We, FKM Walzentechnik Dr. Freudenberg GmbH, are happy about your visit to our website and your interest in our offers. Below, we will inform you about collection of personal data when you use our website. Personal data are any data that permit a conclusion to you personally, e.g., your name, address, email addresses, user behavior.
Within the framework of our responsibilities under data protection law, the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) has imposed some additional obligations on us in order to ensure the protection of personal data of the data subject (we will refer to you as the data subject as the “client”, “user”, “you”, or the “data subject” hereinafter).
As far as we determine the purposes and means of processing activities, either alone or jointly with others, this comprises, first and foremost, the obligation to inform you transparently about the nature, scale, purpose, duration, and legal basis of the processing (cf. Art. 13 and 14 GDPR). In this statement (hereinafter: “Privacy Notice”), we inform you about the manner in which your personal data are processed by us.
Our Privacy Notice has a modular structure. It contains a general part for all processing of personal data and processing situations that apply every time a website is called up (A. General Matters) and a specific part, the content of which refers only to the processing situation respectively indicated from case to case, with designation of the respective offer or product, in particular the visit to websites as detailed here (B. Visit to Websites).
A. General Matters
(1) Definitions
Following the example of Art. 4 GDPR, this Privacy Notice is based on the following definitions:
- “Personal data” (Art. 4(1) GDPR) means any information that refers to an identified or identifiable natural person (“data subject”). A person is identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information relating to their physical, physiological, genetic, mental, commercial, cultural, or social identity characteristics. Identifiability may also be given due to combination of such information or other additional knowledge. The origin, form, or embodiment of the information is irrelevant (photographs, video or audio recordings may also contain personal data).
- “Processing” (Art. 4(2) GDPR) means any operation that involves the handling of personal data, whether or not by means of automated (i.e., technology-based) procedures. This shall comprise in particular the collection (i.e., acquisition), recording, organization, structuring, storage, adaptation or transformation, retrieval, consultation, use, disclosure by transfer, dissemination or otherwise making available, alignment, combination, restriction, erasure, or destruction of personal data, as well as the amendment of an objective or intended purpose on which a processing activity was initially based.
- “Controller” (Art. 4(7) GDPR) means the natural or legal person, public authority, institution, or other body who/that decides about the purpose and means of processing of personal data alone or jointly with others.
- “Third party” (Art. 4(10) GDPR) means any natural or legal person, public authority, agency, or other body, except for the data subject, controller, processor, and persons who, under the immediate responsibility of the controller or processor, are authorized to process personal data. This shall also include any other legal entities that are members of the group.
- The “Processor” (Art. 4(8) GDPR) means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller, in particular in accordance with its instructions (e.g., IT service provider). In particular, a processor is not a third party within the meaning of data protection law.
- “Consent” (Art. 4(11) GDPR) of the data subject designates any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by any other clear affirmative act, signify acceptance of the processing of personal data concerning them.
(2) Name and address of the controller for processing
We are the controller for processing of your personal data within the meaning of Art. 4(7) GDPR:
FKM Walzentechnik Dr. Freudenberg GmbH
Industriegelände Neumühl, Stempelstraße 2–4, D-47167 Duisburg
Phone: +49 203 348 339-0
Fax: +49 203 348 339-20
Please refer to the imprint details on our website [
Imprint] for further information on our undertaking.
(3) Legal bases of processing activities
Any processing of personal data is generally prohibited by law and only allowed if the processing activity is subject to one of the following justifications:
- Point (a) of the first sentence of Art. 6(1) GDPR (“consent”): When the data subject has freely given their consent, in an informed and unambiguous manner, by means of a statement or any other clear affirmative act, to the processing of personal data concerning them for one or several specific purposes;
- Point (b) of the first sentence of Article 6(1) GDPR: If processing is necessary for compliance with a contract to which the data subject is a party or for carrying out of pre-contractual measures taken at the data subject’s request;
- Point (c) of the first sentence of Article 6(1) GDPR: If processing is necessary for compliance with a legal obligation that the controller is subject to (e.g., a statutory obligation to keep records);
- Point (d) of the first sentence of Article 6(1) GDPR: If processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- Point (e) of the first sentence of Article 6(1) GDPR: If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
- Point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”): If processing is necessary for the purposes of legitimate (in particular legal or commercial) interests of the controller or of a third party, except where such interests are overridden by the conflicting interests or rights of the data subject (in particular if the data subject is a minor).
We indicate the applicable legal basis below from case to case for the processing operations performed by us. Processing may also be based on several legal bases.
(4) Data erasure and storage period
We indicate the time for which the data will be stored by us and when they will be erased or blocked below for the processing operations performed by us from case to case. If no explicit storage period is indicated below, your personal data will be erased or blocked as soon as the purpose or legal basis for the storage no longer applies. In principle, your data will only be stored on our servers in Germany, subject to any forwarding that may take place in accordance with the provisions in A.(7) and A.(8).
However, storage may continue beyond the indicated time in the event of a (threatened) legal dispute with you or any other legal proceedings or if storage is provided for by statutory rules that we are subject to as the controller (e.g., § 257 of the German Commercial Code (Handelsgesetzbuch; HGB), § 147 of the Tax Code (Abgabenordnung; AO)). If the storage period prescribed by statutory rules expires, the personal data will be blocked or erased unless further storage by us is necessary and there is a legal basis for it.
(5) Data security
We use appropriate technical and organizational safety measures in order to protect your personal data from accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties (e.g., TSL encryption for our website), taking into account the state of the art, costs of implementation, and the nature, scale, context, and purpose of processing, as well as any existing risks of a data breach (including the probability and impact) for the data subject. Our security measures will be improved continually according to the technological developments.
We are happy to provide you with further information upon request. Please contact our data protection officer (see A.(3)).
(6) Cooperation with data processors
As with any large undertaking, we use external domestic and foreign service providers to handle our business transactions (e.g., for the areas of IT, logistics, telecommunications, sales, and marketing). They will only act upon our instructions and have been appointed in accordance with the law. Art. 28 GDPR contractually obligated to comply with the provisions under data protection law.
If any personal data from you are forwarded by us to our subsidiaries or are forwarded to us by our subsidiaries (e.g., for advertising purposes), this happens based on existing contract processing relationships.
(7) Conditions for transfer of personal data to third countries
Your personal data may be forwarded or disclosed to third party companies within the framework of our business relationships. These may also be located outside the European Economic Area (EEA), i.e., in third countries. Such processing shall be performed for compliance with contractual and business obligations and for maintenance of your business relationship with us exclusively. We will inform you about the respective details of the transfer in the relevant sections below.
Some third countries are certified by the European Commission as having data protection levels comparable to the EEA standard by way of adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, the level of the protection of personal data may not be consistently high due to the absence of statutory provisions in other third countries to which personal data may be transmitted. Where this is the case, we observe that data protection is sufficiently ensured. This is made possible by way of binding corporate rules, standard contractual clauses of the European Commission on the protection of personal data, certificates or recognized codes of conduct. Please contact our data protection officer (see A.(3)) if you wish to receive more detailed information on this.
(8) No automated decision making (including profiling)
We do not intend to use any personal data collected from you for any automated decision-making procedure (including profiling).
(9) No obligation to provide personal data
We do not make the conclusion of any contracts with us dependent on you providing us with personal data beforehand. As a client, you are, in principle, under no statutory or contractual obligation to make your personal data available to us; however, we may only be able to provide specific offers to a limited extent, or may be unable to provide them at all, if you do not provide the necessary data. If this is the case in an exception within the framework of the products presented below and provided by us, you will be informed of this separately.
(10) Statutory obligation to transfer specific data
Under certain circumstances, we may be subject to a specific statutory or legal obligation to provide lawfully processed personal data to third parties, in particular public bodies (point (c) of the first sentence of Art. 6(1) GDPR).
(11) Your rights
You may assert your rights as a data subject concerning your processed personal data at any time by contacting us via the contact details indicated initially under A.(2). As a data subject, you have the following rights:
- in accordance with Art. 15 GDPR, you may demand information regarding your data processed by us. In particular, you may demand communication regarding the purposes of the processing, category of data, categories of recipients to whom your data have been or will be disclosed, the planned storage duration, the existence of a right to rectification, erasure, restriction of processing or objection, existence of a right to lodge a complaint, origin of your data unless they were collected by us, and the existence of automated decision-making, including profiling and any meaningful information on its details;
- in accordance with Art. 16 GDPR, you may demand rectification of any inaccurate data stored by us or completion of these without undue delay;
- in accordance with Art. 17 GDPR, you may demand erasure of your data stored by us as far as processing is not necessary in order to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or for assertion, exercise, or defense of legal claims;
- in accordance with Art. 18 GDPR, you may demand restriction of the processing of your data, as far as you contest accuracy of the data, or if processing is unlawful;
- in accordance with Art. 20 GDPR, you may demand to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or demand transfer to another controller (“data portability”);
- in accordance with Art. 21 GDPR, you may object to processing, provided that processing is performed on the basis of points (e) or (f) of the first sentence of Art. 6(1) GDPR. This is in particular the case if processing is not necessary for compliance with a contract with you. Except in the case of an objection to direct marketing, please explain why you do not want us to process your data as we do when you exercise such an objection. In case of your justified objection, we will review the situation and shall either cease processing activities or adjust them, or explain our compelling legitimate grounds to you based on which we continue to process the data;
- in accordance with Art. 7(3) GDPR, you may withdraw your previously given consent (also if given before the GDPR entered into effect, i.e. before 05/25/2018) – i.e. your free will, stated in an informed manner and unambiguously by means of a declaration or other clear affirmative act, that you agree to the processing of the personal data concerned for one or several specific purposes – at any time towards us if you have given such consent. This has the consequence that we may no longer continue the processing activities that were based on this consent in future; and
- in accordance with Art. 77 GDPR, you may lodge a complaint with a data protection supervisory authority concerning the processing of your personal data in our undertaking, e.g., to the data protection supervisory authority competent for us: LDI NRW, Kavalleriestraße 2-4, D-40213 Düsseldorf, email: poststelle@ldi.nrw.de.
(13) Changes to the privacy notice
Within the framework of the further development of data protection law as well as technological or organizational changes, our privacy notice is subject to regular review in order to determine whether it needs to be adapted or supplemented. You will be informed about any changes in particular on our German website at www.fkm-walzen.de. This privacy notice is current as of 06/07/2021.
B. Visiting our websites
(1) Explanation of the function
You may obtain information about our undertaking and the services we provide in particular at www.fkm-walzen.de, together with its associated subpages (hereinafter jointly referred to as the “Websites”). Personal data may be processed when you visit our Websites.
(2) Personal data processed
The following categories of personal data are collected, stored, and further processed by us at informative use of the Websites:
“Log data”: A log data record (server log files) will be stored on our web server temporarily and after being rendered anonymous when you visit our Websites. It consists of:
-
the page from which the page was requested (the referrer URL)
-
the name and URL of the requested page
-
the date and time of the call
-
the description of the type, language, and version of the web browser used
-
the internet protocol address of the requesting computer, abbreviated so that a personal reference is no longer possible
-
the amount of data transmitted
-
the operating system
-
the indication whether the call was successful (access status/http status code)
-
the GMT time zone difference
“Contact form data”: The data transmitted through any contact forms that are used will be processed (e.g., gender, last and first name, address, company, email address, and time of transfer).
In addition to the strictly informative use of our website, we offer subscription to our newsletter, in which we inform you about current developments in economic law and events. If you register for our newsletter, we will collect, store, and further process the following “newsletter data”:
-
the page from which the page was requested (the referrer URL)
-
the date and time of the call
-
the description of the type of the web browser used
-
the internet protocol address of the requesting computer, abbreviated so that a personal reference is no longer possible
-
the email address
-
the date and time of registration and confirmation
Please note that we will evaluate your user behavior when we send you the newsletter. For this evaluation, the emails sent contain web beacons or tracking pixels that are one-pixel picture files stored on our website. For the evaluations, we combine the data named above and the web beacons to your email address and an individual ID. Links contained in the newsletter contain this ID as well. The data are collected exclusively pseudonymized, i.e., the IDs are also not coupled to your further personal data; direct reference to a person is excluded..
(3) Purpose and legal basis of processing activities
We process the personal data described in more detail above in accordance with the provisions of the GDPR, any other relevant data protection rules, and only at the scale that is necessary. As far as the processing of personal data is based on point (f) of the first sentence of Art. 6(1) GDPR, the above purposes also constitute our legitimate interests.
Processing of the log data serves statistical purposes and improvement of the quality of our website, in particular the stability and security of the connection (the legal basis is point (f) of the first sentence of Art. 6(1) GDPR).
Processing of contact form data takes place for processing of customer inquiries (the legal basis is point (b) or (f) of the first sentence of Art. 6(1) GDPR).
The newsletter data are processed for the purpose of sending the newsletter. You consent to the processing of your personal data within the framework of registration for our newsletter (the legal basis is point (a) of the first sentence of Art. 6(1) GDPR). We use the double opt-in procedure for subscribing to our newsletter. This means that we send an email to your indicated email address after your subscription, in which we ask you to confirm that you desire to receive the newsletter. The purpose of this procedure is to demonstrate your registration and to investigate any possible misuse of your personal data. You may withdraw your consent to transmission of the newsletter at any time and unsubscribe from the newsletter. You can withdraw your consent by clicking the link provided in each newsletter email, by email to info@fkm-walzen.de or by sending a message to the contact details indicated in the imprint.
(4) Duration of processing activities
Your data will only be processed for as long as this is necessary to achieve the purposes of the processing described above; the legal bases indicated within the framework of the purposes of the processing shall apply accordingly. Please note item A.(5) regarding the use and storage duration of cookies.
Third parties charged by us will store your data on their systems for as long as this is necessary in connection with the provision of services for us in accordance with the respective order.
(5) Transfer of personal data to third parties; basis for justification
The following categories of recipients, which are usually data processors (see A.(7)), may have access to your personal data:
- Service providers for operation of our website and processing of data stored or transmitted by the systems (e.g., for data center services, payment processing, IT security). In this case, the legal basis for the transfer is point (b) or (f) of the first sentence of Art. 6(1) GDPR, insofar as it does not involve contract processors;
- Official authorities/public authorities, as far as this is necessary for compliance with a statutory obligation. In this case, the legal basis for forwarding is point (c) of the first sentence of Article 6(1) GDPR;
- Persons charged with carrying out our business (e.g., auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in acquisitions or the formation of joint ventures). In this case, the legal basis for forwarding is point (b) or (f) of the first sentence of Article 6(1) GDPR.
On ensuring of an adequate level of the protection of personal data in case of transfer of data to third countries, see A.(8).
Furthermore, we will only pass on your personal data to any third parties if you have given your explicit consent to this in accordance with point (a) of the first sentence of Art. 6(1) GDPR.
(6) Use of cookies, plug-ins, and other services on our website
a) Cookies
We use cookies on our websites. Cookies are small text files that are stored on your hard disc associated with the browser you use through a characteristic character sequence and through which the party that sets the cookie will receive specific information. Cookies cannot execute any programs or transmit any viruses to your computer and therefore will not cause any damage. They serve to make the internet offer as a whole more user-compatible and effective, i.e., more comfortable for you.
Cookies may contain data that permit recognition of the device used. In some cases, Cookies only contain information on specific settings that cannot be referred to a person. However, cookies cannot directly identify a user.
There are session cookies that are deleted again as soon as you close your browser, and permanent cookies that are stored beyond the individual session. Regarding function, cookies are again distinguished as:
-
Technical cookies: These are essential for navigating the website, using basic features, and ensuring website security; they do not compile any information about you for marketing purposes, nor do they store which websites you have visited;
-
Performance cookies: Such cookies compile information on how you use our website, which pages you visit and, e.g., whether any errors occur during website use; they do not compile any information that may identify you. All information compiled is anonymous and will only be used to improve our website and find out what interests our users;
-
Advertising cookies, targeting cookies: These cookies are used to offer the website user marketing on the website or offers from third parties that fit their needs, and to measure the effectiveness of such offers; advertising and targeting cookies are stored no more than 13 months;
-
Sharing cookies: These cookies are used to improve the interactivity of our website with other services (e.g., social networks); sharing cookies are stored for no more than 13 months.
Any use of cookies that is not absolutely technically necessary constitutes a processing activity that is only allowed with your explicit and active consent pursuant to point (a) of the first sentence of Art. 6(1) GDPR. This applies in particular to use of advertising, targeting, or sharing cookies. Furthermore, we will only pass on your personal data processed by cookies to any third parties if you have given your explicit consent to this in accordance with point (a) of the first sentence of Art. 6(1) GDPR.
b) Further information on the use of cookies
c) Social-media plugins
We do not use any social media plugins on our websites. If our websites contain the icons of any social media providers (e.g., [names of social media providers with icons on the undertaking’s website]), we use these only for passive linking to the pages of the respective providers.