A. Website Privacy Statement
B. Data Protection Directive for Social Media Appearances
__________________________
Applicable as of: 05/2019
A. Website Privacy Statement
We process personal data (hereinafter referred to as “data“) of the user only for the purpose of hosting a functional and convenient website and disclosing our contents and services.
The term “process“ shall include collect, use, disclose and/ or store. In principal, “personal data” – pursuant to the General Data Protection Regulation (hereinafter referred to as “GDPR”) – shall be considered as all data enabling the identification of a natural person. The precise definitions of the terminology are set out in Article 4 GDPR.
The text presented below constitutes in particular the nature, extent, purpose, duration and the legal basis for processing personal data whereby the purpose and the means of processing personal data is determined by us alone or jointly with others as is the usage of possible third-party components which are applied for optimization and improvement of quality in use – the respective third parties process data solely on their own responsibility.
_________________________________________
I. Information on the responsible entity
II. Rights of the User
III. Information relating to data processing
_________________________________________
I. Information on the responsible entity
Pursuant to the GDPR and other national member states` laws of data protection respectively any other legal protection regulation, the responsible entity (hereinafter referred to as “provider“) is:
Uebler GmbH
Daimlerstraße 22
91301 Forchheim
Deutschland
Phone: +49 (0) 9191 7362-0
Fax: +49 (0) 9191 7362-77
E-Mail: info@uebler.com
The external data protection officer of the responsible entity is:
Killian Hedrich
c/o DatCQ GbR
Alexander F. Bräuer, Killian Hedrich
and Frank Weiß
Katharinenstraße 16
73728 Esslingen
Phone: +49 (0)711/ 93277955
Fax: +49 (0)711/ 93277956
E-Mail: dsb@datcq.de
II. Rights of the user
With regard to the processing of personal data, reproduced below by the provider, the user shall obtain the following rights:
The right to obtain confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, detailed information on these data as well as further information and copies of the data in accordance with Article 15 GDPR.
The right to obtain rectification of inaccurate personal data concerning him or her respectively the right to have incomplete personal data completed without undue delay in accordance with Article 16 GDPR.
The right to obtain the erasure of personal data concerning him or her without undue delay in accordance with Article 17 GDPR respectively, if further processing is necessary, as laid out in Article 17 GDPR paragraph 3, the user shall have the right to obtain restriction of data processing in accordance with Article 18 GDPR.
The right to receive the personal data concerning him or her which he or she has provided in accordance with Article 20 GDPR as well as the right to transmit those data to other responsible entities.
The right to lodge a complaint with the supervisory authority in accordance with Article 77 GDPR, in case the user considers that the processing of his respectively her personal data by the provider infringes the General Data Protection Regulation.
_________________________
The right to object, at any time, to the future processing of personal data concerning him or her by the responsible entity which is based on point (f) of Article 6 (1) in accordance with Article 21 GDPR. This objection may in particular be raised to the processing of his respectively her data for the purpose of direct marketing.
_________________________
Furthermore the provider is obliged to communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 (1) and Article 18 GDPR to each recipient to whom the personal data has been disclosed. This obligation does not exist if it proves impossible or involves disproportionate effort. The customer shall be informed on disclosures of these recipients.
III. Information relating to data processing
Where detailed information on data processing has not been provided hereafter, the user data being processed by the provider shall be erased or locked as soon as the purpose of storing is no longer available and where there is no other legal ground for retaining the respective data.
Server data
Among others, the following data which is submitted to the provider respectively the webspace provider by the internet browser of the user is collected for communications and safety reasons during a visit to the website (so-called server log files):
– Browser type and version;
– Used operating system;
– Website from which the user visited the providers website (Referrer URL);
– Website which is visited by the user;
– Date and time of access;
– Internet protocol (IP) address of the user.
Furthermore, the data are temporarily stored. The data are not retained in combination with other personal data of the user. The legal basis for the temporary storage is Article 6 paragraph 1 (f) GDPR being based on the legitimate interest in improving the stability, functionality and safety of the website.
The data are deleted after a period of no more than seven days. Data which need to be retained due to the purpose of providing proof are excluded from erasure until the incident has finally been clarified.
Cookies
“Session“ cookies/ “persistent” cookies
The provider uses so-called cookies on his website. Cookies are small text files or other storage technologies which are placed on the terminal device and stored by the user’s internet browser. These cookies process, within an individually defined scope, certain information from the user, such as browser and location data as well as IP address values.
The processing allows the provider to operate his website in a more user-friendly, effective and safer manner. Thus, the processing might make it possible to provide the contents in different languages or offer a shopping trolley function. If personal data are collected via these cookies for the purpose of initiating or fulfilling a contract, the legal basis for the processing shall be in accordance with Article 6 paragraph 1 (b) GDPR.
“Persistent“ cookies are used by the website to recognise the user via his/ her browser when he/ she is promptly revisiting the website and to redisplay the already given information on how to use the cookies.
In cases where the processing of the data is not necessary for the purpose of contract negotiations and implementation, the legal basis for processing shall be Article 6 paragraph 1 (f) GDPR and is based on the legitimate interest of the provider in improving the functionality of the website as well as on legal compliance.
The “session” cookies are deleted as soon as the user closes his browser. The “persistent” cookies are automatically deleted within a set period stipulated by the provider. This period varies depending on the respective cookie, but will not exceed a period of two months.
Third-party cookies
The provider`s website may also use third-party cookies. These third-parties are partner companies of the provider with the objective of cooperating with regard to arising advertising, analyzing or functionality tasks of the website. If this is the case, the purpose and legal basis of the respective processing is cited in the following provisions.
Erasure possibilities
The user may prevent or restrict the installation of cookies via a respective setting of the browser. Already stored cookies may also be deleted at any time. The settings which are required for this purpose depend on the respective browser. If flash cookies are used, processing cannot be prevented via browser settings but via the respective flash player setting. If the user prevents or restricts the installation of the cookies, the user may not be able to completely utilize all functions of the website.
Contact requests
If the user wishes to establish a contact with the provider – via contact form or e-mail – the personal data which is entered by the user on this occasion is used for processing the request. Entering the data is necessary for replying to inquiries, if the data are not entered, the reply will either be impossible or only to a limited extent.
If the purpose of the contact request is to fulfill a contract or to implement pre-contractual measures, the legal basis shall be Article 6, paragraph 1 (f) GDPR.
The data of the user are deleted without undue delay once the inquiry of the user has been conclusively replied to and deletion is not prevented by the legal obligation to retain it for other purposes, such as subsequent contract administration.
The legal basis may also be the user’s consent in accordance with Article 6, paragraph 1 (a) GDPR. In the context of the contact form the user may be asked to express consent to the aforementioned processing and reference shall be made to this data protection declaration.
The user shall have the right to withdraw his respectively her consent to creating a customer account at any time by notifying the provider in accordance with Article 7, paragraph 3 GDPR. The personal data processed in this context are deleted as soon as processing is no longer necessary.
Google Maps
The provider uses the component “Google Maps” of the company Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”, for providing directions to the site.
Google has been certified in accordance with the “EU-US Privacy Shield” and consequently guarantees the compliance of the data protection regulations of the EU with regard to the processing of the data in the USA.
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
When using the “Google Map” component, Google uses cookies that allow Google to process user settings and user data as soon as the screen with its associated functions is opened. The possibility that external servers are used by Google for this purpose in the USA cannot be ruled out.
The legal basis shall be in accordance with Article 6 paragraph 1 (f) GDPR. The legitimate interest of the provider is justified by optimizing the functionalities of the website.
As soon as there is a connection Google can recognize from which website an inquiry is sent and to which IP address the directions are transferred to.
In case the user does not consent to the processing, the user may prevent the installation of these cookies via a respective setting of the browser. For more details, please refer to the aforementioned chapter “cookies”.
The use of “Google Maps“ and data obtained from the “Google Maps“ service are subject to Google’s conditions of use and the additional terms and conditions of business for “Google Maps“.
Further information, in particular with respect to the possibilities of preventing the use of data, can be found at the following links:
https://policies.google.com/privacy
https://adssettings.google.com/authenticated.
Google Fonts
For presenting the fonts on the website the provider uses external character fonts in the form of “Google Fonts“, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.
Google has been certified in accordance with the “EU-US Privacy Shield” and consequently guarantees the compliance of the data protection regulations of the EU with regard to the processing of the data in the USA.
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
When accessing the provider’s website a connection to the Google server in the USA is established in order to allow for the presentation respectively the updating of the font.
The legal basis shall be in accordance with Article 6 paragraph 1 (f) GDPR. The legitimate interest of the provider is justified by the optimization and economical operation of the website.
As soon as there is a connection Google can recognize from which website an inquiry is sent and to which IP address the presentation of the font is transferred to.
Further information, in particular with respect to the possibilities of preventing the use of data, can be found at the following links:
https://policies.google.com/privacy
https://adssettings.google.com/authenticated.
Google Analytics
This website uses Google Analytics, a web analysis service of the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.
Google has been certified in accordance with the “EU-US Privacy Shield” and consequently guarantees the compliance of the data protection regulations of the EU with regard to the processing of the data in the USA.
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
The provider uses Google Analytics to analyze the use of the website.
The legal basis shall be in accordance with Article 6 paragraph 1 (f) GDPR. The legitimate interest of the provider is justified by the analysis, optimization and economical operation of the website.
Information, such as time, location and frequency of the user’s website visit – including his respectively her IP address – is transferred to and stored on a server operated by Google in the USA.
In this context the provider uses Google Analytics with an anonymization function. Due to this sub-function Google shortens the IP address for users who are registered within a member state of the European Union or another contracting state of the European economic area agreement.
The data which is collected in this context is used by Google to evaluate the user’s visit of the website and to compile reports on the website activities for the provider. Moreover the data are used as a means of providing further services related to the use of the website and of the internet. Google may also pass this data on to third parties, if this is required by law or if third parties are processing this data on behalf of Google. Under no circumstances will Google, according to its own statement, link the user`s IP address to other data of Google. Further information, in particular with respect to the possibilities of preventing the use of data, is provided by Google at the following link:
https://www.google.com/intl/de/policies/privacy/partners
For the most popular web browsers Google offers also the possibility to install a deactivation add-on giving the user more control over the data which is collected by Google when visiting a website. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit shall not be sent to Google Analytics. However, the Google Analytics Opt-Out Browser Add-On does not prevent information from being sent to the provider or to other web analytics services which may be appointed by the provider and listed in this data protection regulation.
Further information with respect to the installation of the browser add-on can be found at the following link:
Browser-Add-On zur Deaktivierung von Google Analytics
Alternatively, the future analysis of the user’s website visit by Google Analytics can be disabled by clicking on the below-mentioned link. By clicking the provided link the user’s cookie will be transferred into an “opt-out cookie” which prevents the future analysis of the user’s web site visit to the provider.
Please note: If the user deletes the cookies in his browser settings, the opt-out cookie will usually also be deleted and if necessary, the opt-out task needs to be performed again.
Facebook Social Plugin
This website uses the plugin of the social network facebook.com. Facebook is a service which is provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA and which, in the EU, is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland – hereinafter both are referred to as “Facebook”.
Facebook has been certified in accordance with the “EU-US Privacy Shield” and consequently guarantees the compliance of the data protection regulations of the EU with regard to the processing of the data in the USA.
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
The legal basis shall be in accordance with Article 6 paragraph 1 (f) GDPR. The legitimate interest of the provider is justified by the quality in use of the website.
All possible Facebook plugins and its functions are available at the following link:
https://developers.facebook.com/docs/plugins/
Every time a user accesses the website which is equipped with such a plug-in the plug-in induces the browser of the user to download the respective plug-in illustration from Facebook in the USA. In this context it is technically essential for Facebook to process the IP address of the user and when doing so Facebook also collects the date, time and website which is visited by the user.
If the user views the website of the provider while he is logged-in to Facebook, Facebook recognizes the specific visit of the user by means of the information which is collected by the plug-in and may allocate this information to the user’s personal account on Facebook.
If the user interacts, for example via the Facebook “like” button, this information is also assigned to the user’s personal Facebook account and may be stored and published.
If the user wants to prevent the direct allocation of the collected information to his respectively her user account by Facebook, the user either needs to log-out of Facebook before visiting the provider’s website or use an “add-on” for blocking the loading of the Facebook plug-in on the website.
More information on the exaltation and usage of the data through Facebook, as well as the respective rights and possibilities for protecting the user’s privacy can be found in the privacy statements of Facebook:
https://www.facebook.com/policy.php
YouTube
For displaying video sequences on this website, the provider uses a tool of the company YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA – hereinafter referred to as “YouTube”. YouTube is a company of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.
YouTube has been certified as subsidiary of Google in accordance with the “EU-US Privacy Shield” and consequently guarantees the compliance of the data protection regulations of the EU with regard to the processing of the data in the USA.
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
The legal basis is laid out in Article 6, paragraph 1 (f) GDPR. The legitimate interest of the provider is justified by improving the quality in use of the website. The provider uses YouTube in the enhanced data protection mode which is offered by YouTube.
In the enhanced data protection mode the data which are, according to YouTube, reproduced below by the provider shall only be passed on to the YouTube server if a video is started.
When visiting a website with an embedded video, a connection to the YouTube servers in the USA is established which then instruct the user’s browser to display the content on the internet. For this purpose YouTube processes at least the user’s IP address, date and time as well as the visited website.
By doing so, a connection with the Google Double-Click advertising network is automatically established. If the user views the website of the provider while he is logged-in to YouTube, YouTube allocates the connection information to the user’s YouTube account.
If the user wants to prevent the direct allocation of the collected information to his respectively her user account by YouTube, the user needs to log-out of YouTube before visiting the provider’s website. In addition, there is the option of configurating the user account accordingly.
YouTube uses permanent cookies in order to be able to allow functionality and analysis.
In case the user does not consent to the processing, the user may prevent the installation of these cookies via a respective setting of the browser. For more details, please refer to the aforementioned chapter “cookies”.
More information on the exaltation and usage of the data through Google, as well as the respective rights and possibilities for protecting the user’s privacy can be found in the privacy statements of Google:
https://policies.google.com/privacy
B. Data Protection Directive for Social Media Appearances
So-called social media platforms are used by us for endorsing our products and services as well as for communicating with interested parties or costumers.
The text presented below provides you in particular with information regarding the nature, scope, purpose and duration as well as the legal ground for the processing of personal data during a visit to one of our company presentations on a social media platform or in case you are contacting us via such a platform.
The term “processing” shall specifically include the collection, use, distribution and/ or storage. Pursuant to the General Data Protection Regulation (hereinafter referred to as “GDPR”) the term “personal data” shall in principle include all data which may be used for the identification of a natural person.
The precise definitions of the terminology are set out in Article 4 GDPR.
_________________________________________
I. Information on the joint responsible entity
II. Rights of the User
III. Information on data processing
_________________________________________
I. Information on the joint responsible entity
The joint entity responsible for all below mentioned social media platforms shall be
Uebler GmbH
Daimlerstraße 22
91301 Forchheim
Deutschland
Tel: +49 (0) 9191 7362-0
Fax: +49 (0) 9191 7362-77
E-Mail: info@uebler.com
– hereinafter referred to as “provider –
together with the respective below mentioned platform operator in accordance with Article 26 GDPR.
The external data protection officer of the responsible entity is:
Killian Hedrich
c/o DatCQ GbR
Alexander F. Bräuer, Killian Hedrich
and Frank Weiß
Katharinenstraße 16
73728 Esslingen
Tel. +49 (0)711/ 93277955
Fax: +49 (0)711/ 93277956
E-Mail: dsb@datcq.de
_________________________
Facebook and Instagram
With respect to the social media platform facebook and instagram the provider shall share joint responsibility with
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
The data protection supervisor of facebook may be reached via a contact form
https://www.facebook.com/help/contact/540977946302970
The joint responsible entities have defined the respective obligations regarding the GDPR in an agreement which can be obtained via the following link:
https://www.facebook.com/legal/terms/page_controller_addendum
_________________________
II. Rights of the user
Notwithstanding the details of this agreement you may assert your rights in accordance with the framework of the GDPR towards each individual responsible entity.
With regard to the processing of personal data, reproduced below by the responsible entity, the user shall obtain the following rights:
The right to obtain confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, detailed information on these data as well as further information and copies of the data in accordance with Article 15 GDPR.
The right to obtain rectification of inaccurate personal data concerning him or her respectively the right to have incomplete personal data completed without undue delay in accordance with Article 16 GDPR.
The right to obtain the erasure of personal data concerning him or her without undue delay in accordance with Article 17 GDPR respectively, if further processing is necessary, as laid out in Article 17 GDPR paragraph 3, the user shall have the right to obtain restriction of data processing in accordance with Article 18 GDPR.
The right to receive the personal data concerning him or her which he or she has provided in accordance with Article 20 GDPR as well as the right to transmit those data to other responsible entities.
The right to lodge a complaint with the supervisory authority in accordance with Article 77 GDPR, in case the user considers that the processing of his respectively her personal data by the provider infringes the General Data Protection Regulation.
_________________________
The right to object, at any time, to the future processing of personal data concerning him or her by the responsible entity which is based on point (f) of Article 6 (1) in accordance with Article 21 GDPR. This objection may in particular be raised to the processing of his respectively her data for the purpose of direct marketing.
_________________________
Furthermore the provider is obliged to communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 (1) and Article 18 GDPR to each recipient to whom the personal data has been disclosed. This obligation does not exist if it proves impossible or involves disproportionate effort. The customer shall be informed on disclosures of these recipients.
III. Information on data processing
The below-mentioned social media platforms are used by the provider for endorsing its products and services as well as for communicating with interested parties or costumers.
The legal ground for processing the respective personal data on the below-mentioned social media platforms shall be Article 6 paragraph 1 (f) GDPR and shall apply to each reproduction. The legitimate interest of the provider is justified by the analysis, communication, sale and promotion of its products and services.
The consent of a user which is given to the platform operator in accordance with Article 6 paragraph 1 (a) GDPR may also be the legal ground for personal data processing. The user shall have the right to withdraw his respectively her consent with future effect at any time by notifying the platform operator in accordance with Article 7 paragraph 3 GDPR.
Facebook and instagram
When visiting the online presentation of the provider which is appearing on a facebook and instagram platform, Facebook Ireland Ltd., as the provider of both platforms in the EU, processes user data (such as personal information, IP address etc.).
These user data allow the provider to obtain statistical information on the visits of his/her company presence on facebook and instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as for creating user profiles. These profiles can then, for example, be used by Facebook Ireland Ltd. to provide customer-based advertisement on and off facebook and instagram. If the user is logged in to his/her facebook or instagram account during a visit, Facebook Ireland Ltd. may furthermore link the data with the respective user account.
If the user contacts the provider via facebook or instagram, the respectively communicated personal user data are used to process the query. The data of the user are deleted by the provider without undue delay as soon as the query is conclusively answered and deletion is not prevented by the legal obligation to retain it for other purposes, such as subsequent contract administration.
Facebook Ireland Ltd. might also use cookies for data processing.
In case the user does not consent to the processing, the user may prevent the installation of these cookies via a respective setting of the browser. Already stored cookies may also be deleted at any time. The settings which are required for this purpose depend on the respective browser. If flash cookies are used, processing cannot be prevented via browser settings but via the respective flash player setting. If the user prevents or restricts the installation of the cookies, the user may not be able to completely utilize all facebook or instagram functions.
Detailed information on data processing, measures to prevent data processing and deleting data which are processed by Facebook Ireland Ltd. may be found in the privacy policy guidelines of facebook or instagram:
https://www.facebook.com/privacy/explanation
https://help.instagram.com/519522125107875
It cannot be excluded that processing by Facebook Ireland Ltd. or by Facebook Inc., 1601 Willow Road, Manlo Park, California 94025 also takes place in the USA.
Facebook Inc. is subjected to the “EU-US Privacy Shield” and consequently guarantees the compliance of the data protection regulations of the EU with regard to the processing of data in the USA.
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active