With this Privacy Notice our organisation wishes to inform you how we process personal data (hereinafter “data”) in connection with this website and our social media profiles (hereinafter together our “online services”), particularly the type of data processed, the scope and purpose of processing. The definitions of art. 4 General Data Protection Regulation (GDPR), e.g. „personal data“, „processing“ apply.
|Company:||Steinmüller Engineering GmbH, IHI Group Company|
|City, Country||51643 Gummersbach, Germany|
|Registry Court:||Amtsgericht Köln HRB 50957|
|Managing directors:||Dr. Stefan Hamel, Yoshitomo Okuma, Dr. Hans-Ulrich Thierbach|
|Phone:||+49 2261 789500|
How to contact our Data Protection Officer:
You can reach our Data Protection Officer at the above address and the following email address: email@example.com
Types of processed data:
- inventory data (e.g. names, addresses).
- contact data (e.g. email, phone numbers).
- content data (e.g. text entered, photos, videos).
- usage data (e.g, websites visited, content interested in, duration of visit).
- Meta and communication data (e.g. device information, IP addresses).
Processing of special categories of Data (art. 9 (1) GDPR):
We generally do not process special categories of Data unless they are provided voluntarily by the user, e.g. entered in online forms or submitted via email as part of a job application (cf. chapter 20 of this Privacy Notice for more detail).
Categories of data subjects:
- Customers / potential customers / suppliers.
- Visitors and users of our web services.
- job applicants.
Hereafter we refer to all affected persons as „Users“.
Purpose of processing:
- Maintaining our web services, its contents and functionalities.
- Performance of contractual obligations, service, customer care.
- Responding to inquiries, communication with users.
- Marketing, advertisement and market research.
- Security measures.
1. Legal basis of processing
As required by art. 13 GDPR we inform you about the legal basis for our data processing. Unless a more specific legal basis is named in this Privacy Notice in connection with a processing, the following applies:
- If we ask for your consent, the legal basis for the processing is art. 6 (1) 1 lit. a. and art. 7 GDPR.
- If we process data to perform a contract or to respond to an inquiry the legal basis is art. 6 (1) lit. b. GDPR.
- If we process data to comply with legal requirements the legal basis is art. 6 (1) lit. c. GDPR.
- If we process data to pursue our legitimate interest or the legitimate interest of a third party the legal basis is art. 6 (1) lit. f. GDPR.
2. Changes and updates to this Privacy Notice
Please check the content of this Privacy Notice regularly. We amend this Privacy Notice as soon as changes to our data processing make changes necessary. We will inform you if such changes require you to take action or if an individual information is necessary.
3. Security measures
3.1. We take technical and organisational measures in accordance with art. 32 GDPR taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for rights and freedoms of natural persons to ensure a level of security appropriate to the risk. Among those measures are in particular the ensuring of ongoing confidentiality, integrity, availability of processing systems though controlling physical access to Data as well as access, entering, transfer, ensuring availability as well as segregation. In addition, we have established processes ensuring that data subjects can invoke their rights, Data is deleted and reactions to threats to Data are appropriate. We take into account the protection of data during development and selection of hardware, software and processes in accordance with the principles of privacy by design and privacy by default (art. 25 GDPR).
3.2. The data transmission between your browser and our server is encrypted.
4. Cooperation with data processors and third parties
4.1. We only disclose, transfer or grant access to the Data other persons and enterprises (data processors or third parties) in connection with our processing where a legal basis exists (for example where the transfer to third parties is necessary for the performance of a contract pursuant to art. 6 (1) lit b. GDPR), if you have given us consent, if we are required by law or if we have a legitimate interest to do so (e.g. webhosting by third party providers).
4.2. Where we engage third parties to process data on our behalf we conclude data processing agreement pursuant to art. 28 GDPR.
5. Data transfer to third countries
If we process data in a third country (i.e. outside of the European Union or the European Economic Area) ourselves or by engaging a service provider or through disclosure or transfer to third parties we will only do so to perform a contract, based on consent, if required by law or to pursue a legitimate interest. Unless otherwise permitted by law or by contract we process Data or have data processed on our behalf only if the requirements of art. 44 et seqq. GDPR are met. This means that special safeguards like an official assessment that the level of data protection in a specific country is equivalent to that in the EU (e.g. for the USA the „Privacy Shield“) are in place or the processor or third party has agreed to observe officially sanctioned special contractual obligations („standard contractual clauses“).
6. Rights of the data subject
6.1. You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data in accordance with art. 15 GDPR.
6.2. You have the right to obtain from the controller without undue delay the rectification of inaccurate and the completion of incomplete personal data concerning you in accordance with art. 16 GDPR.
6.3. Subject to the requirements of art. 17 GDPR you have the right to obtain from the controller the erasure of personal data concerning you without undue delay, alternatively to obtain restriction of processing subject to the requirements of art. 18 GDPR.
6.4. You have the right to receive the personal data concerning you, which you have provided to us and to transmit those data to another controller subject to the requirements of art. 20 GDPR.
6.5. You also have the right to lodge a complaint with a competent supervisory authority pursuant to art. 77 GDPR.
7. Right to withdraw consent
You have the right to withdraw consent for the future pursuant to art. 7 (3) GDPR.
8. Right to object
If we process Data based on a legitimate interest pursuant to art. 6 (1) lit f. GDPR you have the right object to future processing in accordance with art. 21 GDPR, particularly to processing for the purpose of direct marketing.
9. Cookies and right to object in the case of direct marketing
10. Data retention and deletion
10.1. We delete or restrict data processed in accordance with art. 17 and 18 GDPR. Unless explicitly stated otherwise in this Privacy Notice we delete personal data when it is no longer necessary for the purpose of the processing and no legal retention periods require storage. The processing will be restricted if the data are not deleted because they are necessary for other and lawful purposes. This means that data will be restricted and not processed for other purposes. This applies for example to data stored to comply with retention periods under commercial or tax law.
10.2. We are legally required to retain commercial records for 6 years pursuant to § 257 (1) German Commercial Code (trading books, inventories, opening balance sheets, annual accounts, commercial letters, accounting records, etc.) and for 10 years pursuant to § 147 (1) German Tax Code (books, records, management reports, accounting records, commercial letters, documents relevant for tax assessment, etc.).
11. Performance of contractual obligations
11.1. We process inventory data (such as names and addresses as well as contact information of uses), contract data (goods and services purchased, contact person, payment information) for the purpose of performing our contractual obligations, art. 6 (1) lit. b. GDPR.
11.2. We delete this data after statutory or contractual warranty periods have lapsed. The necessity of the data for this purpose is evaluated every three years. Where legal data retention periods apply the data will be deleted after those have lapsed (six years for retention periods under commercial law, 10 years for retention periods under tax law).
12. Contacting us
12.1. If you contact us by email or via our contact form, the data you provide will be processed to handle your inquiry pursuant to art. 6 (1) lit. b. GDPR.
12.2. The data you provide may be entered into a Customer-Relationship-Management System ("CRM System") or request management system.
12.3. We delete your request and the data provided therein once they are no longer necessary. We evaluate the necessity every two years. Where legal data retention periods apply the data will be deleted after those have lapsed (six years for retention periods under commercial law, 10 years for retention periods under tax law).
This website is hosted by a hosting provider. Our hosting provider processes inventory, contact, content, usage and meta and communication data (e.g. device information, IP address) of website users. The legal basis for this processing is art. 6 (1) 1 lit. f. GDPR. Our legitimate interest is to provide our online services efficiently and in a secure manner.
14. Collection of access data and log files
14.1. Our hosting provider collects data (server log files) on the basis of our legitimate interest pursuant to art. 6 (1) lit. f. GDPR each time you connect to the server on which the online service is hosted. The logged data contains website visited, name of the file, date and time of request, data volume transmitted, notification on successful request, web browser including version, operating system of user, referrer URL (the website previously visited), IP address and access provider making the request.
14.2. The data is stored in the log files for security purposes (e.g. to investigate misuse and fraud) for a maximum period of 7 days and are then deleted. Not deleted are data whose retention is necessary for evidentiary purposes. Such data will be stored until the issue under investigation has been resolved and are then deleted.
15. Cookies & reach measurement
15.1 A cookie is a packet of information sent by a web server to a browser, which is then sent back by the browser each time it accesses that web server.
15.2 Visit our page: privacy statement for detailed information about using cookies.
15.3 If you do not want the cookies to be stored on your computer, you can deactivate the relevant option in the system settings for your browser. If, however, you
choose not to accept cookies, this can limit the functions available to you on our sites.
16. Integration of third-party services and content
As part of our website we are using on the basis of our legitimate interest (i.e. our interest in analysing, optimizing and efficient operation of our website) pursuant to art. 6 (1) lit. f. GDPR content and services from third party providers in order to embed their services such as videos or fonts (hereinafter “content”).
The third-party service providers need to process the IP address of the user in order to be able to deliver content to the user’s browser. The IP address is therefore necessary for the display of the content. We strive to only use third party content whose providers process the IP address solely for the purpose of delivering content. Third-party providers can further use pixel-tags („web beacons“) for statistical and marketing purposes. Using pixel-tags the user traffic on the pages of this website can be analysed. This pseudonymous information can further be stored in cookies on the user’s device and can contain technical information on browser, operating system, referrer website, time of visit and further information on the usage of our website and can be combined with similar information from other sources.
17. Google Analytics
Google is certified under the Privacy Shield and guarantees adherence to EU data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate usage of our online services, to create reports on the activities within the online services and to render other services related to the usage of our online services. It is possible to create pseudonymized user profiles based on the data processed.
We use Google Analytics only with activated IP Anonymisation. This means the User’s IP address within member states of the European Union or in other contracting states to the Agreement on the European Economic Area is shortened. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.
According to Google the IP address transmitted by your browser is not combined with other data from Google. You can disable the storing of cookies by changing the relevant settings in your browser; In addition, you can prevent Google from collecting the data stored in cookie and relating to your usage of the online services by downloading and installing the browser add-on available under this link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
Personal user data is deleted or anonymized after 14 months.
The tracking cookies set by Google Analytics expire as follows: _ga (2 years), _gat (1 min), _gid (24h).
18. Google Maps
19. Google Fonts
20. Job applicant data
20.1. We process data relating to job applicants only for the purpose and during the recruitment in accordance with legal requirements. We process the data to fulfil our pre-contractual obligations during the recruitment process. The legal basis for this processing is art. 6 (1) 1 lit. b., art. 6 (1) 1 lit. f. GDPR and § 26 German Federal Data Protection Act.
20.2. The provision of job applicant data is necessary for conducting the recruitment process. If we offer submitting job applications via web form, necessary data will be indicated. Otherwise, the job posting will inform on the necessity of data. In general, information about the person, mail and contact addresses and the documents belonging to an application such cover letter, CV, certificates and references are necessary. Applicants may provide additional information voluntarily.
20.3. Where during the recruitment process special categories of personal data pursuant to art. 9 (1) GDPR (e.g. data concerning health, disability status or ethnic origin) are provided voluntarily, the legal basis for the processing of such data is art. 9 (2) lit. b. GDPR. Where we request special categories of personal data pursuant to art. 9 (1) GDPR during the recruitment process (e.g. data concerning health to the extent necessary to assess the ability to exercise a profession) the legal basis is art. 9 (2) lit. a. GDPR.
20.4. If available on our website, applicants can submit applications through an online form. The data transmission will be encrypted using state of the art encryption methods.
20.5. Applicants can submit applications via email or post. Email are generally not encrypted. It is the applicant‘s responsibility to ensure proper encryption. We are not responsible for the transport of an email between the sender and our receipt on our server. We therefore recommend using an online form or sending applications by post.
20.6. We may continue using the data provided by the applicant for the purpose of an employment in case the application is successful. Otherwise, if the application was not successful, the applicant’s data will be deleted. An applicant’s data will also be deleted if the applicant withdraws his or her application, which may be done at any time.
20.7. The data will be deleted, a justified withdrawal of consent by the applicant notwithstanding, after a period of six months after the decision on the application. This allows us to answer follow-up questions regarding the application and document compliance with the German Equal Protection Act. Documentation regarding potential reimbursement of travel expenses will be archived in accordance with retention periods under German tax law.