Privacy Notice Fliegl Energy GmbH
1. Introduction
The following information is meant to give you, the "data subject", an overview of how we process your personal data and your rights under the data protection laws. Personal data, such as your name, address, email address or IP address, is always processed in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to "Fliegl Energy GmbH".
The aim of this Privacy Notice is to inform you about the scope and purpose of the personal data we collect, use and process. As the party responsible for the processing, we have implemented a number of technical and organisational measures to ensure that the protection of the personal data processed via this website is as comprehensive as possible. Nevertheless, internet-based data transmission can be subject to weaknesses in security, meaning absolute protection cannot be guaranteed. For this reason, you also have the option to send us personal data by alternative means, for example by phone or post.
2. Data controller
The data controller, as defined by the GDPR, is:
Fliegl Energy GmbH
Bürgermeister-Boch-Strasse 1, 84453 Mühlhof am Inn, Germany
Phone: 086313070
Fax: 08631307552
Email: energy(at)fliegl.com
Head of responsible entity: Maria Fliegl
3. Data protection officer
You can reach the data protection officer as follows:
Stefan Auer
ascon-Datenschutz GmbH & Co. KG
Telefon: 0911 148986 50
Telefax: 0911 148986 59
Email: office(at)ascon-datenschutz.de
You can contact our data protection officer directly at any time if you have any questions or suggestions regarding data protection.
4. Definitions
This Privacy Notice uses terms based on those used by the European legislators in adopting the General Data Protection Regulation (GDPR). Our Privacy Notice should be easy for both the public and for our customers and business partners to read and understand. To ensure this is the case, we would like to explain the terms used in advance.
We use the following terms in this Privacy Notice, among others:
1. Personal data
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller (our company).
3. Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data with or without the aid of automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Restriction to processing
Restriction to processing means marking stored personal data with the aim of limiting its processing in future.
5. Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
6. Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the data can no longer be assigned to a specific data subject without additional information being provided, provided that such additional information is kept separately and subject to appropriate technical and organisational measures that ensure that personal data cannot be attributed to an identified or identifiable natural person.
7. Data processor
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
8. Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed. A recipient may or may not be a third party. However, public authorities which receive personal data within the context of a specific inquiry in accordance with Union or Member State law shall not be regarded as recipients.
9. Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who are authorised to process personal data under the direct authority of the controller or processor.
10. Consent
Consent means any freely given, specific, informed and unambiguous declaration of the data subject’s wishes by which he or she, in the form of a statement or other clear affirmative action, indicates agreement to the processing of his or her personal data.
5. Legal basis for processing
Art. 6 Para. 1(a) GDPR serves as our company’s legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the fulfilment of a contract to which you are a contractual party, as is the case for example with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, processing is based on Art. 6 Para. 1(b) GDPR. The same applies to those processing operations required to carry out pre-contractual measures, e,g., in cases of queries regarding our products or services.
If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfilment of tax obligations, processing is based on Art. 6 Para. 1(c) GDPR.
In rare cases, processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor to our company were injured and his/her name, age, health insurance data or other vital information needed to be disclosed to a doctor, hospital or other third party. In this case, the processing would be based on Art. 6. Para. 1(d) GDPR.
Finally, processing operations could be based on Art. 6. Para. 1(f) GDPR. Processing operations not based on any of the aforementioned legal bases may be carried out on the basis of Art. 6 Para. 1(f) GDPR if processing is necessary to safeguard the legitimate interests of our company or those of a third party, provided the interests and fundamental rights and freedoms of the data subject do not take precedence. We are permitted to carry out such processing operations because they have been specifically mentioned in European law. In this respect, the legislature took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).
6. Technology
6.1 SSL/TLS encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as the content of a contact request or your email address used to register for our Fliegl news. You can recognise an encrypted connection by the display of "https://" instead of "http://" in the address line of your browser and by the lock symbol in your browser bar.
If SSL or TLS encryption is activated, the data you send us cannot be read by third parties.
6.2 Data collection when visiting the website
If you only use our website for informational purposes, i.e. if you do not register or provide us with information by any other means, we only collect the data your browser sends our server (in what is known as "server log files"). Our website collects a series of general data and information every time you or an automated system access a page. This general data and information is stored in the server’s log files. The data collected includes:
types and versions of browsers used,
the operating system used by the accessing system,
the website from which an accessing system accesses our website (called a referrer),
the sub-pages visited by an accessing system on our website,
the date and time the website is accessed,
a abbreviated Internet Protocol Address (anonymised IP address),
the accessing system's internet service provider.
When using this general data and information, we do not draw any conclusions regarding your person. Instead, this information is needed to
properly deliver the contents of our website,
optimise the contents of our website as well as site-related advertising,
ensure the lasting functionality of our IT systems and the technology of our website as well as to
provide the information necessary for law enforcement authorities to prosecute in the event of a cyber attack.
The data and information collected is therefore analysed for statistical purposes and also with the aim of increasing data protection and data security within our company to ultimately ensure an optimum level of protection for the personal data that we process. The anonymous data from the server log files is stored separately from all other personal data provided by a data subject.
The legal basis for the data processing is Art. 6 Para. 1 Sentence 1(f) GDPR. Our legitimate interest is based on the purposes for data collection listed above.
Your data is not passed on to third parties, except for the purposes listed below.
We only pass your personal data on to third parties if:
you have given your explicit consent to this pursuant to Art. 6 Para. 1 Sentence 1(a) GDPR,
disclosure pursuant to Art. 6. Para. 1 Sentence 1(f) GDPR is permitted for the safeguarding of our legitimate interests and there is no reason to assume that such interests are overridden by your interest in the non-disclosure of your data,
in the event that disclosure pursuant to Art. 6. Para. 1 Sentence 1(c) GDPR is a legal obligation, and
it is legally permissible according to Art. 6 Para. 1 Sentence 1(b) GDPR is required for the execution of contractual relationships with you.
7. Cookies
We use cookies on our website. Cookies are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device and do not contain viruses, trojan horses or other malware.
The cookie stores information which is generated in the context of the specific terminal used. However, this does not mean that we are immediately aware of your identity.
The use of cookies helps us make it more convenient for you to use our website. For example, we use session cookies to detect whether you have already visited individual pages on our website. These are automatically deleted when you leave our website.
To improve the user-friendliness of our website, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site again to take advantage of our services, it will automatically recognize that you have previously visited us and any entries and settings you have specified, so you do not have to re-enter them.
In addition, we use cookies to collect statistical data on the use of our website and analyse it for the purpose of optimising our services. These cookies allow us to automatically recognise that you have already visited our website when you visit our website again. These cookies are automatically deleted after a defined period of time.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so a message is always displayed before a new cookie is created. However, if you disable cookies completely, you may not be able to use all the features on our website.
The processing of data through cookies for the purposes stated above is partly required to safeguard our legitimate interests pursuant to Art. 6 Para. 1 Sentence 1(f) GDPR. In particular this includes cookies which are necessary to display the website properly on your device or the Usercentrics cookie. The latter is used to retrieve and store the consent necessary for the other cookies.
On our homepage you can manage and change your individual cookie settings at any time using the fingerprint symbol. We only use the cookies listed there after and as long as we have your consent. These include
CleverReach
Google Analytics
Google Analytics Statics
Google Maps
Youtube Videos
Detailed information about the cookies can be found either by clicking on the question mark in the manual cookie settings or in the corresponding paragraphs below. Your settings are generally saved for three months and then cleared completely, meaning that your personal data is not stored as a permanent setting.
8. Contents of our website
8.1 Data processing when opening a customer account and for contract processing
In accordance with Art. 6. Para. 1(b) GDPR, personal data will be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. The data that will be collected is indicated on the relevant forms. The account can be deleted at any time. This can be done by sending a message to the address of the data controller, stated above. We save and use the data you provide for processing the contract. After completion of the contract or deletion of your customer account, your data will be blocked with due consideration for the retention periods required under tax law and commercial law and will be erased once these periods have expired, provided you have not consented to the continued use of this data or lawful continued use of this data is reserved by us, which we will inform you of below.
8.2 Contact / contact form
Personal data is collected when you contact us (e.g. using our contact form or by email). If you use a contact form to get in touch with us, the contact form you use will indicate the data being collected. This data is stored and used exclusively for the purpose of responding to your query or establishing contact, and the technical administration associated with this. The legal basis for the data processing is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1(f)f GDPR. If you contact us with the intention of concluding a contract, an additional legal basis for the processing is Art. 6 Para. 1(b) GDPR. Your data will be erased once we have finished processing your query. This is the case when it can be inferred from the circumstances that the relevant facts have been clarified in a conclusive manner and there are no legal retention obligations that prevent its erasure.
8.3 Services / digital products
We only transmit personal data to third parties if it is required to fulfil the terms of the contract, for example, to banks entrusted to process your payments.
Your data will not be transmitted unless you have explicitly approved the transmission. Your data will not be passed on to third parties, e.g. for advertising purposes, without your explicit consent.
The basis for the data processing is Art. 6 Para. 1(b) GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.
8.4 Application management / job board
We collect and process applicants’ personal data in order to complete out the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, for example by email. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically erased after two months after notification of the rejection decision, provided that no other legitimate interests of ours prevent their erasure. Other legitimate interests in this context include, for example, the duty to provide evidence in proceedings under the German Equal Treatment Act (AGG).
Data processing in this respect is carried out on the basis of Art. 88 Para. 1 GDPR in conjunction with § 26 BDSG (Data processing for employment-related purposes).
9. Newsletters
9.1 Promotional newsletter
On our website, you have the option to subscribe to our company newsletter. The input screen used determines which personal data is shared with us when subscribing to the newsletter.
We use our newsletter to inform our customers and business partners at regular intervals of our offers. You can generally only receive our company’s newsletter if
you have a valid email address and
have registered for the newsletter and
consent to the processing of your personal data for newsletter evaluation purposes.
For legal reasons, as part of the double opt-in procedure a confirmation email will be sent to the email address you provided when registering for the newsletter. The purpose of this confirmation email is to check if you are the owner of the email address and have authorised the newsletter.
When you register for the newsletter we also save the IP address issued by your Internet Service Provider (ISP) and used by your IT system at the time of registration, as well as the date and time of registration. The collection of this data is required to investigate any (potential) misuse of your email address at a later stage and it is therefore necessary for our legal protection.
The personal data collected during registration is used solely for sending and evaluating our newsletter. Furthermore, subscribers to the newsletter may be sent information via email if this is necessary for the operation of the newsletter service or for registration purposes, for example in the event of changes to the newsletter or to technical circumstances. Personal data collected for our newsletter service is not shared with third parties, with the exception of the tool CleverReach. You can cancel your subscription to our newsletter at any time. Your consent to the storage of personal data, which you provided in order to receive the newsletter, can be revoked at any time. Every newsletter contains a link which enables you to revoke your consent. Furthermore, you can unsubscribe from our newsletter directly via our website or inform us of your cancellation in another way.
The legal basis for data processing for the purposes of sending a newsletter is Art. 6. Para 1(a) GDPR.
9.2 CleverReach
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service which enables the management and analysis of newsletters. The data you have provided for the newsletter (e.g. email address) is saved on CleverReach servers in Germany or Ireland.
Sending newsletters using CleverReach enables us to analyse the behaviour of the newsletter recipients. We can analyse for example how many recipients have opened the newsletter email and how often they have clicked on certain links in the newsletter. With the assistance of a tool called Conversion Tracking, we can analyse if clicking on the link led to a pre-determined action (e.g. if a product was purchased on our website). For further information on data analysis via CleverReach newsletters, please visit: https://www.cleverreach.com/en/features/reporting-tracking/.
The legal basis for data processing is your consent (Art. 6 Para. 1(a) GDPR). You can revoke your consent at any time by unsubscribing from the newsletter. Revoking consent does not affect the legality of data processing carried out previously.
If you do not want CleverReach to analyse your data, you must unsubscribe from the newsletter. We provide a link for this in every newsletter message. You can also unsubscribe from the newsletter directly on our website.
We store your personal data which we retain for the purposes of sending the newsletter until you are removed from the newsletter service. Your data is erased from our servers and the CleverReach servers after you have unsubscribed from the newsletter. Data we retain for other purposes (e.g. email addresses for the members’ area) shall remain unaffected.
For further information, please refer to CleverReach’s privacy policy at: https://www.cleverreach.com/en/privacy-policy/.
10. Our activities on social networks
In order to communicate with you and inform you about our services via social networks, we run our own pages on these social networks.
We are not the original provider (data controller) of these pages, but only use them within the scope of the options offered to us by the respective providers. We would therefore like to point out as a precautionary measure that your data may also be processed outside of the European Union or the European Economic Area. Use of these networks may therefore involve data protection risks for you since the protection of your rights may be difficult, e.g. your rights to information, erasure, objection, etc. Processing on social networks frequently takes place directly for advertising purposes or for the analysis of user behaviour by network providers, and we have no control over this. If the provider creates user profiles, cookies are often used or user behaviour may be assigned directly to your own member profile on the respective social network (if you are logged in).
The processing operations of personal data described are carried out in accordance with Art. 6 Para. 1(f) GDPR on the basis of our legitimate interests and the legitimate interests of the respective provider in order to communicate with you in a timely manner or to inform you about our services. If you have to grant your consent to the respective providers to process your data as a user, the legal basis for this processing is Art. 6 Para.1(a) GDPR in conjunction with Art. 7 GDPR.
Since we have no access to these providers’ databases, please be aware that you would be best placed to exercise your rights (e.g. to information, rectification, erasure, etc.) directly with the respective provider. More information on the processing of your data on social networks and your options for exercising your right to object or your right of revocation (opt out) is listed below for each of the social network providers we use:
10.1 Facebook
Data controller responsible for data processing in Europe:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Notice (Data Policy):
https://www.facebook.com/about/privacy
Opt-out and advertising settings:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Following the ECJ judgement of 05.06.2018, we share responsibility with Facebook for data protection. You can find more information on the distribution of data-protection rights and the responsibility for necessary information aimed at affected users on Facebook’s Page Insights Annex, available at https://www.facebook.com/legal/terms/page_controller_addendum.
10.2 Google+ / YouTube
Controller responsible for data processing:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Notice:
https://policies.google.com/privacy
Opt-out and advertising settings:
https://adssettings.google.com/authenticated
10.3 Twitter
Data controller responsible for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy Notice:
https://twitter.com/en/privacy
Information about your data:
https://twitter.com/settings/your_twitter_data
Opt-out and advertising settings:
https://twitter.com/personalization
11. Web analysis with Google Analytics
On our websites we use Google Analytics, a web analytics service provided by Google Ireland Limited (https://www.google.com/about/) (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter referred to as "Google"). As part of this, pseudonymised user profiles are created and cookies (see the section on "Cookies") are used. The information generated by the cookie about your use of this website, such as
browser type/version,
operating system used
referrer URL (website previously visited),
host name of the accessing computer (IP address) and
time of server request
is transmitted to a Google server in the US and stored there. This information is used to evaluate how the website is used, to compile reports on website activities and to carry out further services related to website and internet use for market research purposes and to tailor the design of this website. This information may also be sent to third parties if this is legally required or if third parties process this data on behalf of Google. Under no circumstances will your IP address be associated with any other data. IP addresses are anonymised so that it is not possible to assign them to individuals (known as IP masking).
You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please be aware that this may result in you not being able to use all the features of this website.
You have given your consent to this through our opt-in cookie banner in accordance with Art. 6 Para. 1(a) GDPR.
You can also prevent the data generated by the cookie about your use of the website (including your IP address) from being sent to and processed by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on the following link: Deactivate Google Analytics. This sets an opt-out cookie that prevents your data being collected in the future when you visit this website. The opt-out cookie is only valid on this browser and only for our website and is stored on your device. If you erase the cookies stored for this browser, you will need to reset the opt-out cookie.
Additional information on data protection with respect to Google Analytics is available on the Google Analytics website in the help section (https://support.google.com/analytics/answer/6004245?hl=en).
12. Plugins and other services
12.1 Google Maps
We use Google Maps (API) on our website, a service provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service that provides interactive maps in order to visually represent geographic information. By using this service, you can for example view our location and make it easier for you to reach us.
When you access sub-pages in which a Google Maps map is integrated, information about your use of our website (such as your IP address) is transferred to Google's servers in the USA and stored there. This occurs regardless of whether Google provides a user account that you are logged in to or whether you have no user account with them at all. When you are logged in to Google, your information will be directly associated with your account. If you do not want your profile associated with Google, you will need to log out of your Google account. Google stores your data (even for users who are not logged in) as user profiles and analyses it. This type of analysis is performed in accordance with Art. 6, Para. 1(f) of the GDPR based on Google’s legitimate interest in providing personalized advertising, market research and/or a website design that suits the needs of its users. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
If you do not agree with the future transmission of your data to Google as part of your use of Google Maps, you have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. You will then be unable to use Google Maps and the map displayed on this website.
You have given your consent to this through our opt-in cookie banner in accordance with Art. 6 Para. 1(a) GDPR.
The Google terms of use can be found at https://www.google.com/policies/terms/regional.html, and the additional Google Maps terms of use can be found at https://www.google.com/help/terms_maps.html
Detailed information on data protection with respect to the use of Google Maps is available on Google’s website ("Google Privacy Policy"): https://www.google.com/policies/privacy/)
12.2 Google Tag Manager
This website uses Google Tag Manager, a cookie-free domain that does not collect personal data. With this tool, "website tags" (i.e. keywords that are integrated into HTML elements) can be implemented and managed via an interface. By using Google Tag Manager, we can automatically track which button, link or personalised image you have actively clicked on and thus record which content on our website is of particular interest to you.
The tool also triggers other tags that may collect data. Google Tag Manager does not access this data. If you have disabled it at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.
We use Google Tag Manager to make our website convenient and simple to use. This constitutes a legitimate interest as defined by Art. Para. 6 1(f) GDPR.
12.3 Google WebFonts
To ensure the fonts on our website are uniform, the website uses web fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you access a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
To do this, the browser you are using must establish a connection to the servers on which the fonts are hosted. Generally these are our own servers, meaning that third parties such as Google do not usually have access to your personal internet data for this purpose. However, because we use a content management system, our website contains various plugins, some of which establish a connection to Google and load the fonts from there. This can inform Google that our website has been accessed via your IP address.
The use of Google Web Fonts is in the interest of presenting our website in a uniform and appealing way. This constitutes a legitimate interest as defined by Art. 6. Para. 1 (f) GDPR.
More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/
12.4 YouTube (Videos)
We have integrated YouTube components into this website. YouTube is an online video portal that allows video publishers to post video clips free of charge and allows other to view, rate and comment on videos free of charge. YouTube allows the publication of all types of videos, which is why the online portal can be used to view entire films and television shows as well as music videos, trailers and user-generated videos.
YouTube is operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Each time a visitor opens an individual page of the website run by us and on which a YouTube component (YouTube video) is integrated, the YouTube component in question will trigger the browser on your IT system to download a representation of the corresponding YouTube component from YouTube. Additional information on YouTube can be found at https://www.youtube.com/yt/about/. As part of this technical process, YouTube and Google will receive information about the specific sub-page of our website you have visited.
If the data subject is logged into a YouTube account while accessing a subpage that contains a YouTube video, YouTube will detect which specific subpage of our website you are visiting. This information is collected by YouTube and Google and assigned to your YouTube account.
Through the YouTube component, YouTube and Google receive information that you have visited our website whenever you are logged in to YouTube at the same time as accessing our website, regardless of whether you click on a YouTube video or not. If you do not wish for this kind of information to be transferred to YouTube and Google, you can prevent this by logging out of your YouTube account before visiting our website.
You have given your consent to this through our opt-in cookie banner in accordance with Art. 6 Para. 1(a) GDPR.
YouTube's privacy policy, available at https://www.google.com/intl/en/policies/privacy/, provides information regarding the collection, processing and use of personal data by YouTube and Google.
13. The capturing of images and videos for public relations
We regularly post images and videos of various different events, , e.g. trade show appearances or our series “Fliegl on Tour”, both on our homepage and on the social media platforms mentioned. If the persons depicted are employees or known customers, the publication of the image data is based on their consent as per Art. 6. Para 1(a) GDPR. This consent can be withdrawn at any time.
Persons unknown to us, e.g. trade show visitors, the publication of the images is based on our overriding legitimate interest set out in Art. Para. 6 1(f) GDPR. You have the right to object at any time to the further publication of your image. To do this, please contact us or our data protection officer directly. In the event of an objection, the image or images in question will be replaced or we will make you unrecognisable.
14. The processing of personal data when recording contact details
We collect personal data from customers or prospective customers via a form on different occasions, e.g. trade shows or other sales events. This data is used to provide you with the desired offer or information at a later stage. Contact details which are directly collected are involved in processing (name, address, phone, email). Sending the desired information and documents is considered a pre-contractual measure as per Art. 66 Para. 1(b) GDPR. The data is either processed by our sales department or forwarded to the responsible external sales representative or distributor, depending on the specific interest. An order processing agreement is always drawn up with external sales representatives, however distributors process the data independently. If the contract is not concluded, the data is erased no later than two years after the last contact with the prospective customer.
15. The processing of personal data in the context of video surveillance
We use video surveillance at various locations on our premises. The video surveillance serves to preserve domiciliary rights, prevent unauthorised entry, prevent theft and burglaries, avert or investigate criminal offences and assert claims for damages, and the footage can be used as evidence in judicial and extrajudicial proceedings. Only non-public areas are covered by video surveillance, and all areas are marked by clearly visibly signs. The surveilled areas include the courtyard, the production hall, the outdoor area in front of the main gate, the exhibition hall, the entrance and the hallways.
The legal basis for the use of video surveillance is our overriding legitimate interest in accordance with Art. 6 Para. 1(f) GDPR. The footage involves employees, customers, suppliers, service providers and guests. The video material is only assessed if circumstances require, and is assessed by specially authorised personnel. The data is only passed on if this is required in order to fulfil the aforementioned purposes. This is the case if, for example, the footage is passed on to an insurance company, lawyers or the investigating authorities. Data processing for the above places is carried out independently.
The footage is generally erased after 48 hours or 72 hours (weekend). One exception however is footage of cargo securing. When shipping goods internationally, the footage must be available for a longer period of time in order to prove in case of complaints that the goods in question were free of defects and complete at the time of loading. This is the only way of proving that the respective carrier, and not the company Fliegl, assumes liability. In this case the storage period is 28 days, due to long delivery times for overseas businesses.
16. Your rights as a data subject
16. 1 Right to confirmation
You have the right to request confirmation from us as to whether personal data relating to you will be processed.
16.2 Right to information Art. 15 GDPR
You have the right to obtain information about the personal data stored about you at any time, free of charge, as well as the right to access a copy of such data from us.
16.3 Right to rectification Art. 16 GDPR
You have the right to request the immediate rectification of incorrect personal data relating to yourself. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
16.4 Erasure Art. 17 GDPR
You have the right to request that we erase your personal data, provided one of the reasons stipulated by law applies and if processing is not necessary.
16.5 Restriction to processing Art. 18 GDPR
You have the right to request that we restrict the processing of your data if one of the legal requirements is met.
16.6 Data portability Art. 20 GDPR
You have the right obtain personal data relating to you that you have provided us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance by us, to whom the personal data was provided, to the extent that the processing is based on the consent pursuant to Art. 6 Para. 1(a) GDPR or Art. 9 Para. 2(a) GDPR or on a contract pursuant to Art. 6 Para. 1(b) GDPR, and the data is processed using automated procedures, providing the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, as part of your right to data portability in accordance with Art. 20, Para. 1 GDPR, you have the right to have your personal data transmitted directly from one controller to another, where technically feasible, providing this does not impair the rights and freedoms of other persons.
16.7 Objection Art. 21 GDPR
You have the right to object, on grounds relating to your special situation, at any time to the processing of your personal data which is based on Art. 6, Para. 1(e) (Data processing in the public interest) or 1(f) (Data processing based on legitimate interests) of the GDPR.
This also applies to profiling based on these provisions pursuant to Art. 4 No. 4 GDPR.
Should you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling and legitimate reasons for such processing that outweigh your interests, rights and freedoms, or where processing serves the assertion, exercise or defence of legal claims.
In individual cases, we process your personal data for direct advertising purposes. You have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is related to this kind of direct advertising. Should you object to the processing of your data for direct marketing purposes, we will no longer process your personal data for this purpose.
Furthermore you have the right to object, for reasons arising from your particular situation, to our processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 Para. 1 GDPR , unless such processing is necessary for the performance of a task in the public interest.
You are free to exercise your right to lodge an objection related to to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures which use technical specifications.
16.8 Revocation of consent regarding data protection
You have the right to revoke any consent to the processing of personal data at any time with future effect.
16.9 Lodging a complaint with a supervisory authority
You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.
17. Storage and erasure
If the storage purpose no longer applies or if a statutory retention period expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.
The criterion for the duration of the retention of personal data is the respective legal retention period. Once this period expires, the data in question will be routinely erased, provided it is no longer required for the fulfilment or initiation of the contract.
18. Version and amendments to the Privacy Notice
This Privacy Notice is currently valid and was last updated in November 2019. This privacy statement has been prepared with the assistance of the privacy software: audatis MANAGER.