of data transferred to it, the message about a successful call up, the user’s operating system, the previously visited website, the browser type version, the requesting provider and the IP address. For security reasons, such as for the investigation of abuse or fraud, log file information is stored for a maximum of seven days and then deleted. In doing so, certain data, which must be stored for evidential purposes are excluded from deletion up to the final clarification of the incident.
Provision of contractual services
Inventory data, such as names and addresses, as well as the contact information of users, contract data, such as the services used, names of contact persons, payment information, are processed by us. This takes place in order to fulfil our contractual obligations and services in accordance with Article 6 para. 1 lit. b. GDPR. All entries marked in the online forms are required for concluding the contract.
If you use our online services, we store the IP address and the time of the respective user action. This is due to our legitimate interests as well as that of the users, as they are protected from abuse and other unauthorised use. The disclosure of the data to third parties does not occur unless this is necessary for the pursuance of our claims or there is a legal obligation in accordance with Article 6 para. 1 lit. c GDPR.
Usage data, for example, such as the visited websites of our online offer or the interest in our products, and content data, such as entries in a contact form or the user profile, are processed by us in a user profile for advertising purposes, so that product information, for example, can be faded in for the user on the basis of his previously used services.
In this case, the deletion of data takes place after expiration of the legal warranty period and comparable obligations. In addition, a check is made every three years of whether storage is still required. In the case of legal archiving requirements, deletion takes place after they have expired. Until then, these details remain in the customer account.
Administration, financial accounting, office organisation, contact management
We process data in connection with administrative tasks and the organisation of our company as well as with financial accounting and compliance with legal obligations, such as archiving. The same data is processed, which we have processed in connection with the provision of our contractual services. The bases for this are Article 6. para. 1 lit. c. GDPR and Article 6 para. 1 lit. f. GDPR. The following individuals are affected by processing: customers, interested parties, business partners and visitors to our homepage. Processing is used for the administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and the provision of our services. Data deletion in terms of contractual performance and contractual communication is consistent with the information provided in these processing activities. In doing so, we transfer or submit data to the tax authorities or consultants, such as a tax accountant or auditor, as well as other fee-collecting agents and payment service providers. In addition, details concerning suppliers, promoters, and other business partners are processed, for example, due to later contact being made based on our business interests. We generally store such predominantly company-related data on a permanent basis.
Business analysis and market research
In order to conduct our business economically, to identify market trends as well as to establish customer and user preferences, we examine the data which is available to us based on business transactions, contracts, enquiries, etc. We process inventory data, communications data, contract data, payment data, usage data and metadata according to Article 6 para. 1 lit. f. GDPR. These include customers, interested parties, business partners, visitors and users of our online offer.
In this respect, the investigations serve the purpose of making business assessments, marketing and market research. In this way, it is possible for us to take into account the profiles of registered users with details, for example, about their purchasing transactions. These investigations serve to increase user-friendliness, the optimisation of our offer as well as the economic efficiency of our business. In addition, they serve us alone and are not disclosed externally, in case this does not involve an anonymous analysis with summarised values.
In the event that these investigations involve personal analyses or profiles, these will either be deleted or anonymised by us upon termination of the users, otherwise after two years from the conclusion of the contract. Furthermore, we will create the overall business analysis and determine the general tendency anonymously, if possible.
Privacy policy in job applications
Applicant data will be processed by us exclusively for the intended purpose and as part of our application procedure under the legal requirements. According to Article 6 para. 1 lit. b GDPR and Article 6 para. 1 lit. f GDPR, data about job applicants is processed to fulfil our (pre)contractual duties as part of the application process, provided that data processing will be necessary for us in the context of legal proceedings, for example. In Germany, Article 26 BDSG applies as a matter of principle.
A prerequisite for the application process is that applicants provide us with their application data. The application data needed is marked in the case that we offer an on-line form for the application. Otherwise, the required data is specified in the job advertisements. This generally includes personal information, postal and contact addresses as well as the application documents of the applicant, such as the covering letter, CV and certificates. It is also possible that applicants will voluntarily provide us with additional information.
If the application is sent to us, the respective applicants shall declare themselves in agreement with the processing of their data for purposes of our application process, corresponding to the manner and the scope described in this Privacy Policy.
If special categories of personal data pursuant to Article 9 para. 1 GDPR are voluntarily communicated in the context of the application process, processing is also carried out in accordance with Article 9 para. 2 lit. GDPR, such as health data, for example, disablement or ethnic origin. If particular categories of personal data are required as part of the application process for applicants in accordance with Article 9 para. 1 GDPR, their processing also takes place pursuant to Article 9 para. 2 lit. a GDPR, for example, in the case of health data, if this is required to perform the job in question.
If available, it is possible for applicants to submit their applications online using the online form on our website. The data will be transmitted to us encrypted according to technical standards. It is also possible for applicants to send us their applications by email. It should be noted, however, that emails are generally not sent in encrypted form and applicants must therefore provide encryption themselves. Therefore, it is not possible for us to take responsibility for the transmission of the respective application between the sender and the recipient, or our server. That is why we recommend that you choose the online form or the postal route to send your application, which is still available to our applicants.
It is possible for us to process all the data provided to us by applicants in the event of a successful application for employment purposes. If an application for a position is not successful, the applicant data will be deleted by us. If an applicant withdraws his/her application, which is possible at any time, the data shall also be deleted.
The deletion of data, assuming a justified withdrawal by the applicant, shall take place after an expiry period of six months. This serves to enable us to answer potential follow-up questions regarding the respective application, as well as to fulfil our obligation to provide evidence under the Equal Opportunities Act. All invoices for possible reimbursements of travel expenses are archived in accordance with fiscal provisions.
Making contact
You can contact us, for example, using the contact form, by email, telephone or social media, in accordance with Article 6 para. 1 lit. b GDPR; we use the information about the user to process contact enquiries and their handling. In doing so, it is possible to save the information about users in a Customer Relationship Management System (“CRM System”). Once the information is no longer necessary, we will delete it and re-check the necessity every two years. The legal archiving requirements shall apply.
Google Analytics
On the basis of our legitimate interests, i.e. the interest in the analysis, optimisation and economic operation of our online range within the meaning of Article 6 para. 1 lit. f. GDPR we use Google Analytics, a web analytical service of Google LLC (“Google”). Google also uses cookies. Information about the use of the online range by the user, which was generated by the cookie, is usually transmitted to a Google server in the USA, where it is also stored. Google is also certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information for the following purposes: evaluating the use of our online range by users, compiling reports on activities within this online offering, providing other services related to the use of this online offering and internet usage. It is possible that pseudonymous usage profiles of users are created from the processed data, however, we only use Google Analytics with activated IP anonymisation. This means that the IP address of the Google user will be truncated within the Member States of the European Union or in other contracting states to the Agreement in the European Economic Area. Only in exceptional cases is it possible that the full IP address is transmitted to a Google server in the USA and will only be truncated there. The transmitted IP address of the user of the browser will not be combined with other data provided by Google. It is possible that users can prevent cookies from being stored by a specific setting of their browser software. In addition, users may prevent the collection of data generated by the cookie relating to the use of the online offer to Google as well as the processing of this data by Google. For this purpose, they only need to download the browser plugin available under the following link and then install it on the PC: http://tools.google.com/dlpage/gaoptout?hl=de. The following Google websites will tell you more about Google’s data usage, settings and possibilities to make an appeal https://www.google.com/intl/en/policies/privacy/partners (“Google’s use of data when you use websites or apps of our partners”), http://www.google.com/policies/technologies/ads (“Use of data for promotional purposes”) and http://www.google.com/settings/ads (“Management of information which Google uses to blend in advertising for you”).
Click here to be excluded from Google Analytics measurement.
Google Tag Manager
Google Tag Manager is a solution that allows us to manage so-called website tags through a single interface (including the integration of Google Analytics, for example, and other Google marketing services into our online offering). The tag manager itself (which implements the tags) does not process any personal data of users. With regard to the processing of personal data of users, reference is made to the following information about Google services. Usage Policy: https://www.google.com/intl/en/tagmanager/use-policy.html.
Online presence in social media
Due to the activities of our customers on various social media platforms, the interests and communications concerning this, as well as service information, we maintain an online presence within social networks and platforms. If the respective networks and platforms are called up, the terms and conditions as well as the data processing guidelines of the respective operator shall apply.
We only process user data if users communicate with us through social networks and platforms, for example, through posts, comments as well as messages that users place on one of our online presences, unless otherwise stated in our privacy policy.
Integration of services and content of third parties
On the basis of our legitimate interests, i.e. to investigate, improve and operate economically our online offering in accordance with Article 6 para. 1 lit. f. GDPR, we use third-party content or service offerings within our online range to provide content and services, such as the inclusion of videos or fonts, which are collectively referred to hereafter as “content”. It is always assumed that third-party providers of content are aware of the IP address of the users, because it is not possible to send this content to their browser without an IP address. Thus, the IP address is necessary for presenting content. We always strive to use only content whose providers use the IP addresses solely for content provision. It is possible that third parties may use so-called pixel tags, i.e. invisible graphics, also referred to as web beacons, for statistical or marketing purposes. Through these pixel tags, it is possible to evaluate information, such as for example, visitor traffic to individual pages of this website. It is possible to save this pseudonymous information in cookies on the end device of the user. In addition, this may include, but is not limited to technical information about the browser and the operating system, referring websites, visiting times, and other information regarding the use of our online offer, as well as such information which is linked from other sources.
Google Fonts
In addition, we also integrate the various fonts from the Google Fonts of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Privacy policy: https://www.google.com/policies/privacy/,
Opt-Out: https://adssettings.google.com/authenticated.
Use of SalesViewer® technology
On this website, SalesViewer® technology of SalesViewer® GmbH is used to collect and store data for marketing, market research and optimisation purposes on the basis of the legitimate interests of the website operator (Article 6 (1) (f) GDPR).
For this purpose, a javascript-based code is used to collect business-related data and the respective usage. The data collected with this technology is encrypted in a non-retroactive one-way function (so-called hashing). The data is immediately pseudonymised and not used to personally identify the visitor to this website.
Data collection and storage may be objected to at any time with effect for the future by clicking on this link here to prevent collection by SalesViewer® within this website in the future. An opt-out cookie for this website is stored on your device. If you delete your cookies in this browser, you must click on this link again.
Parts of the privacy policy were kindly provided by legal counsel RA Dr. Thomas Schwenke.