Privacy Policy


Introduction

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you here about which of your personal data we collect when you visit our website and for what purposes it is used.

A. General information

Names and contact details of the data controller and the data protection officer

The controller for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR) is:

optek-Danulat GmbH
Emscherbruchallee 2
45356 Essen, Germany
Phone: +49-(0)201-63409-0
Email: [email protected]

You can reach our data protection officer at the following contact details:

SICHERDAT GmbH
Robert Fischer
Glockengießerstr. 60
23552 Lübeck, Germany
E-Mail: [email protected]

General information on data processing, legal basis, storage period and recipients of the data

General information on data processing and legal basis

We process personal data in compliance with the relevant data protection regulations, in particular the DSGVO and the BDSG. Data processing by us only takes place on the basis of a legal permission. When using this website, we process personal data only with your consent (Art. 6 para. 1 lit. a DSGVO), for the performance of a contract to which you are a party, or at your request for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b DSGVO), for the fulfillment of a legal obligation (Art. 6 (1) lit. c DSGVO) or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, override (Art. 6 (1) lit. f DSGVO).

Duration of storage

Unless otherwise stated in the following notes, we store the data only for as long as is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law regulations.

Recipient/disclosure of the data

We only disclose your personal data to third parties if this is necessary for the fulfillment of the purposes and is covered by the legal basis in the individual case. Insofar as we are dependent on external service providers for the provision of services, for example for support, for the processing of payments and in the areas of permissible sending of advertising measures, the information required for the fulfillment of the order is passed on to these external service providers. These external service providers are carefully selected by us. In addition, an order processing agreement has been concluded with each of these service providers, so that this is regularly reviewed to ensure that your data is used in accordance with data protection regulations.

In addition, we disclose personal data to third parties in individual cases if this serves the assertion, exercise or defense of legal claims. Possible recipients may then be, for example, law enforcement agencies, lawyers, auditors, courts, etc. Data may also be passed on if we are entitled or obliged to pass on data due to statutory provisions and/or official or court orders. In particular, this may involve the disclosure of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.

Rights of the data subjects, right of appeal

Your rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

  • Information according to Art. 15 DSGVO about the data stored about you in the form of meaningful information about the details of the processing and a copy of your data;
  • Correction according to Art. 16 DSGVO of incorrect or incomplete data stored by us;
  • Deletion pursuant to Art. 17 DSGVO of the data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • Restriction of processing pursuant to Art. 18 DSGVO, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you object to their deletion because you need them for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO.
  • Data portability pursuant to Art. 20 DSGVO, insofar as you have provided us with personal data within the scope of consent pursuant to Art. 6 (1) a DSGVO or on the basis of a contract pursuant to Art. 6 (1) b DSGVO and these have been processed by us with the aid of automated processes. You will receive your data in a structured, common and machine-readable format or we will transfer the data directly to another responsible party, insofar as this is technically feasible.
  • Objection according to Art. 21 DSGVO against the processing of your personal data, insofar as this is based on Art. 6 para. 1 lit. e, f DSGVO and there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding compelling legitimate grounds for the processing are demonstrated or the processing is carried out for the assertion, exercise or defense of legal claims. Where the right to object does not exist for individual processing operations, this is indicated there.
  • Revocation according to Art. 7 para. 3 DSGVO of your given consent with effect for the future.

Complaint to a supervisory authority

If you believe that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

B. Data processing on the website

Automated data processing of the server

When calling up and using our website, we collect personal data that your browser automatically transmits to our server. The following information is stored temporarily in a so-called log file:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which the access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer

The processing is carried out to protect our overriding legitimate interest to display our website and ensure security and stability on the basis of Art. 6 para. lit. f DSGVO. The collection of data and storage in log files is mandatory for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 (1) DSGVO. Insofar as the further storage of log files is required by law, the processing is based on Art. 6 para. 1 lit. c DSGVO. There is no legal or contractual obligation to provide the data, however, calling up our website is technically not possible without providing the data.

The aforementioned data is stored for the duration of the display of the website and for technical reasons beyond that for a maximum of 10 days.

External hosting

Our website is hosted by a service provider.

The hoster is used in the legitimate interest of a secure and efficient provision of our online offer according to Art. 6 para. 1 lit. f DSGVO and for the purpose of initiating and fulfilling contracts with our potential and existing customers, Art. 6 para. 1 lit. b DSGVO.

In order to ensure data protection-compliant processing, we have concluded an order processing contract with the service provider in accordance with Art. 28 DSGVO.

Contact and contact form

If you contact us by e-mail, telephone or via our forms provided on the website, we process the personal data you provide (including e-mail address, telephone number, name) in order to process your request. The information collected via mandatory fields of the contact form is necessary to process the request. Furthermore, you can voluntarily provide additional information that you consider necessary for processing the contact request. The personal data collected in the course of contacting us will not be passed on to third parties.

The processing of your data in the context of contacting us is carried out for the purpose of communication and processing of your request on the basis of Art. 6 (1) lit. b DSGVO, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In other cases, the processing is based on our legitimate interest in the effective handling of requests addressed to us pursuant to Art. 6 (1) lit. f DSGVO. There is no legal or contractual obligation to provide your data, but the processing of your request is not possible without providing the information of the mandatory fields.

We store the data you enter until the purpose for storing the data no longer applies (usually after processing your request has been completed). This does not apply only if we are required by law to keep the data longer.

Cookies

We use cookies. Cookies are small text files that are stored on your terminal device when you call up the website. They cannot transmit viruses or malware to your computer, but they do contain information that allows the user to be identified. A distinction must be made between transient cookies, which are deleted as soon as your browser is closed, and persistent cookies, which are stored beyond the respective session and recognize you the next time you visit the website. You can delete individual or all cookies via your browser settings. In addition, you have the option via your browser settings to generally deactivate cookies or to restrict them to certain domains.

With regard to the function, a distinction must be made between technically necessary and non-necessary cookies.

Technically necessary cookies

These are usually set in response to an action you have taken. These include settings such as language or cookie preferences. It is possible to deactivate these cookies in the browser. In this case, error-free functioning of our website can no longer be guaranteed.

Technically unnecessary cookies

These are cookies that are not absolutely necessary for the operation of our website and its functions. The use of such cookies constitutes data processing that is only permitted with your active consent (Art. 6 para. 1 p. 1 lit. a DSGVO). This also applies to the transfer of your personal data to third parties.

Cookie-Consent-Management (Usercentrics)

We use the consent management service Usercentrics, of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (Usercentrics). This allows us to obtain and manage the consent of website users for data processing. The processing is necessary for the fulfillment of a legal obligation to which we are subject (Art. 6 para. 1 p. 1 lit. c DSGVO). The following data is processed for this purpose:

Date and time of access, browser information, device information, geographic location, cookie preferences, URL of the page visited.

The functionality of the website is not guaranteed without the processing.

Usercentrics is a recipient of your personal data and acts as a processor for us.

The processing takes place in the European Union. For more information on how to object and opt-out of Usercentrics, please visit: https://usercentrics.com/de/datenschutzerklaerung/.

The data will be deleted after 3 years.

Please see our general comments above about deleting and disabling cookies.

Google Analytics

This website uses the "Google Analytics" service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyze website usage by users, for example the number of times our online offering is accessed, sub-pages visited and the length of time users spend on the site. This information is used, among other things, to compile reports on website activity.

Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users. The information collected by the cookies is usually sent to a Google server in the USA and stored there. Google has been certified in accordance with the "EU-US Data Privacy Framework". The Data Privacy Framework DPF is an agreement between the USA and the European Union, which is intended to ensure compliance with European data protection standards for data processing in the USA. The certified companies are obliged to comply with these data protection standards. For more information, please see the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

You have the option of preventing the cookie from being stored on your device by making the appropriate settings in your browser. It is not guaranteed that you can access all functions of this website without restrictions if your browser does not allow cookies.

Furthermore, you can use a browser plugin to prevent the information collected by cookies (including your IP address) from being sent to and used by Google Inc. The following link will take you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=de.

Here you can find more information about data usage by Google Inc: https://support.google.com/analytics/answer/6004245?hl=de

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

The legal basis for the data processing is your consent according to Art. 6 para. 1 lit. a DSGVO.

Google Tag Manager

We use Google Tag Manager, provided by Google Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), to manage website tags through one interface and allow us to control the exact integration of services on our website.

Google is certified in accordance with the "EU-US Data Privacy Framework". The Data Privacy Framework DPF is an agreement between the USA and the European Union, which is intended to ensure compliance with European data protection standards for data processing in the USA. The certified companies are obliged to comply with these data protection standards. For more information, please see the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

The legal basis for the data processing is your consent according to Art. 6 para. 1 lit. a DSGVO.

C. Further data processing

Applications

If you apply to us and submit your application documents, you consent to the processing of your data for the purpose of carrying out the application procedure in accordance with the type and scope described in this data protection declaration. You are welcome to send your application to the e-mail address provided. However, we would like to point out that data transmission via e-mail is generally not encrypted. Therefore, we cannot assume any responsibility for the transmission path between you and the reception on our server. You are also welcome to send us your application by post instead.

Your data will be processed for the purpose of processing your application and deciding on the establishment of an employment relationship on the basis of Art. 88 (1) DSGVO in conjunction with. § 26 BDSG. There is no legal or contractual obligation to provide your data, but the processing of your application is not possible without the provision of the information.

In the event of a successful application, your data may be further processed by us for the purposes of the employment relationship. If your application for a job offer was not successful, the data will be deleted after a period of six months following the rejection.

Use of an ERP system

We use the cloud ERP software weclapp of weclapp GmbH, Friedrich-Ebert-Straße 28 97318 Kitzingen. Among other things, this supports us in managing contract processing, existing and potential customers and contacts, and in organizing communication processes. In principle, the following data is processed: Last name, name, title, name of the company, address (business), Internet address, e-mail address, telephone number, customer number, history, appointment data, data on purchased goods or services, contract data, photos, details of profession.

The processing of the data is based on Art. 6 (1) lit. b DSGVO, insofar as it is necessary for the implementation or initiation of a contract. In other cases, processing takes place on the basis of Art. 6 para. 1 lit. f DSGVO. Our legitimate interest is the efficient, secure and user-friendly management of your data and our company organization.

weclapp performs data processing on behalf of member states of the European Union or the European Economic Area. We have entered into an order processing agreement with weclapp, in which we oblige weclapp to protect your data and to process it in a data protection compliant manner. The privacy policy of weclapp can be viewed here: https://www.weclapp.com/de/datenschutz/.

After complete processing of the contract, your data will be blocked, taking into account tax and commercial law retention periods, and deleted after expiry of these periods, unless further legal retention periods require longer storage.

Use of M365

We use the M365 software solution from Microsoft, Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, USA. M365 is an office software as well as a collaboration and exchange platform with which individual users or teams can also work together across organizational boundaries. If you use M365 applications such as Teams or SharePoint together with us after an invitation, personal data of you will be processed. The following personal data may be subject to processing:

  • Identification data (e.g., names, addresses, (official) e-mail, telephone numbers, profile picture (voluntary), user name).
  • Content data (e.g., text input, videos, audio data, documents)
  • Usage data (e.g., SharePoint pages visited, time of access, date, type of access, indication of data/files/documents accessed and all activities related to usage, such as creating, modifying, deleting a document, setting up a team (and channels in teams), chat messages).
  • Meta/communication data (e.g., IP addresses, device/hardware information, location data, if released by the user, live transmission of image and sound)

We process your personal data exclusively for the purpose of effective collaboration. In particular, your data is processed in order to be able to use the respective tool for the purpose of communication and collaboration. In addition, your data is processed for the purpose of ensuring the functional security and stability of the IT systems.

The processing of the data is based on Art. 6 (1) lit. b DSGVO, insofar as it is necessary for the implementation or initiation of a contract. In other cases, processing takes place on the basis of Art. 6 para. 1 lit. f DSGVO. Our legitimate interest is the efficient, secure and user-friendly conduct of meetings and cross-organizational collaboration. We process certain personal data, e.g. the recording of meetings, only with your prior, explicit and voluntarily given consent pursuant to Art. 6 para. 1 lit. a DSGVO. There is neither a contractual nor a legal obligation to provide the data; however, without the provision, communication or cooperation via this channel is not possible.

The provision of the M365 service and the associated data processing is carried out by Microsoft Corporation as a processor. We have concluded an order processing agreement with Microsoft, through which Microsoft undertakes to protect your data and to process it in a data protection-compliant manner. Microsoft is a US provider. It cannot be ruled out that individual data will be processed in the USA. Microsoft has been certified in accordance with the "EU-US Data Privacy Framework". The Data Privacy Framework DPF is an agreement between the USA and the European Union, which is intended to ensure compliance with European data protection standards for data processing in the USA. The certified companies are obliged to comply with these data protection standards. For more information, please see the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active

As a matter of principle, your personal data will be deleted as soon as they are no longer required for the purposes for which we collected and processed them and unless legal retention periods require longer storage.