Der Browser, den Sie benutzen ist veraltet. Um diese Seite optimal betrachten zu können, sollten Sie diesen aktualisieren. Andernfalls kann es zu Darstellungsproblemen kommen.
Informationen

 

General Terms and Conditions of Sale and Payment

Download PDF

Information concerning data protection and the services of third-party providers

Thank you for your interest in our company. Data protection is a matter of particular importance to the Management Board of Kranbau Köthen GmbH. The following sections provide more detailed information on our privacy policy.

1. Introduction

Kranbau Köthen takes the protection of your personal data very seriously. We would therefore like to inform you (the “customer”, “user” or “data subject”) about the data protection measures in our company.

The GDPR requires us to provide transparent information about the purposes and means of processing. The aim of this privacy policy is to inform you about how we process your data.

2. General
Contents

2.1 Definitions

This Privacy Policy uses the following definitions in line with Art. 4 GDPR:

  • "Personal data" (Art. 4, no. 1 GDPR) means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Identifiability can also be established by combining this type of information or other additional knowledge. The source, nature or embodiment of the information is irrelevant (photos, video or sound recordings can also contain personal data).

  • "Processing" (Art. 4, no. 2 GDPR) means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated (e.g. technology-based) means, such as collection (i.e. procurement), recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data as well as amending an intended objective or purpose on which any data processing was originally based.

  • "Controller" (Art. 4, no. 7 GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

  • "Processor" (Art. 4, no. 8 GDPR) means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, particularly according to its instructions (e.g. IT service provider). In particular, a processor is not a third party for the purposes of data protection law.

  • "Third party" (Art. 4, no. 10 GDPR) means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data; also including legal entities that belong to the Group.

  • "Consent" (Art. 4, no. 11 GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject“s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2.2 Who is the controller?

Controller for the website:

Kranbau Köthen GmbH
Am Holländer Weg 5-7
06366 Köthen
Germany
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Telephone: +49 3496 700-0

2.3 Data protection officer

You can contact our data protection officer at the following postal address:

GMH Systems GmbH
Neue Hüttenstraße 2
49124 Georgsmarienhütte
Germany
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Telephone: +49 5401 339 19-103

2.4 Legal bases

The processing of personal data requires a legal basis or another defined permission. If no legal basis or similar justification exists, processing is prohibited. The legal bases stipulated by law include:

  • Consent (Art. 6(1) s. 1, lit. a GDPR) If you have provided a freely given, informed and unambiguous indication, by a statement or by a clear affirmative action, to signify agreement to the processing of your personal data for a specific purpose.

  • Performance/initiation of a contract (Art. 6(1) s. 1, lit. b GDPR) If the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

  • Legal obligation (Art. 6(1) s. 1, lit. c GDPR) If the processing is necessary for compliance with a legal obligation to which we are subject (e.g. a statutory storage obligation).

  • Protection of vital interests (Art. 6(1) s. 1, lit. d GDPR) If the processing is necessary in order to protect your vital interests or those of another natural person.

  • Public interest (Art. 6(1) s. 1, lit. e GDPR) If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

  • Legitimate interests (Art. 6(1) s. 1, lit. f GDPR) If the processing is necessary for the purposes of the legitimate interests (especially legal or commercial interests) pursued by the controller or by a third party, except where such interests are overridden by your interests or rights (in particular where the data subject is a child).

2.5 Erasure and storage period

If we do not provide any details on the storage duration as part of our data processing, your data will be blocked or erased as soon as the purpose of the processing no longer applies. But the data may be stored for longer periods under certain circumstances, such as if statutory retention periods (e.g. under tax law) prevent erasure.

2.6 Data security

We employ appropriate technical and organisational measures to ensure the security of your personal data. These measures help to protect your data against unintentional or intentional manipulation, loss, destruction or unauthorised access by third parties. Technical and organisational measures are implemented in consideration of the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the various probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons.

2.7 Contract data processing

In some cases we utilise service providers to transact our business, but all such service providers only act under our instructions and are contractually obliged to comply with the data protection provisions.

2.8 Profiling

We do not intend to use your personal data for an automated decision-making process (including profiling).

2.9 What rights can you assert?

You have the following rights regarding the personal data concerning you towards us:

  • Right of access,
  • Right to rectification,
  • Right to erasure,
  • Right to restriction of processing,
  • Right to object to the processing,
  • Right to data portability,
  • Right to withdraw consent,
  • Right to lodge a complaint with a supervisory authority

2.10 Rights in detail

Right of access as per Art. 15 GDPR

You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed. Where that is the case, you have a right to access these personal data and the following information:

  • What is the purpose of the data processing?
  • What kind of data are being processed?
  • Who has access to the data?
  • Are the data stored or transferred to third countries?
  • To the extent such information can be provided, how long will the data be stored?
  • Information on the other rights of data subjects, such as the right to rectification or erasure.

Right to rectification as per Art. 16 GDPR

We as the controller are obliged to ensure the factual correctness of the processed personal data. If this is not the case, you have the right to demand the immediate rectification of incorrect personal data concerning you.

Right to erasure as per Art. 17 GDPR

You have the right to erase your personal data stored by us provided that

  • the purpose of the processing no longer applies,
  • you withdraw your consent,
  • you object to the processing,
  • the data have been unlawfully processed,
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law
  • your data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

Right to restriction of processing as per Art. 18 GDPR

You may demand the restriction of processing for the following reasons:

  • you are contesting the accuracy of the data,
  • the processing is unlawful but you oppose the erasure of the data,
  • we no longer need your data, but you need the data for the establishment, exercise or defence of legal claims or
  • you have objected to the processing in line with Art. 21 GDPR.

Right to data portability as per Art. 20 GDPR

You have the right to receive the data collected by us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

Right to lodge a complaint as per Art. 77 GDPR

You have the right to lodge data protection complaints to a supervisory authority.

Right to withdraw consent, Art. 7(3) GDPR

If you have granted your consent to process your data, you can withdraw this at any time. Such a withdrawal of consent affects the lawfulness of processing your personal data in the future. The lawfulness of data processing that has taken place up to that point in time remains unaffected by the withdrawal of consent. A simple email to the following address suffices: This email address is being protected from spambots. You need JavaScript enabled to view it.

Right to object as part Art. 21 GDPR

The right to object protects against processing that is not based on your consent. To assert this right, you are required to take action and clearly inform us of the claim. A simple email to the following address suffices: This email address is being protected from spambots. You need JavaScript enabled to view it.

You can object if the processing of your personal data is based on the balancing of interests as defined in Art. 6(1) s. 1, lit. f) GDPR and reasons pertaining to your particular situation exist. In the event of a justified objection, we review the situation and either suspend or adapt the data processing, or communicate our compelling legitimate grounds based on which we will continue the processing.

3. Website
Contents

3.1 Processed data and legal basis

If the website is only used for information purposes, we exclusively collect personal data transmitted by your browser. When you visit our website, we collect the following data that is technically necessary for us to present our website to you as well as ensure stability and security

  • IP address
  • Date and time of the enquiry
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific web page)
  • Access status/HTTP status code
  • Transferred volume of data
  • Website from which the request was sent
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

We process the aforementioned data based on Art. 6(1) lit. f GDPR. The data processing is necessary to ensure the presentation of the website and its security.

3.2 Contact

Our website provides the option of contacting us by email, form or telephone. To respond to your concerns, we need to process personal data.

When sending a pure email enquiry, we process the following, irrespective of the aforementioned data:

  • Email

We also offer a call-back service. The data processed in this respect are:

  • Surname
  • Gender (Mr/Mrs)
  • Phone number

A supplied contact form can also be used. In this case, the data processing includes:

  • First name
  • Name
  • Address
  • Phone
  • Fax
  • Email

Finally, via service form. In this case, the following data are processed:

  • Name
  • Email
  • Phone
  • Fax

The applicable legal basis in this respect is Art. 6(1) lit. f GDPR to be able to respond to your concerns.

3.3 Cookies

When accessing our website, we use cookies that are stored on your computer. Cookies are small text files that are stored on your hard drive, assigned to the browser you use by a characteristic character string, and through which various information flows to the instance that set the cookie (in this case, by accessing our website). Cookies cannot run any programs and cannot transfer viruses to your computer, so cannot cause any damage. They are intended to make the overall internet offer more user-friendly and effective, that is to say, more convenient for you.

You can prevent cookies from being set in general via the settings in your browser or, alternatively, you can remove unwanted cookies from your browser history after your session.

You can use your browser setting to specify that you only accept cookies in certain cases or in general. You can configure your browser settings as you wish and, for example, refuse to accept third-party cookies or all cookies. Please note that disabling the acceptance of cookies may mean that you cannot use all functions of this website.

Cookies contain data that make it possible to recognise the device used. But, in some cases, cookies merely contain information on certain settings without any personal reference.

A distinction is made between session cookies which are erased as soon as you close your browser, and persistent cookies, which are stored beyond the single session.

a) Session cookies are only stored during the period of your actual visit to our website and are used to enable the unrestricted use of our services by you as well as the most convenient use of our website for your current visit. If session cookies are disabled, there is no guarantee that you can use all our services without restriction.

b) Persistent cookies are automatically deleted after a defined period that can differ depending on the cookie. You can erase cookies at any time in your browser’s security settings.

When you visit our website, we ask you to indicate which data we can process. In this case, we distinguish between essential (necessary) and other cookies.

  • Essential (technically necessary) cookies: these are mandatory to navigate through the website, to use basic functions and ensure the security of the website

  • Functional/comfort cookies: these technologies enable us to analyse the use of the website to measure and improve performance.

  • Marketing cookies: these technologies are used by advertisers to display advertisements of relevance based on your interests.

  • Analysis/statistical cookies: these technologies are used to analyse the user behaviour on the site and to improve products accordingly.

Any use of cookies that is not technically required is considered data processing that is only permitted with your express consent as defined in Art. 6(1) lit. a) GDPR.

3.4 Google Tag Manager

Google Tag Manager is a tag management system (TMS) that can be used to manage tags, i.e. tracking codes and associated code fragments, on our website. Google Tag Manager allows Google services to be integrated into a website.

When using Google Tag Manager, a connection is established to Google servers. Google uses this to store the IP address of the terminal browser used by the website visitor. It cannot be ruled out that this may result in data being transmitted to Google in the USA and that US security agencies may gain access to the data in certain circumstances. But cookies are not set in connection with the use of Google Tag Manager.

More detailed information on Google Tag Manager and data processing by Google is provided here:

https://support.google.com/tagmanager/answer/6102821?hl=de

https://www.google.com/policies/privacy/

Our legal basis for using Google Tag Manager is our legitimate interest as defined under Art. 6(1) lit. f) GDPR. Our legitimate interest is the management of tracking cookies in our online offer, which allows us to analyse the use of our online offer as well as improve and personalise our services.

Place of processing: United States of America

Storage period: The data are erased as soon as they are no longer required for the purposes of the processing.

Data recipient:

  • Alphabet Inc.
  • Google LLC
  • Google Ireland Limited

3.5 Google Analytics

This website uses Google Analytics, a web-based analysis service provided by Google LLC. Google Analytics uses “cookies”, text files, which are stored on your computer. We use Google Analytics to analyse and regularly improve the use of our website. We use the acquired statistics to improve our offer and make it more interesting for you as a user.

The following data are processed as a result of the use of this service:

  • IP address
  • Date and time of the visit
  • Usage data
  • Click path
  • App updates
  • Browser information
  • Device information
  • JavaScript support
  • Sites visited
  • Referrer URL
  • Downloads
  • Flash version
  • Location information
  • Purchase activity
  • Widget interactions

The lawful processing is based on Art. 6(1) lit. a) GDPR – consent. You have the option of managing your consents via the Cookie banner. You are free to consent or retrospectively withdraw your consent to the processing.

The processor is “Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland”. The place of processing is the European Union.

The data recipients are:

  • Alphabet Inc.
  • Google LLC
  • Google Ireland Limited

The processed data are subject to a certain storage period. The storage period is the time for which the collected data are stored for processing. The data must be erased as soon as they are no longer required for the indicated purposes of the processing. The storage period depends on the type of data stored.

Some services transfer the collected data to a third country. This may take place for various reasons, e.g. for storage or processing.

Click here to read the processor‘s privacy policy
https://policies.google.com/privacy?hl=en

Click here to withdraw your consent on all of the processor’s domains
https://tools.google.com/dlpage/gaoptout?hl=de

Click here to read the processor‘s cookie policy
https://policies.google.com/technologies/cookies?hl=en

3.6 Google AdWords Conversion Tracking

We use Google AdWords on our website. This involves the Conversion Tracking service for marketing and analysis purposes.

The following data are processed as a result of the use of this service:

  • Browser-Sprache
  • Angeklickte Anzeigen
  • Cookie-Informationen
  • IP-Adresse
  • Nutzungsdaten
  • Browser-Typ
  • Cookie ID
  • Datum und Uhrzeit des Besuchs
  • Referrer URL
  • Web-Anfrage
  • Browser language
  • Clicked advertisements
  • Cookie information
  • IP address
  • Usage data
  • Browser type
  • Cookie ID
  • Date and time of the visit
  • Referrer URL
  • Web enquiry

The lawful processing is based on Art. 6(1) lit. a) GDPR – consent. You have the option of managing your consents via the Cookie banner. You are free to consent or retrospectively withdraw your consent to the processing.

The processor is “Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland”. The place of processing is the European Union.

The data recipients are:

  • Alphabet Inc.,
  • Google LLC,
  • Google Ireland Limited.

The processed data are subject to a certain storage period. The storage period is the time for which the collected data are stored for processing. The data must be erased as soon as they are no longer required for the indicated purposes of the processing. The storage period depends on the type of data stored.

Some services transfer the collected data to a third country. This may take place for various reasons, e.g. for storage or processing.

Click here to read the processor’s privacy policy
https://policies.google.com/privacy?hl=en

Click here to withdraw your consent on all of the processor’s domains
https://tools.google.com/dlpage/gaoptout?hl=de

Click here to read the processor’s cookie policy
https://policies.google.com/technologies/cookies?hl=en

3.7 Social media

Our website provides the option of clicking to access the following social media: Xing, LinkedIn and Instagram. We use the „two-click solution” in this respect. This means that no personal data are transferred to the providers when you first visit our website.

The legal basis for the use is Art. 6(1) lit. f GDPR.

Only if you click on the highlighted social network field, which activates the social network, are your personal data transmitted to the respective provider where they are stored (in some cases in the USA in the case of American providers). This takes place even if you do not have a profile in the respective social network. The data processing operations and their scope differ for each social network. You can find further information on the purpose and scope of data collection and the processing by the social network provider in the respective provider’s privacy policies. This also contains additional information on your associated rights and settings options to protect your privacy.

Addresses of the respective plug-in provider and URL with their privacy information:

a) Xing AG, Dammtorstraße 30 , 20354 Hamburg, DE;
https://privacy.xing.com/de/datenschutzerklaerung

b) LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
https://www.linkedin.com/legal/privacy-policy

c) Instagram (Meta Platforms Ireland Limited), 4 Grand Canal Square, Dublin 2, Irland
Instagram-Datenschutzrichtlinie | Instagram-Hilfebereich
Cookie-Richtlinie | Instagram-Hilfebereich

3.8 Use of YouTube

Our online offer contains integrated YouTube videos that are made available using a plugin of the YouTube service („YouTube”) operated by Google. The service is operated by Google.

We use the YouTube service in advanced privacy mode to provide the best possible privacy protection. When you access a web page of our online offer with an integrated YouTube video, Google initially only receives the information necessary for integration; no usage analysis cookies are set. Google only receives additional information when you play the integrated video; in this case, Google may also set cookies to analyse your user behaviour. For example, when playing the video, Google’s YouTube servers receive information on the specific web page of our online offer from which you are playing the video.

If you are logged in to your Google account, you allow Google and YouTube to allocate your surfing behaviour directly to your personal Google profile. We therefore recommend that you only play integrated YouTube videos if you consent to the associated data processing by Google. You can prevent the data from being allocated to your Google profile by logging out of your YouTube account. Further information on handling user data is provided in the Google privacy policy at https://www.google.de/intl/de/policies/privacy/, which also applies for YouTube.

We use YouTube to show you videos to better inform you about ourselves and our services. The legal basis for integrating the videos is our legitimate interest as defined in Art. 6(1) lit. f) GDPR. But the playing of the videos and the associated additional data processing exclusively take place based on your consent as defined in Art. 6(1) lit. a) GDPR.

3.9 Google Maps

We use the „Google Maps“ service on this website. This technology enables us to analyse the use of the website to measure and improve performance.

The following data are processed as a result of the use of this service:

  • IP address
  • Usage data
  • URLs
  • Location information
  • Date and time of the visit

The lawful processing is based on Art. 6(1) lit. a) GDPR – consent. You have the option of managing your consents via the Cookie banner. You are free to consent or retrospectively withdraw your consent to the processing.

The processor is „Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland”. The place of processing is the European Union.

The data recipients are:

  • Alphabet Inc.,
  • Google LLC,
  • Google Ireland Limited.

The processed data are subject to a certain storage period. The storage period is the time for which the collected data are stored for processing. The data must be erased as soon as they are no longer required for the indicated purposes of the processing. This service may transfer the collected data to another country. This may particularly include third countries, i.e. countries outside the European Union and the European Economic Area.

Click here to read the processor’s privacy policy
http://www.google.com/intl/de/policies/privacy/

Click here to withdraw your consent on all of the processor’s domains
https://safety.google/privacy/privacy-controls/

Click here to read the processor’s privacy policy
https://policies.google.com/technologies/cookies?hl=en

3.10 Slideshare

We use the Slideshare presentation service (a Scribd company) on our website for the purposes of presenting the company. The following data are processed when using Slideshare:

  • IP address
  • Date and time of the enquiry
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific web page)
  • Access status/HTTP status code
  • Transferred volume of data
  • Website from which the request was sent
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

The lawful processing is based on Art. 6(1) lit. a) GDPR – consent. You have the option of managing your consents via the Cookie banner. You are free to consent or retrospectively withdraw your consent to the processing.

The processor is „Scribd HQ, 460 Bryant Street, #100, San Francisco, CA 94107-2594, USA”. All personal data sent via or by Scribd may be stored worldwide.

Further information on data protection at Slideshare and Scribd

Slideshare privacy policy: Privacy policy (slideshare.net)

Scribd privacy policy: Privacy policy – Help centre (scribd.com)

4. Applicants
Contents

4.1 Explanation

Personal data are processed upon receipt of your application via the application form provided on our website.

4.2 Which data categories do we use as an employer and where are these sourced?

The processed categories of personal data particularly include your master data (such as first name, last name, name affixes), contact details (such as private address, mobile number, home telephone number, email address) and all data resulting from your application documents.

Your personal data are usually collected directly from you as part of the application process. But we may also receive data from third parties (e.g. employment agencies).

Moreover, we process personal data that we have reliably acquired from public sources (e.g. professional networks).

4.3 What are the purposes and legal basis of the data processing?

We process your personal data in compliance with the provisions of the GDPR, the Federal Data Protection Act (BDSG) as well as all other applicable laws (e.g. Working Hours Act, etc.).

We store the personal data that you provide as part of the application procedure. This applies for applications for specific vacancies as well as for speculative applications.

The data is exclusively processed in order to reach a decision on the establishment of an employment relationship. The primary legal basis is Section 26(1) BDSG.

In addition, where necessary, your separate consent in line with Section 26(2) BDSG can be used as the permission regulation under data protection law.

If you have provided your consent to process your personal data beyond the application procedure for an extended period, this is considered consent as defined in Section 26(2) BDSG.

If your application documents contain photos, we consider this implied consent to process and transfer photos as part of the application procedure. The applicable legal basis is Section 26(2) BDSG - consent. You have the right to withdraw your consent at any time.

4.4 Who receives your data?

Within our company, only persons and positions specifically responsible for the application procedure receive your personal data. These are the employees in the HR department as well as the departments in which a position is to be staffed and the any supervisors. The works council may also receive the application documents in line with Section 99 of the Works Constitution Act (BetrVG) (co-determination in individual staff-related measures).

4.5 Are your data transferred to a third country?

We do not transfer any personal data to third parties outside the European Economic Area (EEA).

4.6 To what extent does automated individual decision-making take place?

We do not use any purely automated processing operations to reach a decision, including profiling in order to establish an employment relationship.

4.7 How long are your data stored?

If you are not recruited and no statutory storage period exists, the data are erased as soon as the storage is no longer necessary or the legitimate interest in the storage expires. This is regularly no later than six (6) months after the completion of the application procedure.

Longer storage of certain data may be necessary in certain cases (e.g. travel expense accounting). In this case, the storage duration is based on the statutory storage obligations, such as the Tax Code (6 years) or the German Commercial Code (10 years).

If you have granted us your consent to store your personal data for a defined period beyond the application procedure, this storage period applies.

4.8 What are your rights?

Your rights are defined in the general section.

5. Business partners
Contents

5.1 Explanation

A business relationship or the initiation of a commercial transaction is not possible without processing the contact person“s personal data. We use your data in the business to business (B2B) area.

5.2 Controller

Kranbau Köthen GmbH
Am Holländer Weg 5-7
06366 Köthen
Germany
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Telephone: +49 3496 700-0

5.3 Data protection officer

You can contact our data protection officer at the following postal address:

GMH Systems GmbH
Neue Hüttenstraße 2
49124 Georgsmarienhütte
Germany
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Telephone: +49 5401 339 19-103

5.4 Purpose, data categories, legal basis

We store the personal data supplied by you within the scope of our business relationship and/or the initiation of a commercial transaction (interested party), in particular to fulfil existing contracts and/or to execute precontractual measures.

These are the company data provided for the purpose of an enquiry, offer preparation and order (clarification of questions/enquiries, schedule coordination, invoicing, customer advice/support and other legal obligations incumbent on the controller), including the contact details of the respective contact person. We essentially collect these data when establishing contact over the phone, from received/supplied business cards (interested party or potential customer/service provider/supplier) and/or emails received.

The applicable legal basis for lawful processing is Art. 6(1) lit. b) GDPR – the data processing is necessary to perform a contract or to implement precontractual measures.

To safeguard our legitimate interests in line with Art. 6(1) lit. f) GDPR, the contact details are also used for statistical purposes and to optimise our sales and shipping processes. In some cases, these personal data are stored in a customer database (Customer Relationship Management (CRM)) to provide an overview of customer support, to improve our products and to maintain our contractual relationship.

Due to various legal requirements, GMH Group companies are subject to further obligations arising from, for example, the German Commercial Code or tax law. These particularly include the tax monitoring and reporting obligations, the execution of compliance screening (matching against the “EU terrorist lists” (European anti-terror regulations 2580/2001 and 881/2002) and the prevention of fraud and money-laundering) – the legal basis for the data collection to satisfy legal obligations is Art. 6(1) lit. c) GDPR.

The contact details of contact partners are also used to provide information about products, events and trade fairs, and to conduct a customer satisfaction survey (voluntary). The use of data for these purposes is based on our legitimate interests in direct marketing measures in line with Art. 6(1) lit. f) GDPR or, if consent has been provided via a declaration of consent, based on Art. 6(1) lit. a) GDPR. You have the right to withdraw any consent that you have provided at any time, with effect for the future, without providing reasons.

5.5 Data transfer

Personal data may also be processed by a GMH Group affiliate. Within the relevant responsible body of the GMH Group, only the positions that have been entrusted with fulfilling the existing contracts, executing precontractual commercial transactions and/or safeguarding our legitimate interests receive access to your data. This particularly includes employees entrusted with the preparation and execution of the request for proposal, order processing (sales, shipping, finances and invoicing), purchasing and customer support.

Further access to the data by service providers commissioned by us and acting on our behalf (processors, Art. 28 GDPR) for the purposes of servicing and maintaining our systems, fault analysis and troubleshooting and to ensure IT security is possible. This access is regulated by processing contracts in line with the GDPR.

5.6 Third countries

Given our business relationships and subsidiaries outside the European Economic Area, your personal data may be transferred to third countries. This type of processing occurs exclusively to fulfil the contractual and business obligations and to foster your business relationship with us.

5.7 Storage

If no statutory storage period exists and/or storage is no longer necessary, the data are erased. This is the case if

a) you do not place an order and have no interest in/do not provide your consent to receiving further offers, information, contacts and/or

b) after completion and finalisation of the contract, no statutory storage obligation prohibits this erasure.

The obligation to store personal data may extend to between three (3) and thirty (30) years.

5.8 Rights of natural persons

Your rights are defined in the general section