Data privacy Statement
Your privacy is our concern.
As of: 06. April 2019
Thank you for visiting our website and for your interest in our company and our products. We take the protection of your private data seriously and want you to feel safe when visiting our website. Below we inform you how we collect personal data when users visit our website. In compliance with applicable data protection regulations, we inform you which personal data we collect
- when you visit our website
- when you submit an online application
- when you register for our newsletter
- in the contact form
as well as the purposes for which we use this data and how we use it, in order to optimise our services to you.
1. Controller / data protection officer
(1) The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is
August Faller GmbH & Co. KG
Freiburger Strasse 25
79183 Waldkirch, Germany
hereinafter referred to as “Faller”, “we” or “us”. Further information about the provider can be found in our legal notice (Impressum).
(2) You can contact the company data protection officer by writing to: firstname.lastname@example.org or via our postal address adding “Datenschutzbeauftragter” (data protection officer).
2. Types of data processed, categories of data subjects
2.1 Type of data processed
- Basic data (e.g. customer master data, such as names and addresses)
- Contact data (e.g. e-mail addresses, telephone numbers)
- Usage data (e.g. websites visited, interest in content, access times)
- Metadata /communication data (e.g. device information, IP addresses), see Section 4.
2.2 Categories of data subjects
Visitors and users of the website and online offers
(In the following, data subjects are collectively referred to as “users”)
3. Purpose of processing
We use your personal data
- To provide the website and the online offer, its features and its content
- To create and manage your personal customer account
- To identify you as a user
- To answer contact requests and communicate with users
- For security measures
- For web analysis and range measurement
- For direct marketing purposes, e.g. in the form of an e-mail newsletter or postal advertising.
4. Provision of the website and log files
(1) If you only use the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser automatically transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and ensure stability and security (the legal basis for this is provided by Art. 6 (1) sentence 1 letter f) GDPR):
- IP address
- Date and time of the request
- Time zone difference relative to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Volume of data transferred
- Website from which the request originates
- Operating system and interface
- Language and version of the browser software
(2) Users’ IP addresses are deleted or anonymised after the session has ended. If anonymised, IP addresses are changed in such a way that individual details about personal or factual circumstances cannot be associated with a specific or identifiable natural person, or can only be so associated with a disproportionate investment of time, cost and labour.
(1) In addition to the log files referred to above, cookies are stored on your computer when you use our website. Cookies are small text files stored on the hard drive of your computer by your browser, which allow certain information to be passed to the location that sets the cookie (in this case us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective overall.
a) This website uses the following types of cookies, whose scope and functions are explained below:
- Session cookies (see b)
- Persistent cookies (see c).
b) Session cookies store a “session ID”, whereby various requests from your browser can be assigned to the shared session. Session cookies are deleted when you log out or close your browser. If you restart your browser and go back to the site, the site will not recognise you. You will need to log in again (if a login is required) or you will need to reset templates and preferences if the site offers these features. A new session cookie will then be generated that stores your information and remains active until you leave the site and close your browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in your browser’s security settings at any time.
a) Technically necessary cookies
Technically necessary cookies allow use of our website by enabling basic functions such as page navigation and access to secure areas of the website. Visits to our website will not work properly without these cookies.
Storage duration: Session cookies are deleted when you close your browser.
b) Performance (e.g. user’s browser) and preferences
When you visit our website, cookies are used to recognise the browser, for example, and thereby improve performance (e.g. to load content faster). When you visit our website, the country and language identified by the site or chosen by you are stored in cookies to save you having to re-select them during subsequent visits. A check is made beforehand to see whether your browser supports cookies and this information is stored in another cookie. You are then shown country and language-related, localised contact information, which will also be saved. The legal basis for this is provided by Art. 6 (1) sentence 1 letter f) GDPR.
Storage duration: Session cookies are deleted when you close your browser.
c) Analysis cookies (statistics)
We use third-party analytics cookies to understand how visitors use our site. This helps us to improve the quality and content of our site. The aggregated statistical information includes data such as the total number of visitors. For example, we learn how often and in which order individual pages have been accessed and how much time visitors spend on average looking at our pages. We also find out whether users visited our website at an earlier point in time. The legal basis for this is your consent pursuant to Art. 6 (1) sentence 1 letter a) GDPR. For further information see Section 10 (Web analytics services).
Storage duration: Persistent cookies are kept, but automatically deleted after 2 years if the website was not visited again.
d) Advertising cookies (marketing)
These allow us to assess and optimise our marketing activities. The legal basis for this is provided by Art. 6 (1) sentence 1 letter f) GDPR.
Storage duration: Persistent cookies are kept, but automatically deleted after 2 years if the website was not visited again.
(4) Control over cookies
You can configure your browser settings the way you want and, for example, control or reject acceptance of third-party cookies or all cookies according to your preferences. You can delete existing cookies via the browser settings. We would point out that in that case you might not be able to use all the features of this website.
6. My Faller
(1) You can set up your own personalised topic pages by navigating the “My Faller” area of this website. This works by using cookies (see “Cookies”).
(2) In “My Faller” you can get in touch with us about your chosen topics. Your chosen solutions will be displayed in the message you send us. This can also be done using contact boxes which allow you to write directly to one of our employees or request a callback (see Section 8 “Contact form and e-mail contact”). We will never pass on data collected in this way to third parties; we will only use it for the purpose of improving our business relationship.
(3) The legal basis for processing the data is provided by Art. 6 (1) letter a) GDPR, where the user has given their consent. The legal basis for processing data transmitted in the course of sending an e-mail or for the personalised compilation of topic pages is provided by Art. 6 (1) letter f) GDPR.
7. Product and service information
(1) In the case of marketing, i.e. electronic transmission of product and service information via e-mail, invitations to trade fairs and events or white papers (hereinafter “product and service information”), we ask interested parties for their express approval of and consent to this Data Protection Statement.
(2) We use the “double opt-in” procedure. This means that, after you have registered, we will send an e-mail to the e-mail address you provided when you registered, in which we ask you to confirm that you wish to receive product and service information by e-mail. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. We also store your addresses and dates of registration and confirmation. The purpose of the procedure is to have proof of your registration and, if necessary, clarify any possible misuse of your personal data.
(3) Following your confirmation, we will store your e-mail address for the purpose of sending you product and service information. The legal basis is provided by Art. 6 (1) sentence 1 letter a) GDPR.
(4) You can revoke and cancel your consent to receive product and service information at any time. To cancel, click on the link provided in every e-mail or send us a message using the contact details provided in the legal notice (Impressum).
8. Contact form and e-mail contact
(1) Our website contains various contact forms which can be used to contact us electronically. First, there is a general contact form which you can access by selecting “Contact”. Or you can contact us using your personal topic memory “My Faller” (see Section 6). You can also use your own contact form to send us queries as part of an online application (see Section 9). When a user chooses this option, the data entered in the input screen will be transmitted to us and stored. The corresponding data immediately becomes visible in the input screen.
The following data will also be stored at the time of sending:
• The user’s IP address
• Date and time the form was sent
(2) Your consent to the processing of the data will always be requested, with reference to this Data Protection Statement. Alternatively, you can contact us via the e-mail addresses provided. In this case, the user’s personal data transmitted with the e-mail will be stored. The data will be used exclusively for the purposes of dealing with the inquiry.
(3) The legal basis for processing the data is provided by Art. 6 (1) sentence 1 letter a) GDPR, where the user has given their consent. The legal basis for processing data transmitted in the course of sending an e-mail is provided by Art. 6 (1) sentence 1 letter f) GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for processing is provided by Art. 6 (1) letter b) GDPR. If the contact request or e-mail contact serves to initiate an employment relationship, particularly as part of an online application, the legal basis is provided by Section 26 of the German Federal Data Protection Act (BDSG).
(4) We will process personal data from the input screen solely for the purposes of establishing contact. Where contact is established via e-mail, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
(5) The data will be deleted as soon as they are no longer needed to achieve the purpose for which they were collected. For personal data obtained from the input screen of the contact form and personal data sent by e-mail, this takes place when the respective conversation with the user has ended. The conversation ends when it is apparent from the circumstances that the matter in question has been conclusively resolved. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
9. Online application
(1) We collect, process and use your personal data in order to deal with your online application. Your online application data will be sent via e-mail directly to the human resources department and will of course be treated confidentially. Appropriate technical and organisational measures ensure that your personal data are treated confidentially in accordance with legal requirements.
(2) When completing your online application, please be aware that e-mail data transmissions are unencrypted and that, under certain circumstances, the data may be read or falsified by unauthorised persons. You are welcome to send us your documents by post. If you have applied for a specific position and this position has already been filled or if we consider you to be equally suited or even better suited to another position, we would like to forward your application within our company. Please inform us if you do not agree to our doing this. Your personal data will be automatically deleted after completion of the application procedure, but at latest after 6 months, unless you expressly consent to storage for a longer period of time.
10. Automated decision-making
In establishing and maintaining business relations, we generally refrain from fully automated decision-making pursuant to Art. 22 GDPR.
In order to be able to provide you with targeted information and advice on products, we or service providers acting on our behalf may use web analysis tools, especially tracking technology. These allow communications and marketing to be tailored according to need. In this regard, we refer you to Section 12 Web analytics services.
B. Data processing by third parties
12. Web analytics services
Faller uses Google Analytics and Pardot. The legal basis for this is the consent given to us pursuant to Art. 6 (1) sentence 1 letter a) GDPR. We request your express consent the first time you visit.
a) Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files stored on your computer, to help the website analyse how you use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is enabled on this website, your IP address will first be truncated by Google within member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional situations will your full IP address be transmitted to Google servers in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.
(2) The IP address transmitted by your browser as part of Google Analytics will not be associated with any other data held by Google.
(4) This website uses Google Analytics with the extension “anonymizeIp()”, IP addresses being truncated before further processing in order to rule out direct associations to persons. If the data collected about you contains a reference to a person, this will be eliminated immediately and the personal data deleted at once.
(5) We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained allow us to improve our services and make them of greater interest to you as a user. For the exceptional cases where personal data are transmitted to the USA, Google has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/welcome. The legal basis for use of Google Analytics is provided by Art. 6 (1) sentence 1 letter f) GDPR.
(6) Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Overview of data protection and data protection statement: https://policies.google.com/privacy?gl=DE&hl=de
(7) This website uses Google Tag Manager as part of Google Analytics. Tags are small pieces of code on our website that are used, among other things, to measure traffic and visitor behaviour, determine the impact of online advertising and social channels, carry out remarketing and targeting, and test and optimise the website. Google Tag Manager is a solution that allows Busch to manage website tags via a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain. The tool triggers other tags that may themselves collect data. Google Tag Manager does not access these data. If deactivation has been carried out at the domain or cookie level, it will persist for all tracking tags implemented with Google Tag Manager.
(8) For further information about Google Tag Manager, visit https://www.google.de/tagmanager/use-policy.html
(1) We use the Pardot Marketing Automation System (“Pardot MAS”) of Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (“Pardot”) on our websites. Pardot is a special software for recording and evaluating the use of a website by website visitors. Insofar as Pardot LLC processes personal data, the processing is carried out exclusively on our behalf and in accordance with our instructions. We have concluded a separate agreement with Pardot LLC to ensure that Pardot LLC complies with the EU Data Protection Directive.
(3) You can revoke your consent at any time with effect for the future. To do so, please contact us using the contact details mentioned in Section 1 of this Data Protection Statement. You can also disable the creation of pseudonymised user profiles at any time by configuring your Internet browser so that cookies from the domain “pardot.com” are not accepted. However, this may limit the functionality of our website and make it less user-friendly.
13. Social media
(1) We currently use the following social media plug-ins: Facebook, Xing, LinkedIn. You can recognise the provider of the plug-in by the marking on the box above its initial letter or the logo. We enable you to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider be informed that you have accessed the corresponding website of our online service. In addition, the data referred to in Section 4 of this statement will be transmitted. In the case of Facebook and Xing, the IP address is made anonymous immediately after collection, according to information provided by the respective providers in Germany. By activating the plug-in, personal data are transferred from you to the respective plug-in provider and stored there (in the USA for US providers). Since the plug-in provider collects data mainly via cookies, we recommend that you delete all cookies before clicking on the greyed-out box using your browser’s security settings.
(2) We have no influence on the data collected and data processing methods, nor are we aware of the full extent of data collection, the purposes of processing or the storage periods. We also have no information about the deletion of data collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (including for users who are not logged in) to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, in which case you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we enable you to interact with social networks and other users, so that we can improve our services and make them of greater interest to you as a user. The legal basis for the use of plug-ins is provided by Art. 6 (1) sentence 1 letter f) GDPR.
(4) Data transmission takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged into a plug-in provider, your data collected by us are directly associated with the account you have with the plug-in provider. If you click on the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend regularly logging out after using a social network, in particular before activating the button, as in this way you can prevent a link being made by the plug-in provider to your profile.
(5) Further information on the purpose and scope of the collection and processing of data by the plug-in provider is available in the data protection statements of these providers listed below. There you can also find further information on your associated rights and setting options for protecting your privacy.
(6) Addresses of the respective plug-in providers and URLs with their data protection notices:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://de-de.facebook.com/policies; further information on data collection: https://www.facebook.com/help/186325668085084, https://de-de.facebook.com/about/privacy . Facebook has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/welcome .
- Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; https://privacy.xing.com/de/datenschutzerklaerung
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; https://www.linkedin.com/legal/privacy-policy . LinkedIn has committed to the EU-US Privacy Shield https://www.privacyshield.gov/welcome
14. Integration of YouTube and Vimeo videos and components
Use of YouTube
(1) We have included YouTube videos in our online offering which are stored at http://www.youtube.com and can be played directly from our website. By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in Section 3 of this statement will be transmitted. This takes place regardless of whether YouTube provides a user account that you are logged into, or whether no user account exists. When you are logged into Google, your information will be directly associated with your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even in the case of users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, in which case you must contact YouTube to exercise this right.
(2) Further information on the purpose and scope of the collection and processing of data by You Tube is available in its data protection statement. There you can also find further information on your associated rights and setting options for protecting your privacy: https://policies.google.com/privacy?gl=DE&hl=de . Google also processes your personal data in the United States and has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/welcome.
Use of Vimeo components
(3) We use components of the provider Vimeo on our site. Vimeo is a service of Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA. Each time you visit our website, which is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the Vimeo component. If you access our site while logged in to Vimeo, Vimeo uses the information collected by the component to identify which specific page you are visiting and to associate this information with your personal account at Vimeo. For example, if you click the “Play” button or make comments, this information will be transferred to your personal user account at Vimeo and stored there. In addition, the information that you have visited our site will be passed on to Vimeo. This happens whether or not you click on the component or make comments.
C. Rights of data subjects
15. Your rights
If personal data about you is processed, you are a data subject within the meaning of the GDPR and you have the following rights in relation to us as the controller:
a) Rights under Art. 15 et seq. GDPR
(1) The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed; if this is the case, he or she shall have the right to information about such personal data and to the information specified in Art. 15 GDPR. Subject to certain conditions, you have the right to rectification pursuant to Article 16 GDPR, the right to restriction of processing pursuant to Article 18 GDPR and the right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR. In addition, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format (right to data portability) pursuant to Article 20 GDPR, where processing is carried out by automated means and is based on consent pursuant to Art. 6 (1) letter a) or Art. 9 (2) letter a) or on a contract pursuant to Art. 6 (1) letter b) GDPR. The right to information and the right to erasure are subject to the restrictions under Sections 34 and 35 BDSG.
(2) You may revoke your consent to the processing of personal data at any time. This also applies to the withdrawal of declarations of consent that were given to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the withdrawal is only valid for the future. Data processed prior to the withdrawal is not affected.
b) Right to lodge a complaint
Without prejudice to any other legal remedy, you have the right to address a complaint to us or to a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement (Article 77 GDPR in conjunction with Section 19 BDSG).
c) Right to object
In addition to the aforementioned rights, you have the right to object pursuant to Article 21 GDPR as follows:
(1) Right to object in relation to a specific case
You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data which is based on Art. 6 (1) (e) GDPR (data processing in the public interest) and Art. 6 (1) (f) GDPR (data processing for the purposes of legitimate interests); this includes profiling based on those provisions within the meaning of Art. 4 (4) GDPR.
If you object, we will no longer process your personal data, unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or show that the processing serves for the establishment, exercise or defence of legal claims.
(2) Right to object to the processing of data for marketing purposes
In certain cases we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of your personal data for such marketing; this also includes profiling where related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
The objection may be submitted, without any requirements as to form, to the office indicated in Section 1 of this Data Protection Statement.
16. Supervisory authority
The supervisory authority responsible for Faller at its registered office in Waldkirch can be contacted as follows:
The State Commissioner for Data Protection and Freedom of Information (Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit)
Postfach 10 29 32, 70025 Stuttgart
FAX NUMBER: 0711/615541-15
D. Final provisions
(1) We have taken technical and organisational security measures to protect your personal data from loss, destruction, manipulation and unauthorised access. All our employees and all third parties involved in data processing are obliged to comply with the Federal Data Protection Act (Bundesdatenschutzgesetz) and to ensure the confidential handling of personal data.
(2) Where personal data are collected and processed using contact forms, the information shall be transmitted in encrypted form in order to prevent misuse of the data by third parties. Our security measures are continually reviewed in line with technological developments.
18. Changes to our data protection requirements
We reserve the right to change our security and data protection measures if this becomes necessary due to technical developments. In such cases, we will also update our Data Protection Statement accordingly. The latest version of our Data Protection Statement therefore applies.
19. General Terms & Conditions
This Data Protection Statement supplements our General Terms and Conditions, which can be found on the August Faller website, with regard to data protection issues.
Revised: 06. April 2019