PRIVACY POLICY

Below, we would like to inform you about the data protection on our websites as well as about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, we would like to inform you about your rights. Data protection is of great importance to us.

Responsible for data protection / the processing entity is the company

Sturm Blechverarbeitung GmbH

Industriestr. 20

94330 Salching (Germany)

Telephone +49 9421 5320-0

Fax +49 9421 5320-999

Email info@sturm-blech.com

represented by the Managing Director Thomas Gilch

Data Protection Officer

Ernst Buchner

Omnis Consulting GmbH

Innere Passauer Str. 2

94315 Straubing (Germany)

Email: dsb@omnis-consulting.de

Visiting the web pages – Processing of personal data and type and purpose of use

When you visit our web pages, you transfer (out of technical necessity) data to our web server via your Internet browser. The following data are processed in the server log files during an ongoing connection for communication between your Internet browser and our web server:

      1. The page from which the file was requested – referrer URL
      2. The name of the file
      3. The date and time of the request
      4. A description of the type of web browser / browser version and operating system used
      5. IP-address of the requesting computer
      6. Access status (file transmitted, file not found, etc.)
      7. Transmitted data amount

For technical reasons (visiting the website), we store these data for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of these data. After 7 days at the latest, the IP addresses are deleted or anonymized.

The data are evaluated for internal purposes only and do not allow us to draw any conclusions about your person. A comparison with other databases does not take place.

We process the aforementioned data for the following purposes:

      1. To ensure proper and smooth connection to the website,
      2. To ensure convenient use of the website,
      3. To evaluate system security and stability, and
      4. For further administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f of the German General Data Protection Regulation (GDPR). Our legitimate interest results from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

You can visit the website without having to provide any information about yourself.

Cookies

We use technically necessary cookies on our website. Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our website. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or any other malware.

In a cookie, information is stored that results from the specific end device used. However, this does not mean that we gain direct knowledge of your identity. Cookies do not contain any personal data and can therefore not be directly assigned to any user.

We use cookies to make the use of our website more convenient for you. For example, we use technically necessary session cookies to recognize that you have already visited individual pages of our website. These cookies are deleted automatically after you close your browser. The data processed by cookies are necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties in accordance with Art. 6 para. 1 p. 1 lit. f GDPR.

Cookies

We use cookies on our website. Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our website. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or any other malware.

In a cookie, information is stored that results from the specific end device used. However, this does not mean that we gain direct knowledge of your identity. Cookies do not contain any personal data and can therefore not be directly assigned to any user.

We use so-called session cookies to recognize that you have already visited individual pages of our website. The website does not work properly without these cookies. These cookies are deleted automatically after you close your browser.

Cookie purpose description: Retains the user’s conditions during page requests.

Cookie name: PHPSESSID.

Most browsers accept cookies automatically. However, you can set your browser to not store cookies on your computer or to always display a notice before a new cookie is created. Each browser manages cookie settings differently. You can find information on how to disable cookies or change settings in the help menus of your browser (see also the technical hints at the end of this Privacy Policy). The data processed by cookies are necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1) p. 1 lit. f GDPR.

Requests by email, telephone or fax

If you contact us by email, telephone or fax, your request including all resulting personal data (e.g. name, inquiry) are stored and processed for the purpose of processing your request. The data are not forwarded to third parties without your consent. There is no legal or contractual obligation to provide your data, however, a processing of your request is not possible without the provision of your data.

The processing of these data is based on Art. 6 (1) lit. b GDPR, if your request is related to the fulfillment of a contract or is necessary for carrying out pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and / or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of requests addressed to us.

The data you transmit via contact requests are stored by us until you request that we delete them, revoke your consent to store them, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular legal archiving periods – remain unaffected.

Data protection when submitting applications

Any application documents you send us will be used exclusively for the purpose of deciding on your application and will not be forwarded to third parties. We would like to point out that we do not currently offer any encryption of your data when sending application documents by email. However, you can email your attachments encrypted, e.g. using the program 7ZIP (http://www.7-zip.de/), and inform us of your password separately, e.g. by telephone. You will receive an email to your email address about the receipt of your application. You can also send us your application by mail at any time.

Application data are kept and managed separately from other data sets.

Once we sign an employment contract with an applicant, the data provided will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted no later than 6 months after notification of the rejection decision, provided that no other legitimate interests of the party responsible for the processing conflict with deletion or the applicant has expressly consented to longer storage and retention of his / her application, e.g. for possible subsequent contact in case of vacancies. Another legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the German General Act on Equal Treatment (AGG).

Data processing for the purpose of contacting you and processing your application data is carried out in accordance with Art. 6 para. 1 p. 1 lit. a,b GDPR on the basis of your voluntarily given consent, as well as for carrying out pre-contractual measures.

Social network links

No social plugins of Facebook or other social networks are integrated on these web pages. Therefore, no program code of a social network is active on our web pages. The icons for Facebook etc. on our website are merely linked images.

Privacy notice – online presence on Facebook/Instagram

Facebook Ireland (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland – hereinafter referred to as Facebook) and the Page Administrator (we) are jointly responsible for processing the personal data for the purposes set forth in the Terms of Use for Covered Products on the Page Administrator’s Facebook account that are collected within the context of a visit to, or interaction with, a page (including its content).

Covered Products are all Facebook products, Facebook pages, and page insights. Facebook products include Facebook itself (including the Facebook mobile app and the browser in the app), Messenger, Instagram (including apps like Direct and Boomerang), Portal branded devices, Bonfire, Facebook Mentions, Facebook Shops, Spark AR Studio, Audience Network, NPE Team apps, and any other features, apps, technologies, software products, products or services offered by Facebook, Inc. or Facebook Ireland Limited. In addition, the Facebook Business Tools are also considered Facebook Products.

The scope of the joint processing and the controller addendum covers the collection of the personal data specified in the Terms of Use for Covered Products and their transfer to Facebook. The subsequent processing of data by Facebook is not part of the joint processing. Likewise, it is not part of the joint processing if personal data are processed exclusively by the Page Administrator – in this case, the latter is the sole data controller.

The information required under Article 13 (1) (a) and (b) of the German GDPR can be found in Facebook’s Data Policy under https://www.facebook.com/about/privacy. Further information on joint processing can be found in the respective Terms of Use of the products.

For the use of certain Facebook products (so-called “Facebook Business Tools”) and the associated data processing, the Supplementary Agreement between us and Facebook as joint controller pursuant to Art. 26 of the GDPR applies, which you can view under https://www.facebook.com/legal/controller_addendum.

The Page Administrator and Facebook have entered into this Controller Addendum to define the respective responsibilities for fulfilling the obligations under the GDPR with respect to joint processing (as set forth in the Terms of Use for Covered Products).

In addition, we have agreed that, between the parties, Facebook is responsible for enabling the rights of data subjects under Articles 15-20 of the GDPR with respect to personal data stored by Facebook after joint processing.

Data processing conditions at Facebook

We would like to expressly point out that the use of certain Facebook products may involve the transmission of personal information to Facebook. Considering the circumstances, it may also happen that Facebook Ireland Limited transfers EU data to Facebook Inc. in the USA for the purpose of storage and further processing. By using Facebook products, the user agrees to Facebook’s Data Processing Terms and Conditions. You can find these under https://www.facebook.com/legal/terms/dataprocessing/update.

The Facebook EU Data Transfer Addendum can be found  under https://www.facebook.com/legal/EU_data_transfer_addendum

The Facebook Data Policy can be found under https://www.facebook.com/about/privacy/ – the Instagram Data Policy can be found under https://help.instagram.com/519522125107875

Information on Cookies and other storage technologies on Facebook can be found under https://www.facebook.com/policies/cookies/

The Data Security Terms of Facebook can be found under https://www.facebook.com/legal/terms/data_security_terms.

The Facebook Terms of Use for Commercial Purposes can be found under https://www.facebook.com/legal/commercial_terms/update

The Facebook EU Data Transfer Addendum can be found  under https://www.facebook.com/legal/EU_data_transfer_addendum

You can contact the Facebook Privacy Officer under https://www.facebook.com/help/contact/540977946302970.

More information about page insights data

Facebook continues to provide the page administrator with so-called page insights for the Facebook page. Insights data are summarized data which provide the page administrator with information on how users interact with the Facebook page. The legal basis for the data processing is Art. 6 para. I p. 1 lit. f GDPR, the protection of legitimate interests in an optimized presentation of the web offer and effective communication with users.

The data processing is carried out on the basis of an agreement between the joint controllers pursuant to Art. 26 GDPR, which you can consult under https://www.facebook.com/legal/terms/page_controller_addendum.

You can find more information on page insights data on Facebook under https://www.facebook.com/legal/terms/information_about_page_insights_data as well as under https://de-de.facebook.com/help/instagram/155833707900388

You can find the text of the page insights addendum regarding the responsible parties under https://www.facebook.com/legal/terms/page_controller_addendum.

Data processing when contacting us via Facebook products

We collect personal data when you contact us, for example, via the contact form or via Messenger. These data are stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 para. I p. 1 lit. f GDPR. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary.

Your rights

As agreed between Facebook and us, primarily Facebook is responsible for providing you with information about the joint processing and to enable you to exercise your rights under the GDPR. Under the GDPR, you have the right of access, rectification, transferability and deletion of your data, as well as the right to object to the processing of your data and to restrict the processing. You can learn more about these rights in your Facebook settings. For more information about your rights, see also section “Data subject rights” in this Privacy Policy.

By agreement between Facebook and us, the Irish Data Protection Commission is the lead authority for overseeing processing under joint responsibility. You have the right to file a complaint with the Irish Data Protection Commission (see www.dataprotection.ie ) or with your local supervisory authority.

Right to object to advertising

You can object to the processing of your data for advertising purposes on Facebook at any time by changing your settings for advertisements accordingly in your Facebook user account under https://www.facebook.com/settings?tab=ads.

Legal basis for the operation of the Facebook page / Instagram and processing of personal data when accessed

We operate the Facebook page / Instagram page for advertising purposes for our goods and services. The processing of personal data takes place on the basis of Art 6 I S 1 lit f GDPA.

Embedding of YouTube videos

We use plugins of the provider YouTube (YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA) for the integration of videos. YouTube is represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit the web pages of our websites that feature such a plugin, a connection to the YouTube servers is established and the plugin is displayed. This transmits to the YouTube server which of our websites you visited. If you are logged in as a member of YouTube, YouTube assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this allocation by logging out of your YouTube user account and other user accounts of the companies YouTube and Google before using our websites and by deleting the corresponding cookies of the companies.

YouTube is used in the interest of an appealing presentation of our websites. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further information on data processing and on data protection by YouTube (Google) can be found under https://policies.google.com/privacy?hl=de

Data security

On our website, we use the SSL procedure (Secure Socket Layer) for encryption. You can see whether an individual page of our website is transmitted in encrypted form when the key or lock symbol in the lower status bar of your browser is closed.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Processing/sharing of data

Your personal data are not passed on to third parties for purposes other than those listed above or below.

We will only share your personal information with third parties if:

      1. you have given your express consent in accordance with Art. 6 (1) p. 1 lit. a GDPR,
      2. this is legally permitted and required according to Art. 6 para. 1 p. 1 lit. b GDPR for the fulfillment of contractual relationships or for carrying out pre-contractual measures with you,
      3. in the event that there is a legal obligation for us to disclose data pursuant to Art. 6 (1) sentence 1 lit. c GDPR,
      4. processing is necessary in accordance with Art. 6 (1) p. 1 lit. f GDPR for the purposes of safeguarding our legitimate interests or those of a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

Data subject rights

You have the right:

      1. to request information about your personal data processed by us in accordance with Art. 15 GDPR.
      2. to demand the immediate correction of inaccurate or incomplete personal data stored by us in accordance with Art. 16 GDPR;
      3. demand the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
      4. to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to their deletion and we no longer require the data, but you need them for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
      5. to receive, in accordance with Art. 20 GDPR, your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
      6. to revoke your consent at any time in accordance with Art. 7 (3) of the GDPR. This will mean that we may no longer continue the data processing based on this consent for the future;
      7. to file a complaint with a supervisory authority pursuant to Art. 77 of the GDPR if you believe that the processing of personal data concerning you violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose. You can find a list of data protection officers in Germany and their contact details under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f). We will no longer process your personal data after objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If you wish to exercise your right of objection, simply send us an email.

Changes to this Privacy Policy – Status

Due to the further development of our website and offers on this website or due to changed legal or official requirements, it may become necessary to change this Privacy Policy in compliance with the applicable data protection regulations. The latest Privacy Policy can be accessed on our website or printed out at any time under Privacy Policy.

Version: December 2020

Technical hints on how to disable cookies – Instructions

      1. Internet Explorer: https://windows.microsoft.com/de-de/internet-explorer/delete-manage-cookies#ie=ie-11-win-7
      2. Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
      3. Google Chrome: https://support.google.com/chrome/answer/95647und https://support.google.com/chrome/answer/95464/?hl=de (private surfing)
      4. Safari: https://help.apple.com/safari/mac/8.0/#/sfri11471
      5. Opera: http://www.opera.com/de/help