Data privacy Statement
We take the protection of your data seriously
As of: 18 May 2018
Thank you for visiting our website and for your interest in our company and our products. We take the protection of your private data seriously and we want you to feel safe when visiting our internet pages. The following statement provides you with information about the collection of personal data when using our website. In accordance with the applicable data protection provisions, this statement informs you about the personal data which we collect
- when you visit our website /
- when you make an online job application,
- when you apply to receive our newsletter,
- in the contact form,
as well as the reasons for collecting the data and how it is used, in order to optimise the services that we offer you.
(1) You can print out or save this document by way of the usual browser functions (generally "File" --> "Save as"). You can also download this document in PDF format and archive it by clicking here. In order to open the PDF file, you need the free Adobe Reader program (from www.adobe.de) or a similar program designed to generate PDF format.
(2) Where we commission service providers to carry out specific functions on our behalf, or we wish to use your data for advertising purposes, you will find details of the relevant processes below. We will also indicate the criteria specified for the period of storage.
(3) Unless otherwise specified below, the legal basis for handling your personal data arises from the need to process the data in order to provide the services requested by you on this website (Art. 6(1) (b) General Data Protection Regulation).
2. Controller / Data Protection Officer
(1) The Controller pursuant to Art. 4 (7) EU General Data Protection Regulation (GDPR) is
August Faller GmbH & Co. KG
Freiburger Strasse 25, DE 79183 Waldkirch
hereinafter referred to as “Faller”, “we” or “us”. Further information about the provider is available on our website under Legal Notice.
(2) You can reach the company’s Data Protection Officer as follows: by email to firstname.lastname@example.org or at our postal address by adding “Data Protection Officer”.
3. Provision of Website and Log Files
(1) Where our website is used purely for information purposes, i.e. if you do not register or otherwise transfer information to us, we only collect the personal data that your browser sends to us. If you wish to view our website, we collect the following data which is necessary for technical reasons in order to display our website to you and ensure its stability and security (the legal basis for this is Art. 6 (1), sentence 1 (f) GDPR):
- IP address
- Date and time of request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/http status code
- Amount of data transferred in each case
- Website from which the request originates
- Operating system and its interface
- Language and browser software version.
(2) User IP addresses are deleted or anonymised after use. In the case of anonymisation, IP addresses are changed in such a way that the individual details about personal or factual circumstances can no longer be assigned to a specific or identifiable natural person, or only with a disproportionately large expenditure of time, cost and manpower.
(1) In addition to the aforementioned log-file data, cookies are stored on your computer when you use our website. Cookies are small text files that are assigned to and stored on your hard disk by your browser and which send certain information to the operator that sets the cookie (in this case, us). Cookies cannot execute programs or transmit viruses to your computer. They help to make our website more user-friendly and efficient.
a) This website uses the following types of cookie whose scope and function is described below:
- Session cookies (see b)
- Persistent cookies (see c).
b) Session cookies are automatically deleted when you close your browser. They store what is known as a session-ID enabling various requests from your browser to be assigned to the session. This enables us to identify your computer the next time you visit our website. Session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specific time which may differ depending on the cookie. You can delete cookies in the security settings of your browser at any time.
(3) Why do we set cookies?
a) Settings and function
When you visit our website, the country and language, that is either detected automatically or selected by you, is saved in cookies so that you do not have to re-enter them on subsequent visits. Before this, we check whether your browser supports cookies and this information is stored in another cookie. Local contact information based on the country and language will then be displayed, and will also be saved. Legal basis for this is Art. 6 (1), sentence 1 (b) GDPR.
We set cookies so that we can identify you on subsequent visits and determine whether you have a “My Faller” account (see Section 5). Legal basis for this is Art. 6 (1), sentence 1 (b) GDPR.
We use advertising cookies in order to assess and optimise the effectiveness of our advertising measures. We also use advertising cookies in order to send targeted advertising to users of our internet site when they are on other internet sites in the Google Display Network (“Google” for short) (Adwords remarketing). Legal basis for this is Art. 6 (1), sentence 1 (f) GDPR.
We use the web analysis service Google Analytics in order to ensure the continuous improvement of our internet site for our customers and potential customers. By using these cookies, we obtain information from Google about the use of our internet site. For example, we find out how often and in what order the individual pages are accessed and on average how much time visitors spend on our site. We find out whether users have already visited our website previously. Legal basis for this is Art. 6 (1), sentence 1 (f) GDPR.
--> see Section 9 Web Analysis Services
(4) Controlling cookies
You can configure your browser settings to suit your own preferences and e.g. manage or refuse acceptance of third-party cookies or any cookies as desired. You can delete existing cookies by way of your browser settings. We would point out, that doing this may prevent you from using all the functions of this website.
5. My Faller
(1) On this website, you can create your own individualised subject pages using the navigation in “My Faller”. This function works by means of what are called cookies (see Cookies section).
(2) “My Faller” enables you to contact us about the subjects selected by you. Your selected solutions will then also be displayed to us in the message sent by you. The same applies to the use of contact boxes which you can use to write directly to one of our staff or to request them to call you back (see Section 7, Contact Form and Email Contact). Under no circumstances do we share this data with third parties but use it only in order to improve our business relationship.
(3) Legal basis for processing data where we have the user’s consent is Art. 6 (1) (a) GDPR. Legal basis for processing data transmitted in the course of sending an email or for the purpose of creating the individualised subject pages is Art. 6 (1) (f) GDPR.
6. Product and Service Information
(1) For advertising purposes, i.e. sending product and service information as well as invitations to trade fairs and events, electronically by e-mail or by post (hereinafter “Product and Service Information”) we ask potential customers for their express consent and agreement to this Data Privacy Statement.
(2) We use what is known as the double-opt-in procedure. That means that, when you register, we will send an email to the email address specified in the registration, in which we will ask for your consent to receiving Product and Service Information by email/post. If you fail to confirm your registration within 24 hours, your information will be blocked and, after one month, it will be deleted. In addition, we store the addresses which you use and the times of registration and confirmation. The purpose of the procedure is to be able to provide proof of your registration and, if necessary, investigate any misuse of your personal data.
(3) Following your confirmation, we will store your email address in order to send you Product and Service Information. Legal basis for this is Art. 6 (1), sentence 1 (a) GDPR.
(4) You can withdraw and cancel your consent to receiving Product and Service Information at any time. You can indicate your withdrawal of consent by clicking on the link provided in every email or by sending a message to the contact details shown under the Legal Notice.
7. Contact Form and Email Contact
(1) Various contact forms are available on our website which can be used for contacting us electronically. Firstly, there is the general contact form available under “Contact”. In addition, you can also contact us by way of the personalised subject page “My Faller” (see Section 5). You can also send us your enquiries as part of the online job application process (see Section 8) using your own contact form. Where a user makes use of this possibility, the data entered into the input mask will be transmitted to us and stored. The corresponding data can be seen immediately on the relevant input mask.
When the message is sent, the following data will also be stored:
- User’s IP address
- Date and time of sending the form
(2) In order to process the data, we will always ask for your consent as part of the sending process and refer you to the Data Privacy Statement. Alternatively, we may be contacted via the email addresses provided. In this case, the user’s personal data sent with the email will be stored. The data will be used exclusively for the purpose of processing the enquiry.
(3) Legal basis for processing data where we have the user’s consent is Art. 6 (1) (a) GDPR. Legal basis for processing data transmitted in the course of sending an email is Art. 6 (1) (f) GDPR. Where the purpose of the email contact is to conclude a contract, the additional legal basis for processing it is Art. 6 (1) (b) GDPR. Where the purpose of the contact enquiry or email is to initiate an employment contract, particularly in the context of the online job application process, the legal basis is Section 26 German Data Protection Act (BDSG).
(4) Personal data contained in an input mask is processed solely for the purpose of dealing with the communication. In the event of contact by e-mail, the necessary legitimate interest in processing the data also applies. Other personal data processed during the sending process is intended to prevent misuse of the contact form and safeguard the security of our IT systems.
(5) Data is deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. As regards personal data from the input mask on the contact form and that which was sent by email, this is the case when the relevant conversation with the user is finished. The conversation is finished when the circumstances indicate that the matter has been conclusively dealt with. Any additional personal data collected during the sending process will be deleted after a period of no more than seven days.
8. Online Job Application
(1) In order to deal with your online job application, we collect, process and use your personal data. Your online application data is transmitted by email directly to the HR department and will of course be treated confidentially. Appropriate technical and organisational measures ensure that your personal data is handled confidentially in accordance with the statutory provisions.
(2) When completing your online application, please take note that the data is transmitted by email in unencrypted form and that unauthorised persons may be able to access or falsify the data under certain circumstances. You may of course send us your documents by post. If you are applying for a specific position which has already been filled, or if we consider you to be equally or better suited to another position, we will be happy to forward your application to another department within our company. Please inform us if you do not agree to this procedure. At the end of the application process, but after no more than 6 months, your personal data will be deleted automatically unless you give your express consent to a longer storage period.
9. Web Analysis Services
Faller uses Google Analytics and Pardot. Legal basis for this is Art. 6 (1), sentence 1 (f) GDPR.
a) Google Analytics
(1) This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses what are called “cookies”, text files that are stored on your computer and enable your use of the website to be analysed. The information generated by the cookie as a result of your use of this website is generally sent to a Google server in the USA where it is stored. Prior to this, however, if IP anonymisation is activated on this website, in Member States of the European Union or other member states of the European Economic Area, your IP address will be shortened by Google. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. Google is engaged by the operator of this website to use this information in order to evaluate your use of the website, to compile reports on website activity and provide other services related to website usage and use of the internet, for the website operator.
(2) The IP address transmitted to Google Analytics by your browser will not be combined with other Google data.
(3) You can prevent the storage of cookies by way of the appropriate settings on your browser software; we would point out, however, that doing so may prevent you from using all website functions to their full extent. Furthermore, you can prevent Google from acquiring the information concerning your use of the website (incl. your IP address), generated by the cookie, and from processing this data, by downloading and installing the available browser plug-in provided by Google: https://tools.google.com/dlpage/gaoptout?hl=en
(4) This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses will be processed in a shortened form thereby preventing any identification of the user. Insofar as data collected from you identifies you personally it will be excluded immediately and the personal reference data deleted forthwith.
(5) We use Google Analytics in order to analyse the use of our website and ensure its regular improvement. The statistics obtained enable us to improve our content and make it more interesting for you as a user. For the exceptional cases in which personal data is transmitted to the USA, Google is subject to the EU-US Privacy Shield, https://vvvvw.privacy-shield.gov/EU-US-Framework. Legal basis for using Google Analytics is Art. 6 (1), sentence 1 (f) GDPR.
(6) Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User Terms and Conditions: http://vvvvw.google.com/analytics/terms/de.html, Data Privacy Summary: http://wvvvv.google.com/intl/de/analytics/learn/privacy.html, sand Data Privacy Statement: http://www.google.defintl/de/policies/privacy.
(1) We use the Pardot Marketing Automation System (“Pardot MAS”) from Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (“Pardot”) on our website. Pardot is a special software for collecting and evaluating website use by visitors to the website. Where Pardot LLC processes personal data, processing takes place exclusively on our behalf and in accordance with our instructions. By way of an individual contract with Pardot LLC, we have guaranteed compliance with the EU Data Protection Directive by Pardot LLC.
(3) You can cancel your consent at any time with effect to future use. For this, please use the contact details shown in Section 1 of this Data Privacy Statement. In addition, you can deactivate the creation of pseudonymised user profiles at any time by configuring your internet browser not to accept cookies from the “pardot.com” domain. This may result in certain restrictions to the functions and user-friendliness of our content.
10. Social Media
(2) We do not have any influence over the data collected or the data processing procedures, nor do we know the full extent of data collection, the purposes of processing or storage periods. We also have no information about deletion of the collected data by the plug-in provider.
(3) The plug-in provider stores the data, collected about you, as a user profile and uses it for the purpose of advertising, market research and/or for designing its website to meet the needs of the user. This sort of evaluation takes place (even for users that are not logged in) in order to display appropriate advertising and in order to inform other social-network users about your activities on our website. You have a right to object to the creation of these user profiles and must apply to the relevant plug-in provider in order to exercise it. The plug-ins enable us to offer you the opportunity to interact with the social networks and with other users so that we can improve our content and make it more interesting for you as user. Legal basis for using the plug-ins is Art. 6 (1), sentence 1 (f) GDPR.
(4) Data sharing takes place irrespective of whether you have an account with the plug-in provider or are logged into it. If you are logged into the plug-in provider, the data that we have collected about you will be assigned directly to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider will also save this information in your user account and publicly share it with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, so as to avoid data being assigned to your profile by a plug-in provider.
(5) Further information about the purpose and extent of data collection and processing by the plug-in provider is contained in the following data privacy statements from the said providers. These also provide you with additional information about your rights in this regard and the settings that you can use to protect your privacy.
(6) Addresses of the respective plug-in provider and the URL for their data privacy statements:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://vvww.facebook.cona/help/186325668085084, http://vvww.faceb-ook.cona/about/privacy/your-info-on-other#applications and http://www.face-book.com/about/privacy/your-info#everyoneinfo. Facebook has signed up to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
- Linkedln Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.corn/legal/privacy-policy. Linkedln has signed up to the EU-US Privacy Shield
11. Embedded YouTube and Vimeo Videos and Components
Use of YouTube
(1) We have embedded YouTube-Videos in our online content that are stored at http://www.YouTube.com and can be played back directly from our website. [These are all embedded in "extended data protection mode", i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data specified in Section 11 (2) be transmitted. We have no control over this data transmission.
(2) As a result of your visit to the website, YouTube will receive the information that you have accessed the corresponding page of our website. In addition, the data specified under Section 3 of this Statement will be transmitted. This takes place irrespective of whether you are logged into a user account provided by YouTube or if there is no user account. If you are logged into Google, your data will be assigned directly to your account. If you do not want your profile to be assigned to YouTube you must log out before activating the button. YouTube stores your data as a user profile and uses it for the purposes of advertising, market research and/or for designing its website to meet the needs of the user. This sort of evaluation takes place (even for users that are not logged in) in order to display appropriate advertising and in order to inform other social-network users about your activities on our website. You have a right to object to the creation of these user profiles and must apply to YouTube in order to exercise it.
(3) Further information about the purpose and extent of data collection and processing by YouTube is contained in the data privacy statement. This also provides you with additional information about your rights and the settings that you can use to protect your privacy: https://wwvv.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has signed up to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Use of Vimeo components
(4) Our website includes components from the provider Vimeo. Vimeo is a service of Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA. Each time you visit our website, which is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the Vimeo component. If you visit our site whilst you are logged into Vimeo, Vimeo will recognise, from the information collected by the components, which specific page you are visiting and assign this information to your personal Vimeo account. If you e.g. click the “play” button or enter corresponding comments, this information will be sent to your personal Vimeo user account and stored there. In addition, the information that you have visited our site will be shared with Vimeo. This will occur irrespective of whether or not you e.g. click on the components or make comments.
(5) If you want to prevent data about you and your use of our website from being transmitted to and stored by Vimeo, you must log out of Vimeo before you visit our site. Vimeo’s privacy notices provide more detailed information on this, particularly regarding the collection and use of data by Vimeo: https://vimeo.com/privacy
12. Your Rights
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against us as the controller:
a) Rights under Art. 15 et seq. GDPR
(1) You have the right to information pursuant to Article 15 GDPR. Under certain circumstances, you have the right to rectification under Article 16 GDPR, the right to restriction of processing under Article 18 GDPR and the right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR. In addition, you have the right to receive the data which you have provided in a structured, machine-readable format (right to data portability) pursuant to Article 20 GDPR, insofar as the processing is carried out by automated means and based on consent under Art. 6 (1) (a) or Art. 9 (2) (a) or on a contract under Art. 6 (1) (b) GDPR. In the case of the right to information and the right to erasure, the restrictions under Sections 34 and 35 German Data Protection Act (BDSG) apply.
(2) You can notify us at any time to revoke your consent to the processing of personal data. This also applies to the revocation of consent given to us before the EU General Data Protection Regulation came into effect, i.e. prior to 25 May 2018. Please note that revocation only applies to the future. Processing carried out before revocation remains unaffected.
b) Right of Complaint
You have the right to lodge a complaint with us or with a data protection supervisory authority, notably in the Member State of your habitual residence, of your place of work or of the alleged infringement (Article 77 GDPR in conjunction with Section 19 BDSG).
c) Right to Object
In addition to the foregoing rights, you have the right to object under Article 21 GDPR as follows:
(1) Right to object based on your particular situation
You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you which is based on point Article 6(1) (e) GDPR (Data processing in the public interest), or on Article 6 (1) (f) GDPR (Data processing for the purposes of the legitimate interests); this also applies to profiling based on those provisions within the meaning of Article 4 (4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or processing serves the establishment, exercise or defence of legal claims.
(2) Right to object to the processing of data for marketing purposes
In certain cases, we process your personal data in order to carry out direct marketing. You have the right to object at any time to the processing of personal data concerning you, for the purpose of such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will cease to process your personal data for such purposes.
Objection can be made informally to the address indicated under Section 1 of this Data Privacy Statement.
13. Regulatory Authority
The supervisory authority responsible for Faller’s head office in Waldkirch is as follows:
The State Commissioner for Data Protection and Freedom of Information
Postfach 10 29 32, 70025 Stuttgart
(1) We have taken technical and organisational security measures to protect your personal data from loss, destruction, manipulation and unauthorised access. All our employees and all third parties involved in data processing are bound by the German Data Protection Act and by a duty of confidentiality when handling personal data.
(2) In the case of the collection and processing of personal data via contact forms, the information is transmitted in encrypted form in order to prevent misuse of the data by third parties. Our security measures are continuously updated in line with technological progress.
15. Changes to our data privacy provisions
We reserve the right to change our security and data privacy measures insofar as technical progress makes this necessary. In this case, we will also adapt our Data Privacy Statement accordingly. Please therefore ensure that you are acquainted with the latest version of our Data Privacy Statement.
16. Automated Decision Making
In principle, we do not use fully automated decision-making pursuant to Article 22 DSGVO to establish and carry out the business relationship.
In order to provide you with targeted information and advise you about products, in certain circumstances, we and/or our commissioned service providers use web analysis tools, particularly tracking technology. These facilitate appropriate communication and advertising. In this regard, we refer to Section 9 Web Analysis Services.