Protecting your personal data during the processing of personal data when you visit our website is important to us. Your data is protected in accordance with statutory provisions. In the following, we would like to inform you about the nature and scope of the processing of personal data through this website in accordance with Article 13 of the General Data Protection Regulation (GDPR).
II Information on the data protection officer
Our external data protection officers are happy to answer any questions about data protection:
Mr Arndt Halbach, GINDAT GmbH
Wetterauer Str. 6, 42897 Remscheid, Germany
Tel.: +49 2191 909 430
Mr. Sébastien Melis, Paul Wurth S.A.
32, rue d'Alsace, 1122 Luxembourg, Luxembourg
Tel.: +352 4970 1
III Data processing through the website
Your visit to our website is recorded. We generally collect the following data that your browser sends to us:
- IP address currently used by your computer or your router
- Date and time
- Browser type and version
- Operating system of your computer
- Webpages you visit
- Name and size of requested file(s)
- URL of referral website, if applicable
This data is only collected for the purposes of data security, improving our website offer and analysing errors based on Art. 6 (1) f) GDPR. The IP address of your PC is only analysed in anonymised form (shortened by the last three digits). In all other respects, you are able to visit our website without providing information on your identity.
We would like to point out that data transmission on the Internet (such as email communication) is subject to security vulnerabilities. It is not possible to completely protect data from access by third parties. Confidential data should therefore be sent to us by other means, such as by post.
Personal data (such as your name, address data or contact details) which you voluntarily disclose to us, for example in our online contact form or otherwise, will be stored by us and only processed for correspondence with you and only for the purpose for which you have provided us with this data. This data is processed on the basis of Art. 6 (1) a) and Art. 6 (1) f) GDPR.
The data processor processes the personal data of applicants for the purpose of conducting the application process. Legal basis for processing in Germany is § 26 Abs. 1 S. 1 BDSG. Processing may also take place electronically. This is particularly the case if an applicant transmits to the data processor corresponding application documents electronically, such as by email or using an online form on the website. Should the data processor conclude an employment contract with an applicant, the transmitted data shall be stored for the purpose of executing the employment relationship in accordance with statutory provisions. If the data processor does not conclude an employment contract with the applicant, the application documents shall be deleted following the staffing of the vacancy in accordance with statutory provisions provided such deletion is not opposed by any other legitimate interests of the data processor. Therefore the personal data will be stored during a period of 6 month after finishing the application process.
We can only process applications if they are sent to the email address: applicationsnoSpam@tmt.com. Should you use a different email address belonging to our company, your application will unfortunately not be recognised by our systems and will not therefore be taken into consideration. Please consider that email is not a secure means of communication. Should your application reach our server via the above-mentioned methods, we will protect your application with suitable technical and organisational measures. We have no influence on data protection while your application is transmitted to our company via the public Internet and we are not therefore able to guarantee the level of protection for your application. Should your dispatching email server support STARTTLS, our email server will also support STARTTLS and thus offer transport encryption.
Registration on this website
You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration. To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration. We will process the data provided during registration only based on your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed. We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
Secure data transmission
In order to protect the security of your data during transmission, we use encryption techniques (SSL) via HTTPS, which accord with state-of-the-art technology.
Encrypted payments on this website
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment. Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from http:// to "https://" and the lock icon in your browser line is visible. In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
Processing of data (customer and contract data)
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same. Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transferred when signing up for services and digital content
We transmit personally identifiable data to third parties only to the extent required to fulfil the terms of your contract with us, for example, to banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent. The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
IV Recipients of personal data
We may utilise service providers in connection with data processing in order to perform and execute processes.
Specifically, we have involved service providers for the purposes of sending the newsletter and hosting our website.
Contractual relationships are established with our service providers, which meet the requirements of Art. 28 GDPR; the contractual provisions contain the statutorily required points on data protection and data security.
V Data collection by Google Analytics
This website uses Google Analytics, a web analysis service by Google Ireland Ltd. („Google"), Gordon House, Barrow Street, Dublin 4, Irland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschlandnoSpam@google.com. Google Analytics uses ‘cookies’ – text files that are stored on your computer and enable analysis of your visit to the website. The information obtained by the cookie regarding your use of the website are generally transmitted to a Google server in the USA, where it is then stored. The basis for data processing is Art. 6 (1) f) GDPR.
In the event that IP anonymisation is activated on this website, your IP address will first be shortened by Google within the member states of the European Union or in other contractual states of the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We would like to point out that Google Analytics has been expanded on this website with the code ‘anonymizeIp’, in order to ensure the anonymised collection of the IP address.
Google uses this information on behalf of the operator of this website in order to analyse your use of the website, to compile reports on website activity and to provide other services relating to website use and Internet use to the website operator. The IP address transmitted by your browser in connection with Google Analytics is not combined with other data held by Google.
You may prevent the storage of cookies by configuring your browser software settings accordingly; however, we would like to point out that, in this case, you may not be able to use the full functionality of this website. Moreover, you may prevent the collection of the data obtained by the cookie relating to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
The basis for data processing is Art. 6 (1) f) GDPR.
To protect your requests submitted via online form, we use the service reCAPTCHA provided by the company Google Inc. (Google). This query serves to determine whether an entry has been made by a person or improperly by means of an automated machine program. The query involves the sending of the IP address and other data that may be required by Google for the reCAPTCHA service to Google. For this purpose, your entry is transmitted to Google, where it is further processed. Your IP address will first be shortened by Google within the member states of the European Union or in other contractual states of the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. This service is performed on behalf of the operator of this website.
The service is conducted on the basis of Art. 6 (1) Clause 1 f) GDPR.
VII Google Maps
This website uses the map service Google Maps via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschlandnoSpam@google.com (Google).
In order to use the functions of Google Maps, it is necessary to store your IP address. This information is generally transmitted to a Google server in the USA, where it is then stored. The provider of this website has no influence on this data transmission.
The use of Google Maps occurs in the interest of providing an attractive presentation of our website offers and allowing the user to find the locations indicated on our website more easily. This constitutes a legitimate interest in the meaning of Art. 6 (1) f) GDPR.
VIII Google Location Services
This site uses Google Location Services to provide visitors with location-based information. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschlandnoSpam@google.com . The IP address of the computer and information about nearby radio access nodes are transmitted. Google assigns a random identification number, which is deleted every two weeks. The website visited is not transmitted. The site receives an approximate location of the visitor's location.
The transmission is voluntary based on your consent, Art. 6 para. 1 lit. a GDPR. You can revoke your consent for the future at any time by making appropriate settings in your browser.
You can find more detailed information at https://www.google.de/intl/de/policies/privacy/.
IX Google Analytics Remarketing
Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschlandnoSpam@google.com (Google).. This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer). Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging. To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion. You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link:
X Google AdSense
This website uses Google AdSense, a service for including advertisements from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschlandnoSpam@google.com (Google). Google AdSense uses so-called "cookies", which are text files stored in your computer that enable an analysis of the way you use the website. Google AdSense also uses so-called web beacons (invisible graphics). Through these web beacons, information such as the visitor traffic on these pages can be evaluated. The information generated by cookies and web beacons relating to your use of this website (including your IP address), and delivery of advertising formats, is transmitted to a Google server in the US and stored there. This information can be passed on from Google to contracting parties of Google. However, Google will not merge your IP address with other data you have stored. AdSense cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising. You can prevent the installation of cookies by setting your browser software accordingly. Please be aware that in this case, you may not be able to make full use of all the features of this website. By using this website, you agree to the processing of data relating to you and collected by Google as described and for the purposes set out above.
Some of the cookies we use are deleted directly after you close your browser (‘session cookies’).
Other cookies remain on your terminal device and enable your browser to be recognised when you next visit the website (‘persistent cookies’).
Data processing in connection with cookies, which only serve to facilitate the functionality of our website offer, occurs on the basis of our legitimate interest pursuant to Art. 6 (1) f) GDPR.
XII Your rights
According to Articles 15–21 GDPR, you may exercise the following rights with respect to personal data we store provided the relevant requirements of the GDPR are met.
Right of access
You have the right to access information about your personal data that we process.
Right to rectification
You are able to request the correction of incomplete or incorrectly processed personal data.
Right to erasure
You have the right to the deletion of your personal data, in particular on the basis of one of the following reasons:
- Your personal data is no longer required for the purposes for which it was collected or processed.
- You withdraw your consent on which the processing of your data was based.
- You have asserted a right of objection to processing.
- Your data was unlawfully processed.
The right of erasure does not apply, however, if such deletion is opposed by the legitimate interest of the controller. For instance, this may include:
- Personal data that is required for the assertion, exercising or defence of legal claims.
- Deletion is not possible due to retention obligations.
Insofar as data cannot be deleted, you may exercise a right to the restriction of processing (as follows).
Right to the restriction of processing
You have the right to request us to restrict the processing of your personal data, if:
- You dispute the correctness of the data and we must therefore review the correctness.
- The processing is unlawful and you decline data erasure and instead request restriction of use.
- We no longer require the data, but you still need the data in order to assert, exercise or defend legal claims.
- You have submitted an objection to the processing of your data and it has not yet been determined whether our legitimate interests prevail over your interests.
Right to data portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly available and machine-readable format. Moreover, you have the right to have us transmit this data to another controller without hindrance by us, provided that the processing is based on a contract or consent, and our processing takes place with the aid of automated processes.
Right to object
You have the right at any time to submit an objection to the processing of your personal data, which takes place based on Art. 6 1) e) or f), for reasons arising from your particular situation; this also applies to profiling based on one of these conditions. Insofar as the processing of your personal data is based on a consent, you have the right to withdraw this consent at any time.
Right to withdraw
If the processing of your personal data is based on a consent, you have the right to withdraw this consent at any time.
XIII Statutory deadlines for the erasure of data
Insofar as no statutory retention obligation applies, the data shall be deleted or destroyed once it is no longer required for fulfilling the purpose of data processing. Various deadlines apply to the retention of personal data. For instance, data of tax relevance is generally stored for ten years, while other data is typically retained for six years in accordance with provisions under the Commercial Code. Furthermore, the storage period may also be determined by statutory limitation periods.
XIV Right to lodge a complaint with a supervisory authority
In accordance with Art. 77 GDPR, each data subject has the right to lodge a complaint with a supervisory authority, if they believe that the processing of their personal data is in violation of the GDPR. The competent supervisory authority in data protection matters is the state data protection officer of the federal state in which our company has its registered office.