PRIVACY POLICY
Information about data protection
The protection of your personal data during collection, processing and use in relation to your visit to our homepage is an important matter for us. We wish to take this opportunity to inform you about the processing of personal data within the framework of cooperation on the basis of our Terms & Conditions.
The controller of the processing is
Gelenkwellenfabrik Wilhelm Sass KG
Brookstraße 14
22145 Stapelfeld bei Hamburg, Germany
represented by its Managing Director Sönke Reimers,
who can be contacted on +49 (0) 40 / 22 633 01 - 0 or info@w-sass.de
Contact details of our data protection officer:
Mauß Datenschutz GmbH provides professional data protection for us
Tel.: +49 40 999 99 52 - 0
Email: datenschutz@datenschutzbeauftragter-hamburg.de
The protection of your personal data during processing is an important matter for us. We wish to take this opportunity to inform you about the form in which personal data is processed by us.
1. Personal data
According to Art. 4(1) GDPR, personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Accordingly, personal data is any information about you. This includes, for example, details such as name, address, telephone number and email address, but also data such as your location.
2. Processing of personal data
As a matter of principle, we process the personal data of our customers (meaning both administrative contacts and drivers) only to the extent necessary for the performance of the contractually agreed services.
This does not apply exceptionally if the storage and processing of the data is permitted by legal regulations or is necessary for technical or operational reasons (e.g. fulfilment of contractual obligations). Further cases are specified below in the description of the respective processing operations.
3. Disclosure of personal data to third parties and recipients
We do not pass on your data to third parties unless we are legally obliged to do so. Alternatively, your personal data can only be passed on to other recipients or third parties on the basis of your prior consent.
Personal data is only collected and transmitted to state institutions and authorities entitled to receive information within the framework of relevant legislation or if we are obliged to do so by a court decision.
We do not pass on your data to private third parties, unless they are external service providers who provide services in our name and on our behalf (e.g. couriers, the computer centre we use or when sending emails). Our employees and service providers have been instructed by us on confidentiality and on the protection of personal and company-related data.
Transfer of personal data by us to third parties takes place in the cases specified separately below.
4. Purpose
We process the personal data provided to us exclusively for the purposes listed below on the basis of the legal grounds stated in each case.
1. a) Provision of the website
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The data is not stored.
Our website is not hosted by ourselves, but by the service provider ALL-INKL.COM - Neue Medien Münnich, Hauptstraße 68 | D-02742 Friedersdorf, Germany, which processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.
The processing is carried out to protect our overriding legitimate interest in displaying our website and guaranteeing its security and stability on the basis of Art. 6(1) point (f) GDPR. The collection of data is essential for the operation of the website. There is no right to object to the processing on the grounds of the exception under Art. 21(1) GDPR. Insofar as further storage of the log files is required by law, the processing is carried out on the basis of Art. 6(1) point (c) GDPR. There is no legal or contractual obligation to provide the data; however, it is not technically possible to access our website without providing the data.
The data is processed for the duration of display of the website.
1. b) Links to external pages
Our website contains links to the website www.w-sass.de, which is also operated by us, and links to other websites that are not operated by us. We do not monitor these websites and are not responsible for their content or their handling of personal data.
1. c) Cookies
Cookies are small text files that are sent by us to the browser of your end device when you visit our website and are stored there. Some functions of our website cannot be offered without the use of cookies (technically necessary cookies). Cookies do not cause any damage to your end device. They cannot run programs or contain viruses. Session cookies are used for technical session identification of the user and are deleted at the end of the session.
1. d) Initiation, processing and delivery of orders
We process personal data in order to provide our contractually agreed services and the logistics around them. This includes in particular the manufacture, delivery and invoicing of the parts ordered by you or your employer. The data is processed internally by the Sales, Technical Office, Accounting, Manufacturing and Logistics departments.
The legal basis of the processing is Art. 6(1) point (f) GDPR. Our legitimate interest is to fulfil our contractual obligations to your employer. If you are a sole trader or consumer, the legal basis is our contract to which you are a party. In this case, the processing is based on Art. 6(1) point (b) GDPR.
We store the data until the parts are delivered to you. After delivery, we store the data until expiry of the guarantee or warranty period. The legal basis for this storage is our legitimate interest in being able to check warranty claims (Art. 6(1) point (f) GDPR).
1. e) Service cases
In the event that you contact us with a warranty or guarantee claim (“Service Case”), we process personal data in order to check whether your claims are justified. If you make a claim against us, we process the data in order to satisfy your claim in the best possible way. In this case, d) also applies. The data is processed internally by the Sales, Technical Office, Quality Assurance, Accounting and Logistics departments.
The legal basis for the processing is Art. 6(1) point (f) GDPR, our legitimate interest is to fulfil our contractual obligations to your employer. If you are a sole trader or consumer, the legal basis is our contract to which you are a party. In this case, the processing is based on Art. 6(1) point (b) GDPR.
We store the data until the Service Case is closed. After delivery, we continue to store the data until expiry of the guarantee or warranty period. The legal basis for this storage is our legitimate interest in also being able to check future guarantee or warranty claims (Art. 6(1) point (f) GDPR).
1. f) Accounting
Accounting involves creating an invoice and sending it to you.
The legal basis of the processing is our legitimate interest in being remunerated for our services in accordance with the contract, or the performance of the contract concluded between us if our contractual partner is a natural person. In the first case, the processing is carried out on the basis of Art. 6(1) point (f) GDPR, in the second case on the basis of Art. 6(1) point (b) GDPR. The data is processed internally by the Sales and Accounting departments.
We keep the processed data until our claims have been paid in full. In addition, we store invoices until the end of the tenth year from the year following the issue of the invoice (Section 14b of the German VAT Act (UStG)).
1. g) Newsletter
1. h) Direct marketing by email
We send existing customers direct mail at irregular intervals (usually on an ad hoc basis, e.g. when we launch a new or improved product). The data is processed internally by the Sales department. If you do not wish to receive such mailings from us in the future, you can object to receiving them at any time informally and free of charge with effect for the future. The legal basis for the processing is Art. 6(1) point (f) GDPR, our legitimate interest lies in advertising our services and products in conjunction with Section 7(3) of the German Unfair Competition Act (UWG).
If you object to receipt, we store your objection permanently until the termination of our business relationship.
1. i) Customer surveys
1. j) Use of a live chat system
tawk.to
We use tawk.to, inc, 187 E Warm Springs Rd, SB298, Las Vegas, Nevada 89119, USA (hereinafter: “tawk.to”) to handle user requests through our support channels or live chat systems.
Messages that you send to us can be stored in the tawk.to ticket system or answered in the live chat by our staff. Furthermore, with the help of tawk.to we can determine the region from which the enquirer comes, how long they have been communicating with us and how satisfied they are with the communication process, among other things.
The messages sent to us are retained by us until you request us to delete them or the purpose for storing the data no longer applies (e.g. after your query has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.
The use of tawk.to is based on Art. 6(1) point (f) GDPR. We have a legitimate interest in processing your requests as quickly, reliably and efficiently as possible. Insofar as corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1) point (a) GDPR; consent may be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.tawk.to/privacy-policy/ and https://www.tawk.to/data-protection/gdpr/.
For more information, please see the privacy policy of tawk.to: https://www.tawk.to/privacy-policy/ and https://www.tawk.to/data-protection/.
Agreement on commissioned data processing
We have concluded a commissioned data processing agreement with tawk.to. This is an agreement required by data protection law which ensures that tawk.to only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
1. k) Applications
If you apply via the website for one of our advertised vacancies, your application and personal data will be processed for this purpose. Access to the applications received for a vacancy is granted to the internal departments involved in carrying out the relevant business processes (including the HR department), and others who need to have knowledge for the purpose of processing the application. A speculative application submitted via the website is accessible to any member of the managers’ staff who is involved in processing such applications, so that a full check can be made as to whether any of the managers wish to consider this application for a vacancy.
The legal basis for the processing is Art. 6(1) point (a) GDPR. If the application serves the purpose of conclusion of a contract with us, the additional legal basis for the processing is Art. 6(1) point (b) GDPR.
The company uses the data for further completion of the application procedure. The legal basis for the processing is Section 26 of the German Federal Data Protection Act (BDSG) and Art. 6(1) point (f) GDPR. Our legitimate interest in processing your data on the basis of Art. 6(1) point (f) GDPR is that you wish your data to be processed in the context of your application.
You are entitled to withdraw a submitted application at any time. In this case, your personal data will be erased within the statutory period, unless further storage is in our legitimate interest in proving compliance with statutory obligations in the context of filling a vacancy, e.g. in accordance with the General Equal Opportunities Act (AGG). In this case, the data is erased when the reason for retention ceases to exist. The legal basis for the processing is Section 26 BDSG and Art. 6(1) point (f) GDPR.
The data is only stored for as long as it is required for the stated purpose. The data is erased or blocked after expiry of the legal or contractual obligations to provide proof and to retain data. Applicant data is usually erased after 6 months. If the data controller concludes an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in compliance with the statutory provisions.
1. l) Google Fonts
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online service. In order to obtain these fonts, you connect to servers of Google Ireland Limited, in the course of which process your IP address is transmitted.
The use of Google Fonts is based on our legitimate interests, i.e. interest in uniform provision and optimisation of our online service pursuant to Art. 6(1) point (f). GDPR.
The concrete storage period for the processed data is not in our control, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.
1. n) jQuery CDN
We use jQuery CDN for proper delivery of content on our website. jQuery CDN is a service provided by jQuery, which acts as a content delivery network (CDN) on our website.
A CDN helps to make the content of our website, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you are connecting to jQuery servers, where your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the above purposes and to maintain the security and functionality of jQuery CDN.
The use of the content delivery network is based on our legitimate interests, i.e. interest in secure and efficient provision and optimisation of our website pursuant to Art. 6(1) point (f) GDPR.
The concrete storage period for the processed data is not in our control, but is determined by jQuery. For further information, please see the privacy policy for jQuery CDN: https://www.stackpath.com/legal/privacy-statement/.
5. Transmission to non-EU countries
The processing of your data takes place exclusively in a member state of the European Union or in another contracting state to the Agreement on the European Economic Area.
6. Your rights
If you wish to exercise any of your rights, please contact us as the data controller using the contact details above. You will make it easier for us to process your enquiry if you provide proof of your identity when you contact us, so that we can assign your enquiry to a specific data subject. If you have any questions about this, please contact us.
1. a) Right of access to personal data
According to Art. 15 of the GDPR, you have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have a right of access to this personal data and to the further information specified in Art. 15 GDPR.
1. b) Right of rectification
According to Art. 16 GDPR, you have the right to demand that we correct any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
1. c) Right to erasure
You have the right to demand that we erase personal data relating to you without delay. We are obliged to erase the personal data without delay if the relevant requirements of Art. 17 GDPR are met. Please see Art. 17 GDPR for further details.
1. d) Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right under certain conditions to request that we restrict processing.
1. e) Right of objection
1. f) Existence of the right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with the competent data protection supervisory authority in accordance with Art. 77 GDPR. This right exists in particular in the Member State of your residence, workplace or the place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.
To exercise your right of complaint, please contact the supervisory authority directly.
7. Obligation to provide the data
The required data must be provided by you on the basis of our contract. If you fail to comply with this obligation, we will not be able to provide the agreed services.
There is no legal obligation to provide the data.
8. Automated decision making and profiling
We do not use any automated decision-making mechanisms in the performance of our contract. Profiling does not take place.
9. Right to make changes
We reserve the right to change these privacy terms at any time without notice. Please check regularly for relevant changes.
Use of SalesViewer® technology:
We use the SalesViewer® service (SalesViewer® GmbH, Huestr. 30, 44787 Bochum, Germany). With the help of this service, we collect data for marketing, market research and optimisation purposes. The data processing takes place on the basis of our legitimate interest (Art. 6(1) point (f) GDPR).
For this purpose, a javascript-based code is used for collection of company-related data and its corresponding use. No personal data is collected and no cookies are set in the course of this data processing. The data collected with this technology is encrypted via a non-reversible one-way function (so-called hashing).
The data is immediately pseudonymised and is not used to identify any visitor to this website in person.
The data stored within the framework of SalesViewer® is erased as soon as it is no longer required for its intended purpose, provided that the erasure does not conflict with any statutory retention obligations.
You can object to the collection and storage of data at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out to prevent data collection by SalesViewer® on this website in future. This places an opt-out cookie for this website on your device. If you delete your cookies in this browser, you must click the link again.
For more information on SalesViewer®, please visit the following link: https://www.salesviewer.com/de/
Cookie consent with Usercentrics
This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your end device and to the use of certain technologies, and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter “Usercentrics”).
When you enter our website, the following personal data is transferred to Usercentrics:
• Your consent or the revocation of your consent
• Your IP address
• Information about your browser
• Information about your end device
• Time of your visit to the website
Furthermore, Usercentrics stores a cookie in your browser in order to be able to allocate the consent given – or its revocation – to you. The data collected in this way is stored until you request us to erase it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.
Usercentrics is used to obtain consent for the use of certain technologies as required by law. The legal basis for this is Art. 6(1) point (c) GDPR.
Agreement on commissioned data processing
We have concluded a commissioned data processing agreement with Usercentrics. This is an agreement required by data protection law which ensures that Usercentrics only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.