Information obligations in line with Article 13 of the GDPR
Responsibility for data processing in line with Article 13, Paragraph (1) Letter a)
Company name in line with Article 17, Paragraph 1 of the German Commercial Code (HGB) including the contact details of the controller (CEO)
FIMA Maschinenbau GmbH
Oberfischacher Straße 58
Dr. Serdar Ertong
Contact details of the data protection officer in line with Article 13, Paragraph (1) Letter b) of the GDPR
Helbig Datenschutz GmbH
91207 Lauf an der Pegnitz
+49 9123 70275-15
Purposes and legal bases of data processing, in line with Article 13, Paragraph (1) Letter c) of the GDPR
Personal data are processed for the purpose of fulfilling contracts or to perform pre-contractual measures. They include customer master data with points of contact, the contact history, products, orders, invoices, project data and other statutory obligations of the controller.
The legal bases arise from Article 6 of the GDPR. Other main legal bases arise from the German Commercial Code, tax legislation, the companies act and other statutory legislation relevant to FIMA Maschinenbau GmbH. This also includes contractual regulations. Processing of newsletters is subject to consent by the data subject.
Processing is to preserve the legitimate interests of the controller or a third party in line with Article 13, Paragraph (1) Letter d) of the GDPR
Insofar as it is necessary we process your data beyond the actual fulfilment of the contract in order to preserve our legitimate interests or those of third parties. They include:
Categories of recipients of personal data (data transmission) in line with Article 13, Paragraph (1) Letter e) of the GDPR
Within Germany, the European Union and European Economic Area Germany:
Auditors, bailiffs and other creditors, also other public offices for fulfilling legal obligations and requested certifications, logistics companies, customers and suppliers and other bodies and business partners.
Third countries including adequacy decision in line with Article 13, Paragraph (1) Letter f DSGVO of the GDPR
Within the context of international business relations, transmission is performed in line with Article 6, Paragraph 1, Letter b for the fulfilment of contracts or to perform pre-contractual measures. No adequacy decision in necessary for this purpose.
Retention period in line with Article 13, Paragraph (2), Letter a)
The respective purposes arise from the legal specifications and relevant sector-specific regulations. Personal data are erased once the purpose is fulfilled.
Rights of the data subject in line with Article 13, Paragraph (2), Letter b)
You can exercise your rights at any time via the above contact details. If your personal data are processed, you are a data subject within the meaning of the GDPR and are entitled to the following rights vis-à-vis the controller:
Information on the rights of data subjects
The data subject is entitled to demand from the controller confirmation of whether personal data about them are processed; if this is the case, they have the right to access information about these personal data and to the information listed in detail in Article 15 of the GDPR.
The data subject is entitled to demand from the controller the immediate correction of personal data about them that is incorrect and if necessary to demand completion of incomplete personal data (Article 16 of GDPR).
The data subject has the right to demand of the controller that they immediately erase personal data about them, insofar as one of the reasons listed in Article 17 of the GDPR applies, for instance when the data are no longer required for the purposes pursued (right to erasure).
The data subject has the right to demand of the controller the restriction of processing if one of the prerequisites listed in Article 18 of the GDPR, for instance if the data subject has filed an objection to processing, while the controller reviews the case.
The data subject has the right to file an objection to the processing of their personal data at any time for reasons relating to their particular circumstances. The controller will then no longer process the personal data, unless they can prove urgent legitimate reasons for processing, which take precedence over the interests, rights and freedoms of the data subject, or processing is for the purpose of asserting, exercising or defending legal rights (Article 21 of the GDPR).
Rights of the data subject in line with Article 13, Paragraph (2), Letter c) DSGVO
Insofar as you have given your consent to us to process your personal data for specific purposes (e.g. to process the data subject’s pictures), the legitimacy of this processing is based on your consent.
Once granted, consent can be revoked at any time. This also applies to revoking declarations of consent granted before the GDPR came into effect, thus before 25 May 2018.
Please note that the revocation is only effective for the future. Processing performed before your revocation is not affected.
Right to complain to a supervisory authority in line with Article 13, Paragraph (2), Letter D) of the GDPR
Irrespective of any other administrative rights under law or legal redress, every data subject has the right to lodge a complaint with a supervisory authority if they are of the opinion that the processing of personal data about them breaches the GDPR (Article 77 of the GDPR). The data subject can assert this right to a supervisory authority in the member state of their place of residence, their workplace or the place where the alleged breach took place.
In Baden-Württemberg the responsible supervisory authority is:
The State Commissioner for Data Protection and Freedom of Information
Königstrasse 10 a
PO Box 10 29 32
Personal data provided in line with Article 13, Paragraph (2) Letter e) of the GDPR
As part of our business relationship you only need to provide the personal data required for the establishment, execution and termination of the employment relationship or data which we are required by law to collect. Without these data we will generally be unable to execute the employment relationship.
Change of purpose
Data collection on our website
Who is responsible for collecting data on this website?
Data processing on this website is performed by the website operator. You can find their contact details in the site notice on this website.
How do we record your data?
We collect the data which you provide us with. This may be data which you enter in a contact form.
Other data are automatically collected by our IT system when you access our website. These data mainly consist of technical data (e.g. Internet browser, operating system or the time of day you accessed the website). These data are collected automatically as soon as you access our website.
What do we use your data for?
Some of the data is collected to ensure uninterrupted availability of the website. Other data may be used to analyze your user behavior.
Which rights do you hold in relation to your data?
Please refer to the obligatory information above for your rights.
Analysis tools and third-party provider tools
We would like to point out that data transmission in the Internet (e.g. when communicating per email) may be subject to security gaps. Seamless security to protect data from access by third parties is not possible.
Information, blocking, erasure
Within the context of the relevant statutory provisions, you have a right to free access to information about your personal data stored by us, its source, recipients, the purpose of data processing and if necessary, a right to correction, restriction or erasure of these data. You are welcome to contact us at the address specified in the site notice about this, and other questions on the subject of personal data.
Objection to advertising mails
Use of the contact details published in the site notice to send unsolicited advertising and information material is hereby expressly contradicted. The website operator expressly reserves the right to take legal steps in case of unsolicited advertising sent in the form of spam mail, for instance.
Internet websites use so-called cookies to some extent. Cookies do not damage your computer, nor do they contain viruses. Cookies are used to enhance the user friendliness, efficacy and security of our service. Cookies are small text files set on your computer and stored by your browser.
The majority of cookies we use are called session cookies. They are automatically deleted when you leave the website. Other cookies remain stored on your end device until you delete them. These cookies let us recognize you the next time you access our website.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases; or cookies are only accepted in specific cases or generally excluded, or they are automatically erased when you close the browser. Deactivating cookies may restrict the functions on this website.
Server log files
The website provider automatically collects and saves information in so-called server log files which your browser automatically sends to us. They are:
These data will not be consolidated with other data sources.
The basis for data processing is Article 6, Paragraph 1, Letter f of the GDPR, which allows data processing to conclude a contract or pre-contract measures.
When you send requests to us via the contact form, we store your details from the contact form and your contact details in order to process the request and in the case of follow-up questions. We do not forward these data without your consent.
Processing of the data you enter in the contact form is therefore performed exclusively on the basis of your consent (Article 6, Paragraph 1, Letter a of the GDPR). You can revoke this consent at any time by simply sending us an informal message to this effect via email. The legality of the data processing procedures up to the date of revocation shall remain unaffected by it.
We will store the data you entered in the contact form until you request erasure, revoke your consent to storage, or the purpose for which data were stored is no longer necessary (e.g. once we have finished dealing with your request). Compulsory statutory provisions – and retention periods in particular – remain unaffected by this.
Sharing content via plugins (Facebook, Google+, Twitter etc.)
The content on our web pages can be shared in social networks like Facebook, Twitter and Google+ in compliance with data protection law. This website uses the eRecht24 Safe sharing tool for this purpose. This tool only establishes direct contact between networks and users once users actively click one of these buttons.
This tool does not enable automatic transfer of user data to the operators of these platforms. If the user is logged into one of the social networks, when using the social buttons of Facebook, Google+, Twitter & Co. an information window is displayed in which the user can confirm the text before sending it.
Our users can share this website content in social networks in compliance with data protection law without the network operators creating a complete surfing profile.
Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Whenever you access one our web pages with LinkedIn functions, a connection is set up to LinkedIn servers. LinkedIn is informed that you have accessed our Internet pages with your IP address. If you click the LinkedIn “Recommend button" and you are logged into your account at LinkedIn, LinkedIn will be able to link your visit to our Internet pages with your user account. We point out that as provider of the pages we have no knowledge of the content of the transmitted data, nor of its use by LinkedIn.
Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
Whenever you access one our web pages with XING functions, a connection is established to XING servers. As far as we know, no personal data are stored in the process. In particular, IP addresses are not stored, and user behavior is not evaluated.
This website uses functions of the web analysis service, Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies". These are text files stored on your computer which enable the analysis of your use of the website. The information generated by the cookie about your use of this website is usually sent to a Google server in the USA and stored there.
Google Analytics cookies are stored on the basis of Article 6, Paragraph 1, Letter f of the GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize their web service and their advertising.
We have activated the IP anonymization function on our website. This means that Google truncates your IP address in member states of the European Union and in other states party to the European Economic Area Agreement before it is sent to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the USA and then truncated. On behalf of the operator of this website Google will use this information to evaluate your use of the website, compile reports about website activities and to perform other services related to website and Internet usage for the website operator. The IP address transmitted by your browser as part of the Google Analytics process will not be consolidated with other data held by Google.
You can prevent cookies being stored via your personal preferences in your browser software settings; however we point out that in this case you will not be able to make full use of all the functions on this website. You can also prevent transmission of the data generated by the cookie related to your use of the website (including your IP address) to Google and its processing of this data by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Objection to data collection
You can prevent Google Analytics collecting your data by clicking the following link. An opt-out cookie is set which prevents your data being collected when you access this website in the future: Deactivate Google Analytics.
We have concluded an order processing contract with Google and fully implement the rigorous standards of the German data protection authorities in the deployment of Google Analytics.
Google Analytics demographics
This website uses Google Analytics demographics function, in which reports can be compiled containing information on the age, gender and interests of website users. These data are sourced from interest-related Google advertising and third-party provider data on website users. These data cannot be traced to specific individuals. You can deactivate this function at any time in the advertising settings in your Google account or generally prevent the collection of your data by Google Analytics as described in the “Objection to data collection” section.
Our website uses Plugins from the YouTube website operated by Google. The operator of the web pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you access one of our web pages with a YouTube plugin, a connection will be set up to the YouTube servers, informing the YouTube server which of our web pages you have accessed.
If you are logged into your YouTube account, you enable YouTube to directly link your surfing behavior to your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube in the interest of displaying our online service in an attractive manner. This constitutes a legitimate interest within the meaning of Article 6, Paragraph 1, Letter f of the GDPR.
Google Web Fonts
This website uses so-called web fonts provided by Google to display fonts in a consistent look. When you access a site, your browser downloads the required web fonts to your browser cache in order to correctly display copy and fonts.
For this purpose, the browser you use must set up a connection to Google servers, thus providing Google with the information that your IP address was used to access our website. We use Google Web Fonts in the interest of displaying our online service in a consistent and attractive manner. This constitutes a legitimate interest within the meaning of Article 6, Paragraph 1, Letter f of the GDPR.
If your browser does not support web fonts, a standard font will be used by your computer.
This website uses the Google Maps service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Your IP address has to be stored in order to use the functions of Google Maps. This information is usually sent to a Google server in the USA and stored there. The provider of this website has no influence on the transmission of this data.
The use of Google Maps is in the interest of displaying our online services in an attractive manner and facilitates searching for the locations specified on the website. This constitutes a legitimate interest within the meaning of Article 6, Paragraph 1, Letter f of the GDPR.
Source: E-Recht 24