We take very seriously the protection of your data. It goes without saying, therefore, that we adhere to the legal provisions for data protection, as specified under the latest wording of the German federal data protection act (BDSG; version 2018), the European Union’s General Data Protection Regulation GDPR, No. 2016/679, and the German telemedia act TMG.
Controller and Data Protection Officer
The controller as defined under Article 4(7) GDPR or the service provider as defined under § 13 TMG is:
JUTEC Biegesysteme GmbH & Co. KG (referred to hereinafter as “provider”)
Phone: +49 64 31 93 49 - 0
The Data Protection Officer can be contacted at:
JUTEC Biegesysteme GmbH & Co. KG
Phone: +49 6431 93 49 - 0
- 1. General Data Collection and Data Processing
Every time the provider’s webpages are visited and used, the provider or the web hosting service collects as access data the IP address and provider of the requesting computer, the webpage and data retrieved, the date and time of the retrieval, the data quantity transferred, the successful retrieval notification, data identifying the browser and operating system on the requesting computer, and the website visited previously (the webpage originating the request to the provider’s website).
The above access data are collected and processed only for the purposes of system administration, system security, website optimisation, and statistical analyses.
The collection of the above data and the temporary storage of the website visitor’s IP addresses serve to maintain the website’s security against attack. It therefore serves to protect the justified interests of the data processor as defined under point (f) of Art. 6(1) GDPR.
2. Personal data
Under Art. 4(1) GDPR and § 46(1) BDSG (version 2018), “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. These data include e.g. name, address, email address, phone number. Usage data also are covered by personal data.
3. Collection and processing of personal data
The provider collects and processes personal data only when this is permitted under the law, the provider is authorised to do, or you consent to the collection of these data. When you contact us by email or via the contact form, the provider stores the data you provide (your first and last names, your email address) for the purpose of handling your request. Entering further personal data is optional. The data collected in this context are deleted once their storage is no longer needed or their processing is restricted under legal retention obligations, if any.
The provider uses on its webpages transient and persistent cookies for the purpose of enhancing the user friendliness of its website and of collecting statistical data for the continuous improvement of its web contents. Cookies are small text only files that the browser you use saves to an assigned location on your hard disk and that the site creating the cookie uses to store certain information. Cookies cannot execute programs nor transfer viruses to your computer.
If you do not wish cookies to be used when you visit the provider’s website, you may reconfigure your web browser accordingly. Your web browser will then prompt you to select whether the storage of cookies is to be restricted or not allowed at all. In this case, the provider points out that without cookies you may not be able to use the website’s functions to the full extent.
This information is stored separately from any other data you have communicated to the provider. Specifically, cookie data is not linked to any other of your data.
Following your consent, you may subscribe to the provider’s newsletter informing you of the latest interesting offers. The promoted goods and services are named in the declaration of consent.
The provider applies the so called double opt-in procedure for subscriptions to its newsletter. In other words, the provider first sends you an email to the email address you specified when requesting the newsletter. This email asks you to confirm your wish to receive the newsletter. If you do not confirm your subscription within twenty four (24) hours, your data are quarantined and, one month later, deleted automatically. In addition, the provider stores your IP address and the times you subscribed and confirmed your subscription to the newsletter. This procedure is intended to verify your subscription and, if necessary, to clarify any misuse of your personal data.
The mandatory data for receiving the newsletter is solely your email address. Specifying additional, specially highlighted data is voluntary, and these are used to address you personally. Following your confirmation, the provider stores your email address for the purpose of sending you the newsletter.
Your consent to receiving the newsletter you may revoke at any time to unsubscribe from the newsletter. To revoke your consent, you can click the link provided in each newsletter or send to the contact details listed under the legal notice a notification to this effect by post, phone, or fax.
6. Use of YouTube
The provider has integrated in its website YouTube videos that are stored at http://www.YouTube.comand can be played back directly from the provider’s website. These are all integrated in the so called advanced privacy mode, i.e. no data concerning you as the user are transferred to YouTube when you do not play back the video. Only by playing back videos will the data named in the following paragraph be transferred. The provider has no control over this data transfer.
When you visit the website, YouTube receives the information that you have retrieved the corresponding subpage of the provider’s website. Also collected are the data named under “General data collection”. This takes place irrespectively of whether you are logged into or do not have a user account at YouTube. If you have logged into a Google account, your data will be assigned directly to this account. If you do not wish your data to be assigned to your YouTube profile, you must first log out before clicking the button. YouTube stores your data as a usage profile and utilises this for advertising, market research, and/or needs based website design purposes. The data are analysed in this manner, also for users that are not logged in, specifically for providing needs based advertising and informing other users on the social network about your activities on our website. You are accorded the right to object to this creation of such user profiles, but to exercise this right you must contact YouTube.
7. Integration of the analytics service Matomo
The provider employs for its website the analytics service Matomo (www.matomo.org) that conducts statistical analyses on the requests to the provided website content for the purpose of improving this website at regular intervals. These analyses involve saving cookies (see “Cookies” above for details) to the user’s computer.
The information collected in this manner is stored exclusively on servers in Germany. You can stop these analyses by deleting the saved cookies and preventing them from being saved in future. If you prevent cookies from being saved, the provider points out that you may not be able to use the website’s functions to the full extent. You can also configure your browser to prevent cookies from being saved. You can also prevent Matomo analyses by unchecking the following box, activating thereby the opt-out plugin.
This website employs Matomo with the function “AnonymizeIP”. This serves to abbreviate IP addresses before they are processed, eliminating thereby any direct references to persons. The IP address Matomo collects from your browser is not merged with any other data we collect.
8. Google AdWords Remarketing and Conversion Tracking
This website employs Google Adwords Conversion Tracking and Google Adwords Remarketing, both web analytics services provided by Google Inc. (referred to hereinafter as “Google”). For this purpose, Google uses so called cookies. This cookie generally contains as analysis findings the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant to post view conversions), and opt out details (whether the user no longer wishes to be addressed). It is used for the unique identification of a web browser on a particular computer, but not for the identification of a person: personal data are not stored. The information this cookie helps to generate is generally transferred to a Google server in the USA, where it is stored. When you enable IP anonymisation on this website, Google will first abbreviate your IP address, however, within the member states of the European Union or other signatories to the Agreement on the European Economic Area, ruling out thereby any direct reference to your person. Authorised by the provider of this website, Google utilises this information to register and analyse your use of certain Google services or websites on the Google Display Network.
We point out to you that on this website Google Adwords (Remarketing / Conversion Tracking) has been supplemented with the code “ga('set', 'anonymizeIp', true);”, safeguarding thereby the anonymised collection of IP addresses (so called IP masking). This serves to abbreviate IP addresses before they are processed, eliminating thereby any direct references to persons.
The provider employs the Remarketing function to present to users of its webpage in other websites on the Google Display Network (Google itself, so called Google Ads, or other websites) advertisements based on their interests. To this end, user interaction is analysed on our website, e.g. the offers in which users are interested, for the purpose of presenting targeted advertisements to these users after they have visited our webpage on other sites.
The provider employs Conversion Tracking to generate conversion statistics. In doing so, it learns of the number of users that have clicked one of its advertisements and have been redirected to a page provided with a Conversion Tracking tag.
9. Data processing on the Facebook fan page
(1) The provider maintains a Facebook fan page to promote its products and services. The joint controllers of this Facebook fan page as defined under GDPR and other data protection laws:
Facebook Ireland Ltd. (referred to hereinafter as “Facebook”)
4 Grand Canal Square
Grand Canal Harbour
JUTEC Biegesysteme GmbH & Co. KG (referred to hereinafter as “provider”)
As part of this joint control, a corresponding supplementary agreement (“Page Insights Controller Addendum”) was concluded with Facebook. This addendum defines the respective responsibilities assigned to Facebook and to us as the fan page operator with respect to how insights data are processed. Further details can be viewed here.
(2) The provider’s fan page can be viewed by both Facebook users and visitors without a Facebook account. Irrespectively of whether or not the user has a Facebook account, Facebook creates cookies when the fan page is visited. These collect information on user behaviour, also following visits to the fan page. In addition, these cookies offer the provider as the operator of the fan page anonymous statistical data on the visitors to our fan page (so called Facebook Insights data) These processes transfer your data to Facebook servers in the USA, where they are stored. Facebook is committed to the EU–US Privacy Shield.
(3) Facebook collects and provides us with the following information in anonymised form: the total number of page insights, “Like” details, page activities, post interactions, reach, video views, post reach, comments, shared content, answers, gender, origin based on country and city, age, language, shop insights and clicks, trip planner clicks, phone number clicks. Data will continue to be provided over this channel to the Facebook groups linked to our fan page.
(4) The provider uses these anonymised data to enhance the appeal of posts and activities on its fan page. For instance, the provider utilises e.g. the age and gender distribution to tailor its addresses and prioritise preferred visiting times for the optimised scheduling of its posts. Information on the type of terminals used by visitors serve to modify posts to the respective display requirements.
(5) In line with Facebook’s conditions of use that all users have agreed to when creating their Facebook profiles, the provider can identify its fan page subscribers and followers and view their profiles as well as other information you have shared.
The provider maintains a fan page on the platform provided by Facebook Inc., 1601 S. California Avenue, Palo Alto, CA, 94304, USA (Facebook data directive). Every visit and every interaction on the fan page causes data to be processed, irrespectively of whether or not you have a Facebook account. If you have logged into your Facebook account, Facebok Inc. merges the information collected from your visit to the fan page with your account details and may use these to generate profiles. If you do not wish a profile of this kind, log out of your account before visiting our fan page.
By means of “Facebook Insights”, the provider processes the statistical data collected from its fan page like the total number of page insights, “Like” details, page activities, post interactions, video views, post reach, comments, shared content, answers, the ratio of female to male visitors to our website, origin based on country and city, age, language, shop insights and clicks, trip planner clicks, phone number clicks. This is based on our justified interest as defined under point (f) of Article 6(1) GDPR in raising the appeal of posts on the page and determining the optimal schedule for publications.
You have the right to access, erase, and rectify your data, to restrict their processing, to object to their processing, to data portability, and to file complaints before the supervisory authorities. These rights you may exercise before both Facebook Inc. and the provider. Claims filed against us we shall redirect to Facebook as set down in our agreement.
Seeing that the provider has joint control over how your data are processed, the provider has concluded a so called Page Controller Addendum with Facebook.
10. Data processing on the Instagram fan page
The provider maintains a fan page on the platform “Instagram.com” provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (referred to hereinafter as “Facebook”) (Instagram data directive). Every visit and every interaction on the fan page causes data to be processed, irrespectively of whether or not you have an Instagram or a Facebook account. If you have logged into your account, Instagram and/or its affiliated companies may merge the information collected from your visit to the fan page with your account details and may use these to generate profiles. If you do not wish a profile of this kind, log out of your account before visiting the fan page.
By means of “Instagram Insights”, the provider processes the statistical data collected from its fan page like gender, age bracket, location, page insights, interactions and details on paid activities, reach, reached accounts, impressions, and impressions per day. This is based on our justified interest as defined under point (f) of Article 6(1) GDPR in raising the appeal of posts on the page and determining the optimal schedule for publications.
You have the right to access, erase, and rectify your data, to restrict their processing, to object to their processing, to data portability, and to file complaints before the supervisory authorities. These rights you may exercise before both Facebook Ireland Ltd. and the provider. Claims filed against the provider will be redirected to Facebook as set down in the agreement.
Seeing that we have joint control over how your data are processed, the provider has concluded a so called Page Controller Addendum with Facebook.
11. Use of the webshop
If you wish to order in the provider’s webshop, you must enter your personal data so that we can process your order and conclude the contract. The mandatory entries need to process contracts are highlighted; all other details are voluntary. The provider processes the data you enter for the purpose of handling your order. To this end, the provider may forward your payment data to its affiliated bank.
You may choose to create a customer account where the provider stores your data for future purchases. When you create an account under “My account”, the data you enter will be stored until revocation. The customer area lets you delete all other data, including your user account, at any time.
In addition, the provider can process the data you enter for the purpose of informing you of further interesting products from its portfolio or sending you emails with technical information.
The ordering process is TLS-encoded as a measure to prevent unauthorised third party access to your personal data, specifically your bank details.
12. Rights of the data subject
You are accorded the right:
- under Art. 15 GDPR to demand access to your personal data the provider processes. Specifically, you can demand information on the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage duration, the existence of a right to rectification, erasure, restricted processing, or objection, the existence of a right to complain, the origin of your data when these have not been collected by the provider itself, the existence of automated decision making including profiling, and, if necessary, information on its specific details (access claim);
- under Art. 16 GDPR to demand the immediate rectification of incorrect or incomplete personal data the provider has stored about you (rectification claim);
- under Art. 17 GDPR to demand the erasure of your personal data the provider has stored when their continued processing is not required to execute the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims (erasure claim);
- under Art. 18 GDPR to demand the restricted processing of your personal data when you contest the correctness of these data, their processing is unlawful, but you decline their erasure, we no longer need the data, and you need these for the establishment, exercise, or defence of legal claims, or, under Art. 21 GDPR, you have filed an objection to their processing (restricted processing claim);
- under Art. 20 GDPR to receive your personal data you have given to the provider in a structured, commonly used, and machine-readable format or to demand their transfer to another controller (right to data portability);
- under Art. 7(3) GDPR to revoke your consent you previously granted the provider at any time. The consequence is that the provider may no longer continue processing the data based on this consent (right to object);
- under Art. 77 GDPR to file a complaint before a supervisory authority (right to lodge a complaint).
13. Purposes and legal bases
The provider processes your personal data in compliance with the data protection laws applying in each and every case. This processing is lawful when one of the following conditions has been fulfilled:
- Consent as defined under point (a) of Article 6(1) GDPR:
The processing of personal data is deemed lawful when consent has been granted to their processing for defined purposes, e.g. for marketing. Consent once granted can be revoked at any time with future effect. This also applies to the revocation of declarations of consent granted to us before the GDPR came into force on 25 May 2018.
- Contractual obligations as defined under point (b) of Article 6(1) GDPR:
The provider processes personal data for the purpose of fulfilling its contractual obligations or for taking steps on request prior to entering into a contract. The purposes of data processing result primarily from your request.
- Legal requirements as defined under point (c) of Article 6(1) GDPR:
The provider is subject to various legal obligations. These include e.g.
- retention requirements under the trade and tax laws in the German commercial code HGB and the German tax ordinance AO,
- fulfilment of obligations to examine and report under the tax laws.
- Protection of justified interests as defined under point (f) of Article 6(1) GDPR:
If necessary, the provider processes your data beyond the actual fulfilment of the contract for the purpose of protecting its or third parties’ justified interests. Examples:
- the establishment of legal claims and defence in legal disputes,
- the safeguarding of IT security and operations,
- the analysis and improvement of website use.
14. Transfers to a third party nation or international organisation
Personal data are transferred actively to a third party nation only when this has been pointed out explicitly as part of the above named services.
15. Criteria used to determine storage periods
In compliance with the legal requirements, the data are stored for their processing subject to the legal retention periods. The provider processes and utilises your data exclusively for the purposes the provider is entitled to and only for as long as these data are needed for these purposes.
If the data are no longer needed for the purpose or for fulfilling legal obligations, these are deleted as a rule unless their continued — time limited and, if necessary, restricted — processing is required for the following purposes:
- The fulfilment of retention periods under the trade and tax laws: These are specifically the HGB and the AO. These specify retention or documentation periods of up to ten (10) years.
- The collection of evidence under the legal requirements for limitation periods: Under §§ 195 ff of the German civil code BGB, the standard limitation period is three (3) years, but may be as high as thirty (30) years under specific circumstances.
16. Obligation to provide and potential consequences of failing to provide personal data
When making use of the provider’s offers, you must provide those personal data that are needed to fulfil the purpose or that the provider is obliged by law to collect. Without these data, the provider as a rule will be unable to deliver the requested performance.
17. Existence of automated decision making
In general, the provider does not employ any fully automated decision making as defined under Article 22 GDPR to justify and perform the business relationship. If the provider does make use of this procedure in individual cases, it will inform you thereof in a separate communication when this is stipulated by law.
- II. Data protection notices for contracted partners
The following data protection notices provide an overview of how your data are collected and processed.
- 1. Source of personal data
We process personal data that we receive from our contracted partners over the course of our business relationship. Moreover, if this becomes necessary to deliver our performance, we process personal data that we gain lawfully from public sources or that other authorised third parties communicate to us.
- 2. Categories of personal data concerned
We process the following categories of personal data: master data (e.g. name, address, phone number, email address), job data, data for fulfilling our contractual obligations, details on your creditworthiness, payment reliability, correspondence (e.g. with you), and other data comparable with the named categories.
- 3. Purposes for which personal data are to be processed, and legal bases of processing
We process your personal data in compliance with the national and European data protection laws applying in each and every case. This processing is lawful when at least one of the following conditions has been fulfilled:
- a. Consent as defined under point (a) of Article 6(1) GDPR
When you have granted us your consent to process your personal data for particular purposes (e.g. marketing), this processing is lawful on the basis of your consent. Consent once granted can be revoked at any time with future effect. This also applies to the revocation of declarations of consent granted to us before the GDPR came into force on 25 May 2018.
- b. Fulfilling its contractual obligations or taking steps prior to entering into a contract — point (b) of Art. 6(1) GDPR
We process personal data for the purpose of fulfilling our contractual obligations as well as for taking steps on request prior to entering into a contract. The purposes of data processing result primarily from the actual contractual relationship and may also include needs analyses and advice. Further details on data processing purposes can be taken from the contract documents and the terms and conditions.
- c. Legal requirements as defined under point (c) of Art. 6(1) GDPR or public interest under point (e) of Art. 6(1) GDPR
JUTEC GmbH & Co. KG is subject to various legal obligations, e.g. the retention requirements under the trade and tax laws in the German commercial code HGB and the German tax ordinance AO. Processing purposes also include the fulfilment of obligations to examine and report under the tax laws as well as risk assessment and control in the company.
- d. Protection of justified interests as defined under point (f) of Article 6(1) GDPR
If necessary, we process your data beyond the actual fulfilment of the contract for the purpose of protecting our or third parties’ justified interests. Examples:
- revision and improvement of procedures for general business control and the further development of products and services,
- advertising, market and opinion research if you have not objected to the use of your data,
- the establishment of legal claims and defence in legal disputes,
- defence against and clarification and prevention of crime,
- the safeguarding of IT security and operations,
- advice from and data exchange with credit agencies for the purpose of determining creditworthiness and default risks.
- 4. Categories of recipients of personal data
Within the company, only those offices needing this to fulfil our contractual and legal obligations are authorised to access personal data. In addition, JUTEC GmbH & Co. KG commissions carefully vetted and GDPR-conforming service providers based in the EU to execute any one of the above processes and services. These are companies e.g. in the categories of IT services, HR services, payment transactions, print service providers, accounting, debt collection, consultancy, and leasing that we consult as part of our job handling relations. With respect to the transfer of data to other recipients, we may forward information about you only when stipulated by legal provisions, you have consented to this, or we are authorised to do this. When these conditions have been fulfilled, recipients of personal data may include:
- public bodies and institutions, e.g. fiscal authorities, when demanded by law or the authorities,
- other companies or comparable institutes to which we forward personal data for the purpose of fulfilling business relations with you.
Also other bodies may become data recipients when you have granted us your consent to data transfer.
- 5. Intent to forward personal data to a third party nation or an international organisation
There is no active transfer of personal data to a third party country or an international organisation.
- 6. Criteria used to determine the storage period for personal data
The criteria used to determine the storage period depend on the conclusion of the purpose and the subsequent legal retention period. If the data are no longer needed for fulfilling contractual or legal obligations, these are deleted at regular intervals unless their continued — time limited and, if necessary, restricted — processing is required for the following purposes:
- Fulfilment of retention periods under the trade and tax laws: These are specifically the HGB and the AO. These specify retention or documentation periods of up to ten (10) years.
- Collection of evidence under the legal requirements for limitation periods: Under §§ 195 ff of the German civil code BGB, the standard limitation period is three (3) years, but may be as high as thirty (30) years under specific circumstances.
- 7. Data protection rights
Each and every data subject has the right to access their personal data under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to file complaints under Article 21 GDPR, and the right to data portability under Article 20 GDPR. The right to access and the right to erase personal data are subject to the restrictions under §§ 34 and 35 BDSG. In addition, Article 77 GDPR in conjunction with § 19 BDSG accords the right to file a complaint before a competent data protection supervisory authority. The consent you grant us to process your data you may revoke at any time with future effect. This also applies to the revocation of declarations of consent granted to us before the GDPR came into force on 25 May 2018.
- 8. Obligation to provide and potential consequences of failing to provide data
Over the course of our business relationship, you must provide those personal data that are needed to initiate and maintain a business relationship and to fulfil the contractual obligations associated with this business relationship, or that we are obliged by law to collect. Without these data, we shall not as a rule be able to conclude or implement the contract with you.
- 9. Existence of automated decision making including profiling
In general, we do not employ any fully automated decision making as defined under Article 22 GDPR to justify and perform the business relationship. If we do make use of this procedure in individual cases, we shall inform you thereof in a separate communication when this is stipulated by law.
Information on your right to file complaints under Article 21 GDPR
1. RIGHT TO FILE CLAIMS BASED ON INDIVIDUAL CASES
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on point (e) — data processing in the public interest — or (f) — data processing necessary for the protection of interests — of Article 6(1), including profiling based on those provisions as defined under Article 4(4) GDPR.
If you object to this processing, we shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims.
2. RIGHT TO OBJECT TO DATA BEING PROCESSED
FOR DIRECT MARKETING PURPOSES
In individual cases we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to this processing for direct marketing purposes, we shall no longer process your personal data for such purposes. This objection may be submitted informally and, whenever possible, should be addressed to:
JUTEC Biegesysteme GmbH & Co. KG
Contact and supplementary notices
If you have any comments or questions about data protection at JUTEC Biegesysteme GmbH & Co. KG, you can contact the Data Protection Officer at any time at the address below or by email to: email@example.com.
JUTEC Biegesysteme GmbH & Co. KG
Phone: +49 64 31 93 49 - 0
The provider points out that the data protection laws are subject to amendment. You should therefore read this declaration again after a certain period has expired.
Last revised: September 2019