Privacy Policy.
January 2024
With this privacy policy we inform about the processing of personal data in connection with our www.gressel.ch -Website and our other online offer.
For individual or additional offers and services, special, supplementary or additional data protection declarations as well as other legal documents such as general terms and conditions (GTC), terms of use or conditions of participation may exist.
Our online offer is subject to Swiss data protection law as well as any applicable foreign data protection law, such as in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The EU recognizes that Swiss data protection law ensures adequate data protection.
1. Contact details
1.1 Responsibility for the online offering
GRESSEL AG
Schützenstrasse 25
8355 Aadorf
1.2 Data Privacy Officer
We have the following data protection officer as a point of contact for data subjects and as a contact for supervisory authorities in the event of data protection-related inquiries:
Jörg Maier
GRESSEL AG
Schützenstrasse 25
8355 Aadorf
2. Personal data processing
2.1 Terms
Personal data is any information that relates to an identified or identifiable person. A data subjectis a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, collection, deletion, storage, modification, destruction and use of personal data.
2.2 Legal bases
We process personal data in accordance with Swiss data protection law as in particular the Bundesgesetz über den Datenschutz (DSG) and the Verordnung zum Bundesgesetz über den Datenschutz (VDSG).
We process personal data – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – in accordance with at least one of the following legal bases:
- Art. 6 Abs. 1 lit. b DSGVO for the necessary processing of personal data for the fulfillment of a contract with the data subject as well as for the implementation of pre-contractual measures.
- Art. 6 Abs. 1 lit. f DSGVO for the necessary processing of personal data to protect the legitimate interests of us or of third parties, unless the fundamental freedoms and rights and interests of the data subject prevail. Legitimate interests are, in particular, our interest in being able to provide our online offer permanently, in a user-friendly, secure and reliable manner and to be able to advertise for it as required, information security and protection against misuse and unauthorized use, the enforcement of our own legal claims and compliance with Swiss law.
- Art. 6 Abs. 1 lit. c DSGVO for the necessary processing of personal data for the fulfillment of a legal obligation to which we are subject according to any applicable law of the EU or of member states in the European Economic Area (EEA).
- Art. 6 Abs. 1 lit. e DSGVO for the necessary processing of personal data for the performance of a task that is in the public interest.
- Art. 6 Abs. 1 lit. a DSGVO for the processing of personal data with the consent of the data subject.
- Art. 6 Abs. 1 lit. d DSGVO for the necessary processing of personal data to protect vital interests of the data subject or another natural person.
2.3 Type, scope and purpose
We process those personal data that are necessary to provide our online offer permanently, user-friendly, secure and reliable. Such personal data may fall into the categories of inventory data and contact data, content data, usage data and boundary data as well as contract data and payment data.
We process personal data for the duration required for the respective purpose(s) or as required by law. Personal data whose processing is no longer required is anonymized or deleted.
We process personal data as a matter of principle, only with the consent of the data subject, unless the processing is permitted for other legal reasons, for example, to fulfill a contract with the data subject and for corresponding pre-contractual measures, to protect our overriding legitimate interests, because the processing is evident from the circumstances or after prior information.
In this context, we process in particular information that a data subject voluntarily and personally provides to us when contacting us – for example, by letter, e-mail, contact form, social media or telephone – or when registering for a user account. We may store such information, for example, in an address book or with comparable tools. If you transmit personal data from third parties to us, you are obliged to ensure data protection vis-à-vis such third parties and to ensure the accuracy of such personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of providing our online service, if and to the extent that such processing is permitted for legal reasons.
Personal data on the basis of applications will only be processed insofar as they relate to suitability for an employment relationship or are required for the subsequent execution of an employment contract. The personal data required for an application is derived from the information requested or provided, for example in the context of the job description. Applicants have the option of voluntarily providing further information for their respective applications.
2.4 Processing of personal data by third parties, including abroad
We may have personal data processed by third parties, in particular by order processors, or process it jointly with third parties or with the help of third parties, or transmit it to third parties. Such third parties are in particular providers whose services we use. We also ensure appropriate data protection for such third parties.
Such third parties are generally located in Switzerland as well as in the European Economic Area (EEA) including the European Union (EU). However, such third parties may also be located in other states on Earth and elsewhere in the universe, provided that their data protection laws are applicable under Assessment of the Federal Data Protection and Information Commissioner (FDPIC) and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – in accordance with Assessment of the European Commission – ensures adequate data protection, or if adequate data protection is ensured for other reasons, such as through an appropriate contractual agreement, in particular based on standard contractual clauses, or through appropriate certification. For third parties in the United States of America (USA), certification in accordance with the Privacy Shield may ensure adequate data protection. Exceptionally, such a third party may be located in a country without adequate data protection, provided that the requirements under data protection law, such as the express consent of the data subject, are met.
3. Data subjects rights
Data subjects whose personal data we process have the rights under Swiss data protection law. These include the right to information as well as the right to correction, deletion or blocking of the processed personal data.
Data subjects whose personal data we process may – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – request confirmation free of charge as to whether we are processing their personal data and, if so, request information about the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability, and have their personal data corrected, deleted (“right to be forgotten”), blocked or completed.
Data subjects whose personal data we process may – if and insofar as the DSGVO applies – revoke any consent they have given at any time with effect for the future and object to the processing of their personal data at any time.
Data subjects whose personal data we process have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte (EDÖB).
3.1 Processing of customer and contract data
We collect, process and use personal customer and contractual data for the purpose of establishing, defining the content of and amending our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user. The legal basis for this is Art. 6 para. 1 lit. b DSGVO. The collected customer data will be deleted after completion of the order or termination of the business relationship and expiration of any existing legal retention periods. Statutory retention periods remain unaffected.
3.2 Handling of applicant data
We offer you the opportunity to apply to us (e.g. by e-mail, post or via online application form). In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We assure that the collection, processing and use of your data will be in accordance with applicable data protection law and all other legal provisions and that your data will be treated in strict confidence.
Scope and purpose of data collection
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b DSGVO (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
If the application is successful, the data submitted by you will be processed on the basis of § 26 BDSG and Art. 6 para. 1 lit. b DSGVO for the purpose of implementing the employment relationship is stored in our data processing systems.
Data retention period
If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO) for up to 6 months from the end of the application process (rejection or withdrawal of the application). Subsequently, the data is deleted and the physical application documents are destroyed. The storage serves in particular evidence purposes in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.
A longer storage can also take place if you have given a corresponding consent (Art. 6 para. 1 lit. a DSGVO) or if legal storage obligations oppose the deletion.
4. Data Privacy
We take appropriate and suitable technical and organizational measures to ensure data protection and, in particular, data security. However, despite such measures, the processing of personal data on the Internet can always have security gaps. We can therefore not guarantee absolute data security.
Access to our online offer takes place via transport encryption (SSL / TLS with HTTPS).
Access to our online offering is subject – as is basically any use of the Internet – to mass surveillance without cause or suspicion and other monitoring by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We cannot directly influence the corresponding processing of personal data by secret services, police agencies and other security authorities.
Data subjects whose personal data we process may – if and insofar as the DSGVO applies – revoke any consent they have given at any time with effect for the future and object to the processing of their personal data at any time.
Data subjects whose personal data we process have a right of appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte (EDÖB).
5. Use of the website
5.1 Cookies
We may use cookies for our website. Cookies – also from third parties whose services we use (third-party cookies or third-party cookies) – are data in text form that are stored in your browser. Cookies cannot execute programs or transmit malware such as Trojans and viruses.
Cookies can be stored temporarily in your browser as “session cookies” when you visit our website or for a certain period of time as so-called permanent cookies. “Session cookies” are automatically deleted when you close your browser. Permanent cookies make it possible in particular to recognize your browser the next time you visit our website and thus, for example, to measure the reach of our website. Permanent cookies can also be used for online marketing, for example.
You can deactivate or delete cookies in part or in full in your browser settings at any time. Without cookies, our online offer may no longer be fully available. We ask you – if and to the extent necessary – for your consent to the use of cookies.
In the case of cookies that are used for performance and reach measurement or for advertising, a general objection (“opt-out”) is possible for numerous services via the Networking Advertising Initiative(NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA) possible.
5.2 Logfiles
We may collect the following information for each access to our website, provided that this information is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual page accessed and amount of data transferred, last website accessed (referer or referrer).
We store such information, which may also constitute personal data, in log files. The information is necessary to provide our online offer permanently, user-friendly and reliably and to ensure data security and thus in particular the protection of personal data – also by third parties or with the help of third parties.
5.3 Tracking pixel
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – also from third parties whose services we use – are small images that are retrieved when you visit our website. Tracking pixels can be used to collect the same information as server log files.
6. notifications and messages
We may send notifications and communications such as newsletters by email and through other communication channels such as instant messaging.
6.1 Success measurement and reach measurement
Notifications and messages may contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked on (performance measurement). Such web links and tracking pixels may also capture usage of notifications and communications. We need this statistical recording of usage, including performance and reach measurement, in order to be able to offer notifications and communications based on the needs and reading habits of the recipients in an effective and user-friendly manner as well as permanently, securely and reliably.
6.2 Consent and objection
In principle, you must expressly consent to the use of your e-mail address and other contact addresses, unless the use is permitted for other legal reasons. For any e-mail consent, we use “double opt-in”, which means that you will receive an e-mail with a web link that you must click to confirm, so that no misuse by unauthorized third parties can take place. We may log such consents including Internet Protocol (IP) address, date and time for evidentiary and security purposes.
In principle, you can unsubscribe from notifications and communications such as newsletters at any time. Notifications and messages that are absolutely necessary for our online service are reserved. By unsubscribing, you can in particular object to the statistical recording of usage, including for performance and reach measurement.
7. social media
We are present on social media platforms and other online platforms in order to be able to communicate with interested persons and provide information about our online offering. The General Terms and Conditions (GTC), data protection declarations and other provisions of the individual operators of such online platforms also apply in each case.
For our social media presence on Facebook, if and to the extent that the GDPR is applicable, we are jointly responsible with Facebook for the so-called Page Insights, which provide information on how visitors interact with our Facebook presence. We use Page Insights to provide our social media presence on Facebook, effectively and in a user-friendly way. Facebook has published an addition regarding the responsibility for page insights.
8. services from third parties
We may use third party services to provide our online offering in a durable, user-friendly, secure and reliable manner. Such services are also used to embed content in our online offering. Such services – for example, hosting and storage services, video services, and payment services – require your Internet Protocol (IP) address, as such services cannot otherwise transmit the corresponding content. Such services may be located outside of Switzerland as well as the European Economic Area (EEA) including the European Union (EU), provided that adequate data protection is guaranteed.
For their own security-related, statistical and technical purposes, third-party services may also process data related to our online offering as well as from other sources in aggregated, anonymized or pseudonymized form – including cookies, log files and counting pixels. Such data will not be used to directly contact data subjects in connection with our online offer.
8.1 Map material
We use Google Maps to embed maps into our website. Cookies are also used in the process. Google Maps is a service of the American Google LLC, for users in the European Economic Area (EEA) and in Switzerland the Irish Google Ireland Limited is responsible. Further information on the type, scope and purpose of data processing can be found in the Privacy and Security Principles and in Google’s Privacy Policy in each case, in the Privacy Guide for Google products (including Google Maps), in the information on how Google uses data from websites on which Google services are used and in the information on cookies at Google. Furthermore, it is possible to object to personalized advertising.
8.2 Entertainment
8.2.1 We use Vimeo to embed videos on our website. Cookies are also used in the process. Vimeo is a service of the American Vimeo Inc. Further information on the nature, scope and purpose of data processing can be found in the questions and answers on data protection at Vimeo and in the Vimeo privacy policy.
8.2.2 We use YouTube to embed videos on our website. Cookies are also used in the process. YouTube is a service of the American Google LLC, for users in the European Economic Area (EEA) and in Switzerland the Irish Google Ireland Limited is responsible. Further information on the type, scope and purpose of data processing can be found in the Privacy and Security Principles and in Google’s Privacy Policy in each case, in the Privacy Guide in Google products (including YouTube), in the information on how Google uses data from websites on which Google services are used and in the information on cookies at Google. Furthermore, it is possible to object to personalized advertising.
8.3 Success and reach measurement
8.3.1 Google Analytics
We use Google Analytics to analyze how our website is used, including, for example, measuring the reach of our website and the success of third-party links to our website. It is a service of the American Google LLC, for users in the European Economic Area (EEA) and in Switzerland the Irish Google Ireland Limited is responsible.
Google also attempts to track individual visitors to our website when they use different browsers or devices (cross-device tracking). Cookies are also used in the process. Google Analytics requires your Internet Protocol (IP) address, but this is not merged with other Google data.
In any case, we have your Internet Protocol (IP) address anonymized before analysis by Google. As a result, your full IP address is generally not transmitted to Google in the USA.
Further information on the type, scope and purpose of data processing can be found in the Privacy and Security Principles and in Google’s Privacy Policy in each case, in the Privacy Guide in Google products (including YouTube), in the information on how Google uses data from websites on which Google services are used and in the information on cookies at Google. Furthermore, it is possible to use the “Browser Add-on to deactivate Google Analytics” as well as to object to personalized advertising.
8.3.2 Google Tag Manager
We use Google Tag Manager to integrate and manage services for analytics or advertising from Google as well as from third parties on our website. It is a service of the American Google LLC, for users in the European Economic Area (EEA) and in Switzerland the Irish Google Ireland Limited is responsible. No cookies are used in this process, but cookies may be used as part of the services integrated and managed with it. We provide information about the processing of personal data by such services in this Privacy Policy.
8.4 Newsletter
With the registration to the newsletter and the confirmation to receive the newsletter (double opt-in) the following personal data are processed: Name, first name, email address. The data is processed for the purpose of authenticating the subscriber at registration and delivering a newsletter to the subscriber, determining whether and when he/she has opened it and individual articles on it.
The data you enter for the purpose of receiving the newsletter will be processed by Hubspot (see under 8.5 Hubspot). The processing of this data is based exclusively on your consent. You can revoke this consent at any time, for example via the “unsubscribe” link in the newsletter. The data processing operations already carried out remain unaffected by the revocation. When we send newsletters using Hubspot, we can determine whether a newsletter has been opened and which links have been clicked.
8.5 Hubspot
We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).
Among other things, Hubspot CRM allows us to manage existing and potential customers as well as customer contacts. With the help of Hubspot CRM, we are able to capture, sort and analyze customer interactions via email, social media or phone across different channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyze the user behavior of our contacts on our website. The use of Hubspot CRM is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
For details, see Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.
We use this integrated software solution for our own marketing, lead generation and customer service purposes. These include email marketing, which governs the sending of newsletters as well as automated mailings, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages and contact forms. HubSpot uses cookies, which are small text files that are stored locally in the cache of your web browser on your terminal device and enable an analysis of your use of the website by us. HubSpot analyzes the information collected (e.g., IP address, geographic location, browser type, length of visit, and pages viewed) on our behalf so that we can generate reports about the visit and the pages viewed. Information collected by HubSpot and the content of our website is stored on servers of HubSpot’s service providers. Insofar as you have given your consent to this in accordance with Art. 6 para. 1 S. 1 lit. a DSGVO, the processing takes place on this website for the purpose of website analysis. Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have concluded standard data protection clauses with the provider pursuant to Art. 46 Para. 2 lit. c GDPR agreed. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we will endeavor to obtain additional arrangements and commitments from the recipient in the USA. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. You can permanently object to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies accordingly through your browser settings. You can object to the processing of your personal data at any time with effect for the future. We use this data to improve the user experience on our website and to offer you personalized content and advertising. We also use the data collected to optimize our marketing and sales activities. We do not share the data collected by HubSpot with third parties unless required by law or we are legally obligated to do so. We take all necessary measures to protect and securely store the data we collect. You have the right to revoke your consent to use HubSpot at any time. Please contact our data protection officer for this purpose.
Learn more about HubSpot’s privacy policy
More information from HubSpot regarding EU data protection regulations
More information about the cookies used by HubSpot can be found here& here.
We use the service of HubSpot on our website. HubSpot is a US software company with an office in Ireland. The software solution provides us with various capabilities for our online marketing, including email marketing, social media publishing & reporting, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms. Visitors to our website can use our login service to learn more about our company and download content. In doing so, they can provide us with their contact information as well as other demographic information. Both this information and the content of our website are stored on HubSpot servers. We use the data to contact visitors to our website and to determine which of our company’s services are of interest to them. We assure you that all information we collect is subject to this privacy policy and will only be used to optimize our marketing efforts.
As part of the optimization of our marketing measures, the following data may be collected and processed via Hubspot:
- Geographical position
- Browser type
- Navigation information
- Reference URL
- Performance data
- Information about how often the application is being used
- Mobile apps data
- HubSpot subscription service credentials
- Files displayed on site
- Domain names
- Pages viewed
- Aggregated usage
- Operating system version
- Internet service provider
- IP address
- Device identifier
- Duration of the visit
- Where the application was downloaded from
- Operating system
- Events that occur within the application
- Access times
- Clickstream data
- Device model and version
In addition, we use HubSpot to provide contact forms. The processing of the data is based on your consent pursuant to Art. 6 para. 1 lit. a DSGVO. You have the option to refuse your consent at any time or to revoke it with effect for the future if you do not want data to be collected and processed via HubSpot. The personal data are stored only as long as they are necessary for the purpose of processing and then deleted. When processing via HubSpot, data may be transferred to the USA, which is, however, secured by standard contractual clauses to ensure a level of security that complies with the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may be required pursuant to Art. 49 para. 1 lit. a DSGVO serve as the legal basis for the transfer to third countries.
9. Perspective Software GmbH
We use an external service provider for the provision of our online offer: Perspective Software GmbH, Mailbox 659770, D-96035 Bamberg (hereinafter referred to as “Perspective”). Perspective itself stores your data exclusively on European servers. However, there is a possibility that your data may be accessible to entities in the United States of America, as Perspective uses sub-processors based in the USA. As the Commission of the European Union has determined that the data protection laws of the United States do not ensure an adequate level of protection for personal data collected from data subjects in the European Union, Perspective provides additional measures and safeguards for data transfers to the United States in accordance with the requirements of the GDPR to ensure an adequate level of protection. For example, through the conclusion of standard contractual clauses between Perspective and the sub-processors.
I. Description and scope of data processing
Perspective processes your data for us so that we can provide you with our online services. For this purpose, Perspective will automatically transmit your IP address in order to transmit the content and functions of our online services to your browser or device.
-
Information about the browser type and version used
-
The operating system of your computer
-
The internet service provider you use
-
The IP address of your end device
-
Date and time of your access to the funnel
-
Websites from which you came to our website (“referrer”)
II Legal basis for data processing
Perspective stores the data mentioned under I. in so-called log files. This is done to ensure
-
to ensure a smooth connection to the website,
-
to ensure a comfortable use of our website,
-
the evaluation of system security and stability and
-
for other administrative purposes.
The temporary storage of the IP address by the system is also necessary to enable the website to be delivered to your computer. For this purpose, the IP address of your computer must remain stored for the duration of the session.
Our legitimate interest in data processing also lies in these purposes. The legal basis for data processing is therefore Art. 6 para. 1 S. 1 lit. f DSGVO.
III Duration of the processing
The personal data processed by Perspective will be deleted as soon as they are no longer required for the purpose for which they were collected:
-
In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
-
If the IP address is stored in log files, this is the case after 7 days at the latest.
IV. Rights of data subjects
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority in the event of violations of the GDPR.
Because the data processing is based on Art. 6 para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 (1) GDPR). Since the collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of our website, there should be no possibility for you to object in most cases.
You also have the right to request the restriction of the processing of your personal data under certain circumstances. The right to restriction of processing exists in the following cases:
-
If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
-
If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure.
-
If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
-
If you file an objection under Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
Contact and request management
We use an external service provider for the provision of contact, inquiry or application forms: Perspective Software GmbH, Mailbox 659770, D-96035 Bamberg (hereinafter referred to as “Perspective”). Perspective itself stores your data exclusively on European servers. However, there is a possibility that your data may be accessible to entities in the United States of America because Perspective uses sub-processors based in the USA. As the Commission of the European Union has determined that the data protection laws of the United States do not ensure an adequate level of protection for personal data collected from data subjects in the European Union, Perspective provides additional measures and safeguards for data transfers to the United States in accordance with the requirements of the GDPR to ensure an adequate level of protection. For example, through the conclusion of standard contractual clauses between Perspective and the sub-processors.
I. Description and scope of data processing
When you use Perspective’s contact, inquiry or application forms, the following data is transmitted to Perspective’s servers:
-
Date and time of access
-
Websites from which you came to our website (“referrer”)
-
Context information (e.g. button clicks on the pages, selections made on the pages)
-
Contents of all completed text fields (e.g. contact details, such as your name or address, or other personal data, depending on the question shown in the specific text field)
-
Files uploaded by you
II Purpose Legal basis for data processing
The purpose of this data processing is to ensure the communication you have recorded.
The processing of your data from contact, inquiry or application forms is therefore initially based on your consent. The legal basis is Art. 6 para. 1 S. 1 lit. a DSGVO. If a contract is initiated via an inquiry form, the legal basis is also Art. 6 para. 1 S. 1 lit. b DSGVO. The legal basis for the processing of data in an application form may be Art. 6 para. 1 S. 1 lit. f GDPR can also be Art. 88 GDPR in conjunction with 26 BDSG.
III Duration of the processing
Your personal data will be stored for as long as it is necessary to fulfill the purpose of processing or until you withdraw your consent. This principle does not apply to data that Perspective is required to retain by law. These include, for example, retention obligations under commercial and tax law. These retention periods are – currently – up to ten years
IV. Rights of data subjects
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority in the event of violations of the GDPR.
You can revoke your consent to data processing at any time by sending us an informal message (e.g. by e-mail). The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You also have the right to request the restriction of the processing of your personal data under certain circumstances. The right to restriction of processing exists in the following cases:
-
If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
-
If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure.
-
If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
-
If you file an objection under Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
9. Extensions for the website
We use jQuery, a free JavaScript library from the JS Foundation. We include the library via the Content Delivery Network (CDN) Google Hosted Libraries (domain name ajax.googleapis.com) so that we can improve the speed of our website. Cookies are only used if they are necessary for the prevention of misuse and for security-related purposes. It is a service American Google LLC, which is offered independently of other Google services. For users in the European Economic Area (EEA) and Switzerland, the Irish company Google Ireland Limited is responsible.
Further information on the nature, scope and purpose of data processing can be found in Google’s Privacy and Security Policy and Privacy Statement in each case, as well as in the Terms of Use for Google Hosted Libraries.
10. Final regulations
We have created this privacy statement with the data protection generator of Datenschutzpartner, a service of the Swiss Papiertiger GmbH.
We may amend and supplement this privacy policy at any time. We will inform about such adjustments and additions in an appropriate form, in particular by publishing the respective current privacy policy on our website.
