DATA PROTECTION STATEMENT IN ACCORDANCE WITH
REQUIREMENTS OF THE GENERAL DATA PROTECTION REFULATION (GDPR)

We want to inform you comprehensively about legal requirements and obligations regarding which data we collect and how it is processed. The following statement details the procedures and the handling of your data in the context of our services.

I.NAME AND ADDRESS OF THE RESPONSIBLE PARTY

 

The party responsible within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

 

Fischbach GmbH Engelskirchen
Büchlerhausen 18
51766 Engelskirchen
Deutschland
Telefon: +49 (0) 2263 6090
Telefax: +49 (0) 2263 60358
E-Mail: info@fischbach-fi.com

Represented by the managing directors: Thomas Langensiepen, Nigel Wright, Chrisanth Gradischnig, Achim Helmenstein

 

II. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER

 

The data protection officer of the responsible party is contactable at datenschutz@fischbach-fi.com oder unter:

 

Fischbach GmbH Engelskirchen
Datenschutz
Büchlerhausen 18
51766 Engelskirchen

 

III. GENERAL DATA PROCESSING

 

1. Extent of processing of personal data

In principle, we only collect and use personal data of our users to the extent that this is to provide a functioning website and our content and services, which includes, in particular, the supply of cartridge filling machines, sealant guns and cartridges.

 

2. Legal basis for the processing of personal data

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection regulations.
In the processing of personal data necessary for the performance of a contract to which the person affected is a party, Art. 6 para. 1 lit. b GDPR serves as a legal basis. This also applies to processing operations required to carry out pre-contractual measures. The services as a company are based on a contract. In particular, the processing serves the provision of services in the context of the sale of goods and other additional products chosen by you, according to your orders and wishes and include the necessary goods, services, measures and activities. This essentially includes contract-related communication, the verifiability of transactions, orders and other agreements as well as quality control through appropriate documentation and goodwill procedures, measures for the control and optimization of business processes as well as for the fulfillment of general due diligence, management and control by affiliated companies (e.g. parent company); Statistical evaluations for corporate management, cost accounting and controlling, reporting, internal and external communication, emergency management, billing and tax assessment of company services, risk management, asserting legal claims and defense in legal disputes; ensuring IT security (including system and plausibility checks) and general security, including e.g. building and plant safety, ensuring and exercising domiciliary rights (e.g. by access control); ensuring the integrity, authenticity and availability of data, preventing and investigating crime; control by supervisory bodies or supervisory bodies (e.g. auditing).

Insofar as we obtain the consent of the person affected for processing of personal data, Art. 6 para. 1 lit. a of GDPR serves as a legal basis. An exception applies to cases in which prior consent is not possible for reasons of fact and the processing of the data is permitted by law.

Insofar as the processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 para. 1 lit. c of GDPR serves as legal basis. The legal basis applies to legal requirements, regulatory or other official requirements as well as other statutory reporting procedures (e.g. to the tax office, social insurance). Processing may include identity and age checks, prevention of fraud and money laundering, prevention, combating and resolution of terrorist financing and offenses involving assets, comparisons with European and international anti-terrorist lists, the fulfillment of tax control and reporting obligations as well as the archiving of data for data protection and data security purposes as well as examination by tax and other authorities. In addition, the disclosure of personal data in the context of administrative / judicial action may be required for the purposes of gathering evidence, prosecuting or enforcing civil claims.

In the event that vital interests of the person affected or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest and the fundamental rights and freedoms of the person affected do not outweigh the former interest, Art. 6 para. 1 lit. GDPR serves as legal basis for processing. Possible purposes are: advertising or market and opinion research, as long as you have not objected to the use of your data; the collection of information and data exchange with credit agencies, insofar as this goes beyond our economic risk; the examination and optimization of requirements analysis procedures; the further development of services and products as well as existing systems and processes; the disclosure of personal data in a due diligence process in company sales negotiations; to enrich our data, e.g. by using or researching publicly available data; for statistical analysis or for market analysis; for benchmarking; the assertion of legal claims and defense in legal disputes that are not directly attributable to the contractual relationship; the limited storage of the data, if deletion is not possible or only with disproportionate effort because of the special nature of the storage; the development of scoring systems or automated decision-making processes; the building and plant safety (e.g. through access control and video surveillance), insofar as this goes beyond the general duties of due diligence; internal and external investigations, security checks; the possibility of listening to or recording phone calls for quality control and training purposes; the preservation and maintenance of certifications of a private or regulatory nature; the safeguarding and execution of the domiciliary right by appropriate measures as well as by video surveillance for the protection of our customers and coworkers as well as to secure evidence of crime and its prevention

 

3. Data erasure and storage duration

The personal data of the person affected will be deleted or locked as soon as there is no longer a purpose for the storage. In addition, it may be stored if required by European or national legislators in EU regulations, laws or regulations to which the controller is subject. Locking or deletion of the data takes place even if a storage period prescribed by the mentioned standards expires, unless there is a need for further storage of the data for a conclusion of contract or a fulfillment of the contract.

 

IV. DEPLOYING THE WEBSITE AND CREATING LOGFILES

 

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the invoking computer.

The following data is collected:

  • Information about the browser type and the version used (eg Mozilla Firefox, Google Chrome or Microsoft Internet Explorer, Apple Safari, Opera etc.)

  • The operating system of the user

  • The user’s Internet service provider

  • The IP address of the use

  • Date and time of access (so-called “time stamp”)

  • Websites accessed by the user’s system through our website

  • The page from which the file was requested (so-called referrer URL)

  • The name of the file

  • The transferred data volumes

  • The access status (file transfer, file not found etc.)

  • Username (if logged in to webpage)

  • HTTP status code request

  • HTTP status code response

  • Size of the response in bytes

The data is also stored in the log files of our system. There is no storage of this data together with other personal data of the user. There is no transfer of this data to third parties, for commercial or non-commercial purposes.

 

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR

 

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be retained for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

For these purposes, our legitimate interest in the processing of data is as per Art. 6 para. 1 lit. f GDPR.

 

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to resolve the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed. In the case of the collection of personal data for a contractual relationship or for a pre-contractual measure, the necessity ends with the period required for the contractual relationship.

Deletion of the log files takes place automatically after 3 months.

 

5. Opposition and removal possibility

The collection of the data for the provisioning of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.

 

V. USE OF COOKIES

 

1. Description and scope of data processing

Our website uses cookies. Cookies are small text files that are stored in the web browser on the computer system of the user. When a user visits a website, a cookie may be stored on the user’s operating system. This data is stored here and kept ready for later retrieval. This cookie contains a unique string that allows the browser to be uniquely identified when the website is reopened.
This website uses the following types of cookies, the scope and operation of which are explained below:

– Transient Cookies (see a)

– Persistent Cookies (see b)

a) Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

b) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
The data of the users collected in this way are pseudonymized by technical measures. Therefore, an assignment of the data to the invoking user is no longer possible. The data is not stored together with other personal data of the users. You can prevent the storage of cookies using the corresponding setting of your browser software; however, note that in this case you may not be able to use all the functions of this website in full.

 

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f GDPR.

 

3. Purpose of data processing

The cookies are primarily used for the technical provision of the website.

The use of additional analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies we learn how the website is used and this enables us to constantly optimize our service.

Use of Google Analytics: This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is enabled on this website, Google will truncate your IP address beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator.

The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google information.
You can prevent the storage of cookies using the corresponding setting of your browser software; however, note that in this case you may not be able to use all the functions of this website in full.

You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by using the browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are processed in a shortened form and cannot be attributed directly to a person.
The use of Google Analytics is in accordance with the conditions that the German data protection authorities agreed with Google. Third-party information:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User Terms and Conditions: https://www.google.com/analytics/terms/de.html,
Overview of data protection: https://www.google.com/intl/de/analytics/learn/privacy.html,
as well as the privacy policy: https://www.google.de/intl/de/policies/privacy.

This website also reserves the right to use a cross-device analysis of visitor traffic prior to Google Analytics, using a user ID. You can disable the cross-device analysis of your use in your customer account under “My Data”, “Personal Information”.
For these purposes, our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f DSGVO. Our justified interest lies in the optimization of our online service and our website..

 

4. Duration of storage, objection and removal options

Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies already saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website in full.
Individual information on the storage period and the possibility of objecting and removing the respective cookies: s. V. 1 u. 3.

 

VI. TRANSFERS TO OTHER WEBSITES

 

1. Linking

The online service contains links to other websites (so-called external links). We have no control over the compliance of the operators of other websites with the data protection regulations.
Fischbach GmbH Engelskirchen is responsible as a provider of its own content under the general laws. From these own contents, “links” to the content provided by other providers are to be distinguished. Fischbach GmbH Engelskirchen assumes no responsibility for third-party content that is provided via links that are specially marked and does not endorse their content. For illegal, incorrect or incomplete contents as well as for damages, which result from the use or disuse of the information, the provider of the website to which reference was made, is liable. The editorial office is only responsible for third-party information if it has positive knowledge of them, and therefore also of any illegal or punishable content, and if it is technically possible and reasonable to prevent their use.

 

2. Integration of Google Maps

We utilize Google Maps on this website. This allows us to show you interactive maps directly in the website and allow you to conveniently use the map feature.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. Data is shared in this context as detailed in section IV, para. 1 of this statement. This is done regardless of whether or not Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before clicking the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or custom website design. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have a right to object to the creation of these user profiles, which you can do by contacting Google.

For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy policy of the provider. There you will also find further information about your rights and settings for the protection of your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal information in the US and has submitted to the EU-US Privacy Shield,https://www.privacyshield.gov/EU-US-Framework.

 

VII. EMAIL CONTACT

 

1. Description and scope of data processing

The contact is possible via the provided email addresses. In this case, the user’s personal data transmitted by email will be stored.

When you contact us by email, the information you provide will be stored by us to answer your questions. We delete the data that arises in this context after the storage is no longer required or limit the processing if there are statutory retention requirements. There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation.

 

2. Legal basis for data processing

The legal basis for the processing of the data transmitted in the course of sending an email is Art. 6 (1) lit. f GDPR. If the email contact is for the purpose of concluding a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

 

3. Purpose of data processing

In the case of contact via email, this also includes the necessary legitimate interest in the processing of the data.

 

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection.

 

5. Objection and removal possibility

If the user contacts us by email they may object to the storage of their personal data at any time. In such a case, the storage cannot continue.
The objection of storage is possible by email, post or fax.

 

VIII. SECURE AREA FOR REGISTERED USERS

 

1. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal information. The data is entered into an input form and transmitted to us and stored. Transfer of data to third parties does not take place. The following data is collected during the registration process:

  • surname,

  • first name,

  • Address,

  • email address,

  • as part of the registration process, the consent of the user to process this information is obtained.

 

 2. Legal basis for data processing

Legal basis for the processing of the data is in the consent of the user according to Art. 6 para. 1 lit. a GDPR.

 

3. Purpose of data processing

Registration of the user is a voluntary process that Fischbach GmbH Engelskirchen offers to selected customers.

 

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. This is the case for the data collected during the registration process when the registration on our website is canceled or modified.

 

5. Opposition and removal possibility

As a user, you have the option of canceling the registration at any time. The data stored about you can be changed at any time.

 

IX. CAREER PORTAL

 

1. Description and scope of data processing

On our website, we offer users the opportunity to submit their personal data. The data is entered into an input form and transmitted to us and stored. In addition, applicant data can be uploaded. Transfer of data to third parties does not take place. The following data is collected during the registration process:

  • surname,

  • first name,

  • additional names,

  • address,

  • email address,

  • (Mobil) phone number,

  • other information about your career (e.g. resume, qualifications and qualifications, professional experience) and yourself (for example cover letter, personal interests).
    This may include special categories of personal data (for example, information on severe disability). As a rule, your personal data is collected directly during the application process and encrypted during electronic transmission.
    We also process personal information obtained from publicly available sources (e.g. professional networks).
    As part of the application process, the consent of the user to process this data is obtained.

As part of the application process, the consent of the user to process this data is obtained
 

 

2. Legal basis and purpose of data processing

We process your personal data on the basis of the provisions of the GDPR, the BDSG and all other relevant laws (e.g. BetrVG, AGG, etc.).

The data processing serves to initiate an employment relationship. The primary legal basis for this is Art. 6 (1) lit. b GDPR in conjunction with Section 26 (1) of BDSG. In addition, consent can be used as a data protection provision as per Art. 6 para. 1 lit. a, 7 GDPR in conjunction with Section 26 (2) BDSG. If the processing of your data is based on your consent, you have the right at any time to revoke the consent with effect for the future.
In individual cases, we process your data in order to safeguard legitimate interests of the person responsible or of third parties (for example subsidiaries of Fischbach GmbH). Such a legitimate interest exists in particular if the processing of your data for the investigation of criminal offenses (in accordance with Art. 6 (1) lit. f of the GDPR in conjunction with § 26 (1) Art. 2 BDSG) or for an intra-corporate data exchange for administrative purposes (in accordance with Art. 6 (1) lit. f GDPR). As far as special categories of personal data according to Art. 9 para. 1 of GDPR, this serves in the context of the application process for the exercise of rights or the fulfillment of legal obligations arising from employment law, social security law and social protection (for example informing the representatives of severely handicapped persons § 81 SGB IX). This is done on the basis of Art. 9 para. 2 lit. b GDPR in conjunction with Section 26 (3) BDSG.In addition, the processing of special categories of personal data based on consent is subject to Art. 9 (2) lit. a DPR in conjunction with Section 26 (3) sentence 2, para. 2 BDSG.

 

3. Duration of storage

The data for an application will be stored and processed by us during the current application process. After completing the application process (e.g. in the form of an acceptance or rejection), the application process will be deleted from the system 6 months after the application process has ended.
In the event of an acceptance, we reserve the right to keep your application longer, provided that the entry date is more than 6 months in the future.

 

4. Objection and removal possibility

In the event that we use your personal data with your consent for the purposes of the application, you can object to this use of your data at any time without stating reasons. The data processing is not for justification of the employment relationship, but for the protection of legitimate interests (see IX.2), you can object to this processing for reasons that arise from your particular situation. We will then no longer process your personal data, unless we can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing is the assertion, exercise or defense of legal claims. You can withdraw your application at any time to assert your opposition. Alternatively, you can contact the address mentioned in section I.

 

X. RIGHTS OF THE AFFECTED PERSON

 

If personal data about you is processed, according to the GDPR, you are the affected person and you have the following rights towards the responsible party:

 

1. Right to information

You may ask the responsible party to confirm if personal data concerning you is processed by us.If such processing is available, you can request from the party responsible the following information:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;

(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for the determination of the retention period;

(5) ) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) ) all available information on the source of the data if the personal data was not collected from the person affected;

(8) the existence of automated decision-making including profiling under Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended impact of such processing on the person affected.
You have the right to request information about whether the personal data relating to you is transferred to a third country or an international organization. In this regard, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.

 

2. Right to rectification

You have a right to rectification and / or completion to the responsible party if the personal data processed is incorrect or incomplete. The responsible party must make the correction without delay.

 

3. Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

(1) if you contest the accuracy of your personal data for a period of time that enables the responsible party to verify the accuracy of your personal data;

(2) the processing is unlawful and you refuse deletion the personal data and instead demand the restriction of the use of personal data;

(3) the responsible party no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal rights, or

(4) if you objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons of the responsible party prevail over your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used – with the exception of its storage – with your consent or for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the limitation of the processing according to the above conditions are restricted, you will be informed by the responsible party before the restriction is lifted.

 

4. Right to deletion

a) Deletion obligations

You may demand the responsible party to delete your personal information without delay, and the responsible party is required to delete that information immediately, if any of the following is true:

(1) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed

(2) You revoke your consent to the processing as per Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for processing

(3) You object to processing in accordance with Art. 21 (1) of the GDPR and there are no prior justifiable grounds for processing, or you submit an objection in accordance with Art. 21 (2) GDPR

(4) Your personal data has been processed unlawfully.

(5) The deletion of personal data concerning you is required to fulfill a legal obligation under union law or the law of the Member States to which the responsible party is subject.

(6) The personal data relating to you was collected in relation to information society services offered pursuant to Art. 8 (1) of GDPR.
Information to third parties
If the responsible party has made the personal data relating to you public and is obliged to delete it in accordance with. Art. 17 (1) of GDPR, taking due account of available technology and implementation costs, also of a technical nature, to inform the responsible party processing the personal data that you, as the person affected, have requested that you delete all links to such personal data or copies or replicas of such personal data.

Exceptions

The right to erasure does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information

(2) to fulfill a legal obligation required by the law of the Union or of the Member States to which the responsible party is subject, or to carry out a task of public interest or in the exercise of public authority delegated to the controller;

(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i as well as Art. 9 (3) GDPR;

(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Art. 89 (1) of GDPR, in so far as the law referred to in para. (a) is likely to render impossible or seriously prejudice the achievement of the objectives of that processing, or

(5) to assert, exercise or defend legal claims.

 

5. Right to information

If you have asserted the right of rectification, deletion or limitation of the processing to the responsible party, they are obliged to disclose details of all the recipients to whom the personal data relating to you, or its rectification, deletion or limitation, has been shared with, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients.

 

6. Right to data portability

You have the right to receive personally identifiable information you provide to the responsible party in a structured, common and machine-readable format. You also have the right to transfer this data to another responsible party without hindrance through the responsible party providing the personal data, provided that

(1)) the processing has consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or is based on a contract pursuant to Art. 6 para. 1 lit. b GDPR

(2) ) the processing is carried out using automated methods.
In exercising this right, you also have the right to obtain the personal data relating to you which is transmitted directly from one responsible party to another, as far as this is technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the responsible party.

 

7. Right to object

You have the right at any time, for reasons that arise from your particular situation, to object to the processing of your personal data, pursuant to Art. 6 para. (1) e or f GDPR; this also applies to profiling based on these provisions.

The responsible party will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, to exercise your right to opt-out by means of automated procedures in which these technical specifications are utilized.

 

8. Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

 

9. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, your workplace or the place of the alleged infringement, if you believe that the processing of your personal data is in breach of the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR

DATA PROTECTION INFORMATION ACCORDING TO ART. 13 GDPR

Dear Sir/Madam,

The personal data of any individual who has a contractual, pre-contractual or other relationship with our company deserves special protection. Our goal is to maintain a high standard of data protection. That’s why we rely on continuous development of our data protection and data security concepts.
Of course we comply with the legal regulations on data protection. According to Art. 13 GDPR, companies impose special information obligations when they collect personal data. We will inform you about the fulfillment of our data protection obligations:

 

1. Name and contact details of the responsible party and the data protection officer

Fischbach GmbH Engelskirchen
Büchlerhausen 18
51766 Engelskirchen
Deutschland
Telefon: +49 (0) 2263 6090
Telefax: +49 (0) 2263 60358
E-Mail: info@fischbach-fi.com

Fischbach GmbH Engelskirchen is to be regarded as responsible within the meaning of the General Data Protection Regulation (GDPR) (Art. 4 (7) GDPR).

Management of the responsible party: Data Protection Officer: contactable at datenschutz@fischbach-fi.com or:

Fischbach GmbH Engelskirchen

Datenschutz

Büchlerhausen 18

51766 Engelskirchen

 

2. Purposes of data processing and legal bases (Art. 13 (1) c GDPR)

Purpose of the processing of personal data is the provision of an online presence of Fischbach GmbH Engelskirchen in connection with the handling of all transactions, those responsible, customers, prospects, business partners or other contractual or pre-contractual relationships between the groups mentioned (in the broadest sense) or statutory duties of the person responsible.
The protection of personal data is of particular concern to Fischbach GmbH Engelskirchen.

The processing of your data is for the purpose of establishing contact, order / purchase processing, justification, execution and termination and settlement of a contractual relationship. The processing is thus essentially necessary for the performance of a contract of which the person concerned is the party (Art. 6 (1) b of the GDPR). The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of enquiries about our products or services. The services provided by the company are based on a contract. In particular, the processing serves the provision of services in the context of the sale of goods and other additional products chosen by you, according to your orders and wishes and include the necessary goods, services, measures and activities. This mainly includes contract-related communication, the verifiability of transactions, orders and other agreements as well as quality control through appropriate documentation, goodwill procedures, measures to control and optimize business processes as well as the fulfillment of general due diligence, control and monitoring by affiliated companies (e.g. parent company); statistical evaluations for corporate management, cost accounting and controlling, reporting, internal and external communication, emergency management, billing and tax assessment of company services, risk management, asserting legal claims and defense in legal disputes; ensuring IT security (including system and plausibility checks) and general security, including: a. building and plant security, ensuring and exercising the domiciliary rights (e.g. through access control); Ensuring the integrity, authenticity and availability of data, prevention and investigation of criminal offenses; control by supervisory bodies or authorities (e.g. auditing).

Insofar as we obtain the consent of the person affected for processing of personal data, Art. 6 para. 1 lit. a GDPR serves as legal basis. An exception applies to cases in which prior consent is not possible for reasons of fact and the processing of the data is permitted by law.

Insofar as the processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 para. 1 lit. c GDPR as legal basis. The legal basis applies to legal requirements, regulatory or other official requirements as well as other statutory reporting procedures (e.g. to the tax office, social security). Processes may include identity and age checks, prevention of fraud and money laundering, prevention, suppression and clarification of the financing of terrorism and offending assets, comparison with European and international anti-terrorist lists, the fulfillment of tax control and reporting obligations as well as the archiving of data for data protection and data security purposes as well as audits by tax and other authorities. In addition, the disclosure of personal data in the context of administrative / judicial action may be required for purposes of gathering evidence, prosecuting or enforcing civil claims. Without the provision of your data through you, contractual justification and processing would not be possible.

In the event that vital interests of the person affected or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as legal basis.

IIf processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights and fundamental freedoms of the person affected do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as legal basis for processing. Possible purposes are: the setting of cookies for analysis purposes or for the optimization of the homepage; the advertising or market and opinion research, as long as you have not objected to the use of your data; the collection of information and data exchange with credit agencies, insofar as this goes beyond our economic risk; the examination and optimization of requirements analysis procedures; the further development of services and products as well as existing systems and processes; the disclosure of personal data in a due diligence process in company sales negotiations; to enrich our data, e.g. by using or researching publicly available data; for statistical analysis or for market analysis; for benchmarking; the assertion of legal claims and defense in legal disputes that are not directly attributable to the contractual relationship; the limited storage of the data, if deletion is not possible or only with disproportionate effort due to the special nature of the storage; the development of scoring systems or automated decision-making processes; the building and plant safety (e.g. by access control and video surveillance), insofar as this goes beyond the general duties of due diligence; internal and external investigations, security checks; the possibility of monitoring or recording phone calls for quality control and training purposes; the preservation and maintenance of certifications of a private or regulatory nature; the safeguarding and execution of the house right by appropriate measures as well as by video surveillance for the protection of our customers and coworkers as well as for the protection of evidence with criminal acts and their prevention.

We process your personal data on the basis of the provisions of the GDPR, the BDSG and all other relevant laws (e.g. BetrVG, AGG, etc.).

The data processing serves to initiate an employment relationship. The primary legal basis for this is Art. 6 (1) lit. b GDPR in conjunction with Section 26 (1) BDSG. In addition, consent can be used as a data protection regulation pursuant to Art. 6 para. 1 lit. a, 7 GDPR in conjunction with § 26 para. 2 BDSG. If the processing of your data is based on your consent, you have the right at any time to revoke the consent with effect for the future.

In individual cases, we process your data in order to safeguard legitimate interests of the person responsible or of third parties (for example subsidiaries of Fischbach GmbH). Such legitimate interest exists in particular if the processing of your data is used for the investigation of criminal offenses (pursuant to Art. 6 (1) f GDPR in conjunction with § 26 (1) sent. 2 BDSG) or for intercompany data exchange for administrative purposes (pursuant to Art. 6 (1) f GDPR). As far as special categories of personal data are processed pursuant to Art. 9 para. 1 GDPR, this serves as part of the application process for the exercise of rights or the fulfillment of legal obligations under labor law, the law of social security and social protection (for example, informing the representatives of the severely handicapped according to § 81 SGB IX). This is done on the basis of Art. 9 para. 2 lit. b GDPR in conjunction with Section 26 (3) BDSG.

In addition, the processing of special categories of personal data based on consent are pursuant to Art. 9 (2) lit. a GDPR in conjunction with Section 26 (3) sent. 2, para. 2 BDSG.

In rare cases, the processing of personal data may be required to protect the vital interests of the person affected or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then processing would be based on Art. 6 para. 1 lit. d GDPR.

 

3. In case processing is based upon Section 6 (1) lit. 1 GDPR: the legitimate interests pursued by the responsible party or a third party (Section 13 (1) lit. D GDPR.

In case processing of personal data is based upon Section 6 (1) lt. f GDPR our legitimate interest is the implementation of our business activities for the benefit of the wellbeing of all members of our company, including in particular shareholders and employees.Our legitimate interest in setting cookies to analyze user behavior is the optimization of our online offer and our website.

 

4. Recipients or categories of recipients of the personal data, if necessary for the fulfillment of the duties (Art. 13 I lit. e GDPR)

Transfer of your data to external bodies takes place exclusively:

  • Public bodies, where priority legislation so requires, always in the context of legal confidentiality obligations;

  • e.g. to credit agencies, debt collection, lawyers, courts, appraisers, committees and supervisory bodies, etc., if a legitimate interest as per Art. 6 para. 1 lit. f GDPR is present;

  • external bodies, such as service providers / processors (Art. 28 of GDPR), who are involved in the legitimate execution of the contract and / or fulfillment of the contract, while respecting the legal provisions relating to cross-border procurement (e.g. external data centers, IT support / maintenance / IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility check, data destruction, purchasing / procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, Telephony, website management, auditing services, credit institutions, printing companies or companies for data disposal, courier services, logistics);

  • Third parties, provided that consent has been given for transmission to these third parties

Your personal data will be processed by employees within Fischbach GmbH Engelskirchen as well as any available home workplaces. These are internal bodies involved in the execution of the respective business process. In addition, Fischbach GmbH Engelskirchen employs freelancers, trainees and interns, as well as employees.

 

5. Recipients in a third country and appropriate or appropriate guarantees and the possibility of obtaining a copy of them or where they are available (Art. 13 (1) lit. f, 46 (1) and 2 lit. c GDPR)

Data processing outside the EU or EEA does not take place. In connection with the provision of cookies, transfer of data to the USA is possible. Those responsible in the data protection sense process your personal data also in the USA are subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

We will not sell or otherwise market your personal information to third parties.

Pursuant to Art. 46 (1) of GDPR, the responsible party or a processor may only transfer personal data to a third country if the responsible party or processor has provided appropriate safeguards and if enforceable rights and effective remedies are available to the person affected. Appropriate guarantees can be represented by standard data protection clauses, without the need for special approval from a supervisory authority, Art. 46 para. 2 lit. c GDPR.

With all third country recipients, the EU standard data protection clauses will be agreed before the initial transfer of personal data. It is therefore ensured that all processing of personal data is guaranteed by appropriate guarantees, enforceable rights and effective remedies resulting from EU standard data protection clauses. Each affected person can receive a copy of the standard data protection clauses. In addition, the standard data protection clauses are also available in the Official Journal of the European Union (OJ 2010 / L 39, pp. 5-18).

 

 6. Duration of storage (Art. 13 Abs. 2 lit. a GDPR)

The legislature has issued a variety of storage obligations and deadlines. There are also tax-related retention requirements. After expiration of these deadlines, the corresponding data will be routinely deleted:

  • Fulfillment of commercial and tax-related retention obligations: In particular, the Commercial Code (HGB), the Tax Code (AO), the Money Laundering Act (GwG). The deadlines for storage and documentation are two to ten years.

  • Preservation of evidence in the context of the statutory limitation provisions: According to §§ 195 ff. Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.

  • Data on an application will be stored and processed by us during the current application process. After completing the application process (e.g. in the form of an acceptance or rejection), the application process will be deleted from the system 6 months after the application process has ended. In the event of an acceptance, we reserve the right to retain your application longer, provided that the entry date is more than 6 months in the future.

If data is not affected, it will be deleted if the above-mentioned purposes cease to apply. If the data is no longer required for the fulfillment of contractual or legal obligations, it will be deleted on a regular basis, unless temporary processing is necessary to fulfill the above-mentioned purposes. In such cases, we may also store and, if necessary, use your data after the termination of our business relationship or our pre-contractual relationship for a period consistent with the purposes.

 

7. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the affected person to provide the personal data; possible consequences of non-provision (Art. 13 (2) lit. e of GDPR)

We clarify that the provision of personal data is partly required by law (such as tax regulations, social security legislation) or may result from contractual arrangements (such as details of the contractor).

Sometimes it may be necessary for a contract to be concluded that an affected person provides us with personal data that must subsequently be processed by us. The person affected is obliged, for example, to provide us with personal data if our company concludes a contract with them (performance contract for goods and services, employment contract, etc.). Failure to provide the personal data would mean that the contract with the person concerned could not be finalized.

Before the person concerned provides personal data, they can address the responsible party. They then inform the individual on a case-by-case basis whether the provision of the personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data and what would happen if the personal data was not provided.

 

8. Existence of an automated decision-making including profiling as per Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the scope and the intended effects of such processing on the person affected (Art. 13 (2) lit. f GDPR)

As a responsible company, we refrain from automatic decision-making or profiling. Insofar as we should use such a procedure in individual cases in the future, we will inform you separately if this is required by law.

We may process some of your information for the purpose of evaluating certain personal aspects (profiling). In order to provide you with targeted information and advice on products, we may use evaluation tools. These enable requirements-based product design, communication and advertising, including market and opinion research.

Likewise, such procedures can be used to assess your credit worthiness and creditworthiness, as well as to combat money laundering and fraud. To assess your creditworthiness and creditworthiness so-called “score values” can be used. In scoring, the probability is calculated using mathematical procedures with which a customer will meet their payment obligations.
according to the contract. Such scores therefore help us to assess creditworthiness, product-related decision-making, and feed into our risk management. The calculation is based on mathematically-statistically accepted and proven procedures and is based on your data, in particular income, expenses, existing liabilities, occupation, employer, duration of employment, experience from the previous business relationship, contractual repayment of previous loans and information from credit agencies.

Data on nationality as well as special categories of personal data according to Art. 9 GDPR are not processed here.

 

9. Existence of rights of access, rectification, cancellation, limitation of processing and of the right of opposition to processing and of the right to transfer data (Art. 13 (2) lit. b GDPR)

All affected persons have the following rights:

Right to disclosure

Each affected person has a right to information about personal data concerning them. The right to information extends to all data processed by us. The right can be exercised easily and at reasonable intervals so that all persons affected are always aware of the processing of their personal data and can verify their legality (recital 63 GDPR). This right results from Art. 15 GDPR. In order to exercise the right to information, the affected person can contact our data protection officer.

Right to rectification

According to Art. 16 p. 1 GDPR, all persons affected have the right to demand from our company, without delay, the correction of incorrect personal data concerning them, if the personal data being processed is incorrect or incomplete. In addition, Art. 16 p. 2 GDPR stipulates that the person affected, subject to the processing purposes, has the right to demand the completion of incomplete personal data, including by means of a supplementary declaration.

Right to deletion

a)   Foundation

Additionally, affected persons are entitled to be deleted and forgotten according to Art. 17 GDPR. You may require the responsible party to delete your personal information without delay, and they are obliged to delete this data immediately, if any of the following is true:

  • Your personal data is no longer necessary for the purposes for which they were collected or otherwise processed.

  • You revoke your consent to the processing as per Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for processing.

  • You object to processing as per Art. 21 (1) of GDPR, and there are no prior justifiable grounds for processing, or you submit an objection to processing in accordance with Art. Art. 21 (2) GDPR.

  • Your personal data has been processed unlawfully.

  • The deletion of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the responsible party is subject.

  • The personal data relating to you has been used in relation to information society services provided in accordance with Art. 8 para. 1 GDPR.

b)   Information to third parties

If the responsible party has disclosed the personal data relating to you to third parties and is obliged to delete them pursuant to Art. 17 (1) GDPR, they shall take appropriate measures, taking into account the available technology and the implementation costs, also of a technical nature, to inform responsible persons who process the personal data that you, as the person affected, have requested that you delete all links to such personal data or copies or replicas of such personal data.

c)    Exceptions

The right to deletion does not exist if the processing is necessary

  • To exercise the right to freedom of expression and information;

  • To fulfill a legal obligation which requires the processing under the law of the Union or of the Member States to which the responsible party is subject or for the performance of a task of public interest or in the exercise of official authority delegated to the responsible party;

  • To assert, exercise or defend legal claims.

Restriction of processing

According to Art. 18 GDPR, every affected person is entitled to a restriction of processing. You may request the restriction of the processing of your personal data under the following conditions:

  • If you deny the accuracy of your personal information for a period of time that enables the responsible party to verify the accuracy of your personal information;

  • The processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of personal data;

  • The responsible party no longer requires the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

  • If you object to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet determined whether the legitimate reasons of the responsible party outweigh your reasons.

If the processing of your personal data has been restricted, this data may – apart from its storage – be processed only with your consent or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction on processing has been restricted according to the prerequisites listed above, you will be notified of the person responsible before the restriction is lifted.

 

Right to objection

Furthermore, Art. 21 GDPR guarantees the right to object. You have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data, pursuant to Art. 6 para. 1 lit. e or f GDPR; this also applies to any profiling based on these provisions.

The responsible party will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.

 

Right to data portability

Art. 20 GDPR grants the person affected the right to data portability. According to this provision, the person affected has the right, under the conditions of Art. 20 para. 1 lit. a and b GDPR, to obtain the personal data concerning them provided to the responsible party in a structured, common and machine-readable format, and submit that data to another responsible party without interference from the responsible party. The person affected can exercise the right to data portability via our data protection officer.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the responsible party.

 

10. Existence of the right to revoke consent at any time, without affecting the legality of the processing on the basis of the consent to revocation, provided that the processing is based on Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (Art. 13 (2) lit. c GDPR)

If processing of personal data based on Art. 6 (1) lit. a GDPR, which is the case if the person affected has given consent to the processing of personal data concerning them for one or more specific purposes or if the processing is based on Art. 9 (2) lit. a GDPR, the person concerned expressly agrees to the processing of special categories of personal data, the person concerned has the right revoke their consent at any time under Art. 7 (3) sent. 1 GDPR.

The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation, Art. 7 (3) sent. 2 GDPR. The revocation of consent must be as simple as the granting of consent, Art. 7 para. 3, sent. 4 GDPR. Therefore, consent can always be withdrawn in the same way as the consent was granted or in any other way that the person affected considers more convenient. In today’s information society, the easiest way to revoke consent is likely to be via a simple email. If the person affected wishes to revoke consent granted to us, a simple email to our data protection officer is sufficient. Alternatively, the person affected may choose any other way to notify us of the withdrawal of consent.

 

11. Right of appeal to a supervisory authority (Art. 13 (2) lit. d, 77 (1) GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a (data protection) supervisory authority, in particular in the Member State of your place of residence, employment or the location of the alleged infringement, if you believe that the processing of your personal data violates German or European data protection law. As the responsible party, we are obliged to inform the person affected of the existence of a right of appeal to a supervisory authority, Art. 13 para. 2 lit. d GDPR. The right of appeal is governed by Art. 77 para. 1 GDPR. Under this provision, without prejudice to any other administrative or judicial remedy, each person affected has the right to complain to a supervisory authority, in particular, in the Member State of their place of residence, their place of work or the place of the alleged infringement, if the person affected considers that the processing of their personal data infringes the General Data Protection Regulation. The right of appeal has been restricted by the unional legislator to the extent that it can only be exercised against a single supervisory authority (recital 141 p. 1 of GDPR). This regulation is intended to avoid duplicate complaints in the same case by the same person affected. Therefore, if an affected person wants to complain about us, we ask you to contact only a single supervisory authority.