Privacy policy

Information on the handling of personal data

Thank you for your interest in our company. The protection of your private rights and freedoms is important to us; we only use your data for the purposes intended. As it is important to us that you know at all times to what extent we collect, use and, if necessary, transfer your data to third parties, we will inform you in detail below about the processing of your personal data collected by us or stored by us.

Visiting our website is generally possible without providing (personal) data; if there are exceptions to this for selected services, we will explain these in the following chapters. When processing personal data, we strictly adhere to the requirements of the EU General Data Protection Regulation (GDPR) and any other data protection regulations.

Name and address of the controller

fetra Fechtel Transportgeräte GmbH
Geschäftsführer: Hinrich Fechtel, Jochen Fechtel, Peter Beißmann
Industriestraße 17-21
33829 Borgholzhausen
Germany

Phone: +49 (0) 5425/9494-0
E-mail: info@fetra.de
Website: https://fetra.de

Name and address of the data protection officer

Martina Brinkmann
Cortina Consult
Hafenweg 24
48155 Münster
Germany

E-mail: datenschutz@fetra.de
Website: https://www.cortina-consult.de

Actuality of the privacy policy

To ensure that we always have up-to-date data protection information in connection with the services of our website, we use the CLOUD DSE service of Cortina Consult GmbH, Hafenweg 24 in 48155 Münster. In this process, the contents of our privacy policy are hosted on the servers at Cortina Consult and managed centrally. Necessary changes are implemented promptly by Cortina Consult and immediately displayed via direct integration on our website.

Rights of data subjects

The EU General Data Protection Regulation (GDPR) provides for extensive rights for data subjects in Chapter III, which we explain to you accordingly below with regard to the processing of your personal data:

Right to information

This requirement concerns in particular information on the following details of data processing:

  • Processing purposes
  • Data categories
  • Recipients or categories of recipients, if applicable
  • If applicable, the planned storage duration or the criteria for determining this duration.
  • Note on the respective right of correction, deletion, restriction or objection
  • Existence of the right to complain to a supervisory authority
  • If applicable, origin of the data (if not collected from you)
  • If applicable, existence of automated decision-making including profiling, including meaningful information about the logic involved, the scope and the effects to be expected
  • If applicable, (planned) transfer to a third country or international organization
Right to rectification

We will correct any erroneous data immediately, provided that you inform us of the circumstance accordingly.

Right to erasure (right to be forgotten)

Provided that the processing is no longer necessary and one of the following conditions is met:

  • Discontinuation of the purpose of processing
  • Withdrawal of their consent and absence of any other legal basis for processing
  • Objection to processing without an important reason to the contrary
  • Unlawful processing
  • Required to fulfill a legal obligation
  • Data collection was carried out in accordance with Art. 8 (1) GDPR
Right to restriction of processing

Provided that one of the following conditions is met:

  • You dispute the accuracy of your data (restriction can be made for the duration of the review on our side)
  • In the event of unlawful processing and if the data is not to be deleted, restriction of processing shall take the place of deletion
  • If the processing purposes cease to apply, at the same time you need your data for the assertion, exercise or defense of legal claims
  • After you have lodged an objection pursuant to Art. 21 (1) GDPR and for the duration of the examination as to whether our legitimate reasons outweigh yours.
Right to data portability

If it is technically possible and does not affect the rights and freedoms of other persons, we will - at your request - transfer your data to another recipient (responsible party).

Right to object

If we collect or have collected and process personal data from you (on the basis of Art. 6 (1) e or f or Art. 9 (2) a GDPR), you have the right to object to the data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be ineffective, e.g. if we can demonstrate compelling interests worthy of protection for the processing that outweigh your interests or processing serves the assertion, exercise or defense of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object to such processing at any time. This also applies to profiling, insofar as it is related to such direct advertising. You also have the right to object to processing of your data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

Automated decisions in individual cases including profiling

If we collect or have collected and process personal data from you, you have the right not to be subject to any decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. Exceptions to this requirement apply if the decision is necessary for the conclusion or performance of a contract between you and us or you have expressly consented to the processing. In any case, we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on our part, to express our own point of view and to contest the decision.

Right to complain to a supervisory authority

A list of the supervisory authorities responsible in Germany can be found on the website of the Federal Commissioner for Data Protection or at the following link: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.

General information on data processing

The following information applies to data processing in general. If there are exceptions or additions to this information, these are described in detail in the respective sections.

Our legitimate interest

Our legitimate interest, as defined in Article 6 (1) f GDPR, is based on the performance of our business activities in order to maintain our ability to operate and secure the employment of our employees.

General deadlines for data deletion

After the purpose of storage has ceased, the retention periods are generally at least six or ten years. As a rule, data is deleted immediately in accordance with our deletion concept, provided that this does not conflict with any retention obligation, necessity for contract fulfillment or a legitimate interest.

Deletion or blocking of personal data

We store your personal data only for the period required to fulfill the specified purpose. After the purpose no longer applies and after expiration of any existing retention periods, your data will be deleted immediately. If deletion is not possible, the data will be blocked instead.

Obligation to provide personal data

Under certain circumstances (e.g. due to legal or contractual regulations), an obligation arises for you to provide us with your personal data. Examples of such processing as follows:

Nature or purpose of the processing

Need

Conclusion of a sales contract (e.g. your address)Fulfillment of the contractual obligation (e.g. delivery of the goods to your address)
In the employee context (e.g. transmission of data to the tax office)Compliance with legal requirements (e.g. tax regulations)

Information about specific data processing on the website

If applicable, in deviation from or in addition to the above-mentioned general information, you will find details of the individual data processing on our website below.

Collection of general data and information

As soon as you visit our website, our web server collects some general data and technical information - as shown in the table below:

Data collected

Purpose of the survey

browser types and versions usedcorrect display of the page content
Operating system used, visitor origin (referrer, e.g. Google), subpages clicked onOptimization of our website content as well as our advertising
Date and time of access to the website as well as IP address and internet service provider of the visitorEnsuring the permanent functionality of our IT systems (for the operation of the website) and prevention of misuse

Other data and information for security in the event of attacks

Providing relevant information to law enforcement agencies in the event of a cyberattack

Data security information

We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. In addition, we have implemented SSL encryption (SHA256) on our website to protect your data. However, despite regular checks, complete protection against all dangers is not possible.

Applications and application procedure
Purpose of processingApplicant data is collected, processed and used for the purpose of selecting potential employees.
Legal basis (according to Art. 6 / 9 GDPR)
  • Implementation of pre-contractual measures (Art. 6 para. 1 b)
  • Recipient (if applicable)The data will not be passed on to third parties and/or to a third country.
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Forwarding does not take place and is not planned.
    If known: Duration of data storageThe personal data of applicants whom we do not hire will be stored for the period required for possible legal claims (e.g. under the General Equal Treatment Act (AGG)) (maximum 6 months) and then immediately destroyed or deleted.
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityFor a smooth application process, it is necessary that you provide us with the requested information truthfully.
    Consequences of non-compliance (in case of failure to provide the required data)Failure to do so (i.e. failure to provide the required data) may mean that an employment contract cannot be concluded with you.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject themselves; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Master data, contact data, application data
    Change of purpose if necessaryIf we take you on as an employee after the application process has been completed, the purpose for processing the relevant data will change: in this case, the data will be used in future to implement and maintain the employment relationship.
    Newsletter
    Purpose of processingProvision of information in the form of electronic circulars
    Legal basisConsent (Art. 6 para. 1 lit. a GDPR)
    Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data. Newsletters are sent exclusively after registration via a double opt-in procedure (voluntarily given and revocable informed consent pursuant to Article 6 (1) a DSGVO) or after a purchase contract has been successfully concluded and the e-mail address has been collected in this process (pursuant to Section 7 (3) UWG).
    Consequences of non-compliance (in case of failure to provide the required data)Non-compliance (i.e. not providing the required data) would result in the newsletter not being delivered to you.
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Change of purpose, if applicablenone
    Contact form
    Purpose of processingProcessing and, if necessary, answering the request of the form sender
    Legal basis (according to Art. 6 / 9 GDPR)
  • Implementation of pre-contractual measures (Art. 6 para. 1 b)
  • Recipient (if applicable)The data will not be passed on to third parties and/or to a third country.
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation.
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data originates from the person concerned.
    Where applicable, categories of personal data (if not collected directly from the data subject).Data and categories requested in the respective form.
    Change of purpose if necessarynone
    User login
    Purpose of processing
    Data typePurpose of the survey
    Username, PasswordAccess for the user
    Legal basis (according to Art. 6 / 9 GDPR)
  • Safeguarding legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Implementation of pre-contractual measures (Art. 6 para. 1 b)
  • Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the data, the user account cannot be created.
    Consequences of non-compliance (in case of failure to provide the required data)Without the data, the user account cannot be created.
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Change of purpose if necessarynone
    Customer account and product order
    Purpose of the processing of general data
    Data typePurpose of the survey
    Salutation, title, first name, last name, street, no., postal code, city, country, date of birth (voluntary)Unique identification of the customer account, processing of the product purchase, delivery, payment transactions, processing of complaints
    E-mail address, passwordAuthentication, independent password reset
    Phone number (voluntary)Contact by phone
    Legal basisFulfillment of a contract (Art. 6 para. 1 lit. b GDPR)
    Recipient (if applicable)Parcel service provider, logistics service provider, payment service provider
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe data (in the mandatory fields) must be provided as part of the underlying contract.
    Consequences of non-compliance (in case of failure to provide the required data)The creation of a customer account is not possible in this case.
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).The data comes from the data subject himself.
    Change of purpose if necessarynone
    Google Fonts
    Purpose of processingUniform representation of the fonts
    Legal basisConsent (Art. 6 para. 1 lit. a GDPR)
    Recipient (if applicable)Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)If applicable, transfer, storage and processing in the USA.

    The data transfer is based on the standard contractual clauses of the EU Commission. Google LLC is certified in accordance with the EU-US Data Privacy Framework (DPF).

    If known: Duration of data storageUnknown duration
    See General time limits for data deletion.
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).IP address, access time, access date
    Change of purpose if necessarynone
    Opt-OutUse a browser that does not support Google Fonts
    Privacy info of the addinhttps://www.google.com/policies/privacy/
    YouTube videos
    Purpose of processingThis is a video player service from Google.
    Legal basis (according to Art. 6 / 9 DSGVO)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)Alphabet Inc, Google LLC, Google Ireland Limited
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)If applicable, transfer, storage and processing in the USA, Google LLC

    The data transfer is based on the EU-U.S. Data Privacy Framework via which Google LCC is certified.

    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also originate from third parties.
    Change of purpose if necessarynone
    Data security information

    We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. In addition, we have implemented SSL encryption (SHA256) on our website to protect your data. However, despite regular checks, complete protection against all dangers is not possible.

    Individual information by type of processing

    The purposes, legal basis and other information may vary depending on the processing; you will find the exact classification of the information in the following section.

    Video surveillance
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) Image and video data- Exercise of domiciliary rights and preventive protection against unauthorized access to the company premises or office building, recording of video material for the purpose of detecting and investigating criminal offences
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)Re 1) Internal (Details: Internal department: IT) Re 1) Public body (Details: Public body: public authority, organ of the administration of justice, federal institution under public law, federally directable corporations, institutions, foundations and their associations according to § 2 para. 1-3 BDSG: in case of criminal offense: competent authority)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageThe video recordings are stored and then overwritten by new recordings; in individual exceptional cases, storage may take place for a longer period of time to ensure the purpose of processing (e.g. over a long public holiday weekend).
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityYes
    Consequences of non-compliance (in case of failure to provide the required data)Without the described processing, the above-mentioned purposes cannot be achieved in an economically viable manner.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) The data was collected directly from the data subject.
    Change of purpose if necessarynone
    General administration
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous)- File management
    - General administration
    - Order management
    - Office communication
    - Incoming mail
    - Paper and document shredding
    - Mailroom
    - Key management
    - Appointment management
    - Contract management
    Legal basis (according to Art. 6 / 9 GDPR)
  • The processing is necessary to fulfill a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR.
  • The processing is necessary for the performance of a contract or a pre-contractual measure pursuant to Art. 6 para. 1 lit. b GDPR.
  • Recipient (if applicable)Re 1) Processor (Details: Processor within the meaning of Art. 4 No. 8 GDPR in conjunction with Art. 28 GDPR) Re 1) External (Details: Service providers, other organizations, other third parties) Re 1) Internal (Details: Internal department) Re 1) Public body (Details: Public body: Public authority, body of the administration of justice, public-law institution of the federal government, federally directable corporations, institutions, foundations and their associations pursuant to § 2 para. 1-3 BDSG).
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityYes
    Consequences of non-compliance (in case of failure to provide the required data)If the data is not provided, the described processing cannot be carried out.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation)
    Change of purpose if necessarynone
    Applicant management
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) Applicant data (details: applicant data (personal details, contact details, CV, photo, certificates))- Applicant management
    - Personnel questionnaire
    Legal basis (according to Art. 6 / 9 GDPR)
  • The processing is necessary for the performance of a contract or a pre-contractual measure pursuant to Art. 6 para. 1 lit. b GDPR.
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party in accordance with Article 6(1)(f) GDPR and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.
  • Recipient (if applicable)Re 1) Internal (Details: Internal department)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityYes
    Consequences of non-compliance (in case of failure to provide the required data)If the data is not provided, the described processing cannot be carried out in the context of the application process.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation)
    Change of purpose if necessarynone
    Purchasing tasks
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous)- Order report
    - Ordering
    - Supplier management
    Legal basis (according to Art. 6 / 9 GDPR)
  • The processing is necessary to fulfill a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR.
  • The processing is necessary for the performance of a contract or a pre-contractual measure pursuant to Art. 6 para. 1 lit. b GDPR.
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party in accordance with Article 6(1)(f) GDPR and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.
  • Recipient (if applicable)Re 1) Internal (Details: Internal department)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityNo
    Consequences of non-compliance (in case of failure to provide the required data)If the data is not provided, the described processing cannot be carried out in the context of purchasing tasks.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation)
    Change of purpose if necessarynone
    Property management and facility management
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous)- Facility Management
    Legal basis (according to Art. 6 / 9 GDPR)
  • Performance of a contract (Art. 6 para. 1 b)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)Re. 1) Processor (Details: Processor within the meaning of Art. 4 No. 8 GDPR in conjunction with Art. 28 GDPR) Re. 1) Internal (Details: Internal department) Re. 1) Public body (Details: Public body: public authority, organ of the administration of justice, federal public law institution, federally directable corporations, institutions, foundations and their associations pursuant to § 2 para. 1-3 BDSG).
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityYes
    Consequences of non-compliance (in case of failure to provide the required data)If the data is not provided, the described processing cannot be carried out as part of the property management.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation)
    Change of purpose if necessarynone
    Internal reporting system for whistleblowers
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) Notification data (details: personal data voluntarily included in the notification, such as name or other identifying information). 2) Technical data (Details: To operate the reporting system, technical data of the end device used by the reporting person (IP address, browser version, operating system) is processed by the processor to the extent necessary).- Provision of an internal reporting office through which grievances or unlawful behavior in the company can be reported and processed confidentially.
    Legal basis (according to Art. 6 / 9 GDPR)
  • The processing of personal data takes place on the legal basis of Art. 6 para. 1 lit. c) GDPR and Art. 9 para. 2 lit. g) GDPR in conjunction with § 10 HinSchG, insofar as this is necessary to fulfill the task of the registration office.
  • Recipient (if applicable)Re 1) Internal reporting office (Details: Persons who are responsible for receiving and processing the reports and the persons who support them in fulfilling these tasks have access to the incoming reports. Access authorizations are assigned according to the "need-to-know" principle). Re 1) Other recipients (Details: If necessary, the processor or the data protection officer can be granted access as well as other internal departments that may become active as part of follow-up measures). Re 2) Internal reporting office (Details: Persons who are responsible for receiving and processing the reports as well as the persons supporting them in the fulfillment of these tasks have access to the incoming reports. Access authorizations are assigned according to the "need-to-know" principle).
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityNo
    Consequences of non-compliance (in case of failure to provide the required data)There is no obligation to provide personal data.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) Direct collection (Details: The data of the whistleblower is collected directly from the person concerned. Other personal data of third parties may be processed if they are part of the report). Re 2) Direct collection (Details: The data is collected directly from the data subject).
    Change of purpose if necessarynone
    Customer support
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous)- Call processing
    - Service
    - Customer support
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Performance of a contract (Art. 6 para. 1 b)
  • Recipient (if applicable)Re 1) Internal (Details: Internal department)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityNo
    Consequences of non-compliance (in case of failure to provide the required data)If the data is not provided, the processing described in the context of customer support cannot be carried out.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation)
    Change of purpose if necessarynone
    Logistics tasks
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous)- Warehouse management
    - Delivery and shipping
    - Logistics
    - In-house customs clearance
    Legal basis (according to Art. 6 / 9 GDPR)
  • Performance of a contract (Art. 6 para. 1 b)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)Re 1) Internal (Details: Internal department)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityNo
    Consequences of non-compliance (in case of failure to provide the required data)If the data is not provided, the described processing cannot be carried out as part of logistics tasks.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation)
    Change of purpose if necessarynone
    Marketing Management
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous)- Acquisition
    - Pictures and videos at events
    - Competitions
    - Contact form
    - Customers
    - Photo and film
    - Customer survey (anonymous)
    - Marketing measures
    - Trade fair photos
    - Trade fair stand support
    - Newsletter
    - Online marketing
    - Press
    - Print mailings
    - Social media marketing
    - Events and functions
    - Website evaluation
    Recipient (if applicable)Re 1) Internal (Details: Internal department)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityNo
    Consequences of non-compliance (in case of failure to provide the required data)There is no obligation to provide personal data.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation)
    Change of purpose if necessarynone
    Production and manufacturing
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous)- CAD design
    - Planning and production control
    - Production data acquisition
    - Quality assurance
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Performance of a contract (Art. 6 para. 1 b)
  • Recipient (if applicable)Re 1) Internal (Details: Internal department)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityNo
    Consequences of non-compliance (in case of failure to provide the required data)If the data is not provided, the described processing in the area of production and manufacturing cannot be carried out.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation)
    Change of purpose if necessarynone
    Accounting
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous)- (Online) banking
    - Quotation, order and invoice preparation
    - Credit insurance
    - Invoicing, dunning and financial accounting
    - Direct delivery
    - Credit reports, credit checks, debt collection
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Performance of a contract (Art. 6 para. 1 b)
  • Recipient (if applicable)Re 1) External (details: service providers, other organizations, other third parties) Re 1) Internal (details: internal department)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityYes
    Consequences of non-compliance (in case of failure to provide the required data)If the data is not provided, the described processing cannot be carried out in the context of accounting.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation)
    Change of purpose if necessarynone
    Technical data security measures
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous)- General network protection
    - Backup
    - User administration
    - Data carrier disposal
    - Internet usage control
    - Emergency concept
    - Logging in IT systems
    - Handling passwords
    - Access control (authorization concept)
    - Access control
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)Re 1) Processor (details: IT service provider) Re 1) Public body (details: law enforcement authorities, if applicable)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityYes
    Consequences of non-compliance (in case of failure to provide the required data)If the data is not provided, the described processing in the area of IT security cannot be carried out.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) Direct collection (Details: The data was collected directly from the data subject).
    Change of purpose if necessarynone
    Company management
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous)- Analysis and reporting
    - Third-party inquiries
    - Legal and court documents
    - Information procedures for affected parties
    - Tenders
    - Controlling
    - Data to tax advisors, auditors, customs authorities
    - Data to management consultants
    - Project management
    - QM manual
    - Complaints management
    - Auditing, compliance
    - Technical equipment
    - Improvement process
    Legal basis (according to Art. 6 / 9 GDPR)
  • Performance of a contract (Art. 6 para. 1 b)
  • Recipient (if applicable)Re 1) Processor (Details: Processor within the meaning of Art. 4 No. 8 GDPR in conjunction with Art. 28 GDPR) Re 1) External (Details: Service providers, other organizations, other third parties) Re 1) Internal (Details: Internal department) Re 1) Public body (Details: Public body: Public authority, body of the administration of justice, public-law institution of the federal government, federally directable corporations, institutions, foundations and their associations pursuant to § 2 para. 1-3 BDSG).
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityYes
    Consequences of non-compliance (in case of failure to provide the required data)If the data is not provided, the described processing in the company management area cannot be carried out.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation)
    Change of purpose if necessarynone
    Sales tasks
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous)- Order processing
    - Order entry
    - Distribution
    - Prospect management
    - POS system
    - Contact management
    - Customer care and CRM
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Performance of a contract (Art. 6 para. 1 b)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)Re 1) Processor (Details: Processor within the meaning of Art. 4 No. 8 GDPR in conjunction with Art. 28 GDPR) Re 1) External (Details: Service providers, other organizations, other third parties) Re 1) Internal (Details: Internal department)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityNo
    Consequences of non-compliance (in case of failure to provide the required data)There is no obligation to provide personal data.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) Direct collection (Details: The data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation) Re 1) Publicly accessible (Details: Data collected from publicly accessible sources (e.g. telephone directory)).
    Change of purpose if necessarynone
    Central IT systems and services
    Purpose of the processing of general data
    Data typePurpose of the survey
    1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous)- CRM system (Customer Relationship Management)
    - Data exchange portal
    - DMS document management system
    - Print and copy jobs
    - Email archiving
    - Electronic processing by email
    - ERP software
    - Hosting
    - Internet and telephone use
    - Intranet use
    - IT support (remote)
    - Communication systems (e.g. telephone system) - Mobile, mobile phone, smartphone use - Online meetings - Data centers - Company website - Webshop - WLAN (guests)e.g. telephone system)
    - Mobile, cell phone, smartphone use
    - Online meetings
    - Data centers
    - Company website
    - Webshop
    - WLAN (guests)
    Legal basis (according to Art. 6 / 9 GDPR)
  • Performance of a contract (Art. 6 para. 1 b)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)Re 1) Processor (Details: Processor within the meaning of Art. 4 No. 8 GDPR in conjunction with Art. 28 GDPR) Re 1) External (Details: Service providers, other organizations, other third parties) Re 1) Internal (Details: Internal department)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityNo
    Consequences of non-compliance (in case of failure to provide the required data)If the data is not provided, the described processing cannot be carried out.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation)
    Change of purpose if necessarynone