Data Privacy Policy of Novoferm Siebau GmbH
As of 15.05.2018
Data privacy general information
(1) Novoferm Siebau GmbH is delighted you are interested in our company and its products. So that we can respond to your information requests in full, you may be asked to provide some personal information. You are not obliged to do this. Please consult the following Data Privacy Policy on how we handle your personal data in accordance with the EU General Data Protection Regulation (henceforth GDPR) and data protection regulations. Given that the company head office is located in Germany, competent jurisdiction lies with the German data protection authorities on the basis of the Federal Data Protection Act (henceforth BDSG).
The accountable body is
Novoferm Siebau GmbH
Place of jurisdiction: District Court Coesfeld, HRB 14898
Value Added Tax Identification Number: DE148732639
represented by managing directors
Dipl.-Ing. Franz-Wilhelm Rieder, Dipl.-Kfm. Thomas Hage, Dipl.-Ing. Dirk Gößling
Data Protection Officer: Thorsten Werbeck
Backeswiese 23
(Gewerbegebiet – Buschhütten)
57223 Kreuztal
Germany
Tel: (+49) 02732-202-0
Fax: (+49) 02732-202-291
Internet: www.siebau-cargotore.de
Our contract data processor in accordance with GDPR Article 28 and BDSG Section 62.
(1) Responsibility for our servers at the site in Bautzen and the contract data processing (storage and forwarding to Novoferm and its sales partners) on our behalf is the company itelligence AG, Königsbreede 1, D-33605 Bielefeld.
(2) Responsibility for the server of our website at the site in Strasbourg and for the contract data processing (storage and forwarding to Novoferm and its sales partners) on our behalf is the company Beyond Media GmbH, Mercedesstraße 3, 74366 Kirchheim am Neckar (HRB 731659 AG Stuttgart) represented by its managing director Sven Heib. Our host service provider is also subject to German data protection provisions.
(3) Support (including advertising), technical security monitoring and the evaluation of our websites is also performed by Beyond Media GmbH, Mercedesstraße 3, 74366 Kirchheim am Neckar (HRB 731659 AG Stuttgart) represented by its managing director Sven Heib. Anonymised and pseudonymised data of our users are evaluated on the basis of an agreement for contract data processing in accordance with GDPR Article 28 and BDSG Section 62. Beyond Media GmbH as our service provider is also subject to German data processing provisions and is also contractually committed to secrecy.
(4) Internal support of the websites is performed centrally by the German parent company Novoferm GmbH, Schüttensteiner Straße 26, D-46419 Isselburg (AG Coesfeld HRB 7771). Novoferm GmbH, in the same way as Novoferm Siebau GmbH, is subject to the same data protection level as the Novoferm company group, and under the web address novoferm.de has the same Data Privacy Policy and publishes the procedure log for the internet services provided on our behalf. Our data protection officer, as the group officer, also controls the Data Privacy Policy of Novoferm GmbH in accordance with GDPR Article 37 (2).
(5) The “Cookiebot” service described in Section 8 is a service provided by Cybot A/S, Havnegade 39, DK-1058 Copenhagen, Denmark. The data privacy level of the EU Member-State Denmark corresponds to the German data privacy law of the General Data Protection Regulation. Furthermore, all contractual partners of Novoferm Siebau GmbH are also contractually bound to maintain secrecy and are only permitted to process any collected and saved user data as instructed by us for the purposes specified in this Data Privacy Policy.
(6) We describe in detail below how our internet presence is promoted, how we monitor our group websites and how we optimise them on the basis of user interests.
Our data privacy provisions and notices
Section 1 Anonymous use, security, analyses and statistics
(1) Novoferm Siebau GmbH takes the data protection of its website users seriously and adheres to the regulations in data protection legislation. Below we would like to inform you of which items of your personal data are asked for and saved and how we handle these data. Personal data are those items of information which make the identification of one individual possible. These include in particular, name, address and telephone number but also the IP address assigned by your provider or your email address.
(2) We endeavour to provide most of the functions of our websites and services for anonymous use. Because websites have to be protected and permanently monitored against attacks by hackers, bots and by all types of malware, a temporary identifiability of users, as a minimum via the metadata of the use procedure, is required. Therefore, in the use of our websites the following data are logged; however, they are only stored for system-related and statistical purposes: Names of the recalled pages, the browser used, the operating system and the requesting domain, date and time of the access, search engines used. Names of the downloaded files and your IP address. All data about the use, in particular also your IP address, are deleted as soon as possible, at the latest immediately on completion of the use procedure.
(3) The statistical evaluation of anonymous user data which in the evaluation can no longer be attributed to your person as a user of the websites, helps us establish the habits of our users so we can design our offer to be more user-friendly and adapt it to the desires and requirements of our users. Our contractor uses the analysis program Google Analytics to perform the anonymous data evaluation and we describe this program’s functions and precautionary measures for anonymisation of user data below.
Section 2 “Google Analytics” web analysis service, opt-out procedure versus cookiebot description
(1) This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies (small text files, also see Section 8 below) which are stored on your computer and can be used to analyse how you use the website. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on one of its servers in the USA. Data privacy provisions in the USA do not currently correspond in all areas to the statutory requirements of European data protection provisions.
(2) We have enabled IP anonymisation on this website. Therefore, your IP address will be truncated by Google within the area of Member States of the European Union or other contracting parties to the Agreement on the European Economic Area before being transferred to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activities and to provide the website operator with other services related to website activity and internet usage. The IP address that your browser transmits within the scope of Google Analytics will not be associated with any other data held by Google.
(3) Our contractor uses the latest operating standard of Google Analytics that has been adapted to the privacy level of GDPR, namely Universal Analytics on the basis of a contract data processing agreement in accordance with GDPR Article 28 and BDSG Section 62. Universal Analytics uses a User-ID to enable, for example, cross-device tracking and user-defined measurement values/standards. In accordance with the conditions of use of Universal Analytics which apply to all users, it is not permitted to send any personal data to Analytics. We have also committed our contractor and our employees to strict compliance with the conditions of use.
(4) The purpose of the User-ID is to exclude the direct identification of the individual user. Due to the program functions (see above), the User-ID from Universal Analytics does indeed constitute online identification in the sense of GDPR Article 4 (1) and is thereby classed as a personal data item.
(5) We have therefore instructed our contractor and our employees not to activate the User-ID and not to send any personal data to Google. (Link to “Best Practices: support.google.com/analytics/answer/6366371 ).
(6) Of course Google continues to set a cookie. This is used to process information such as browser type, operating system used, referrer URL, IP address (truncated/anonymised) and the time of the server enquiry. You may prevent the storage of the cookie by selecting the appropriate settings in your browser; however please note that if you do this, under certain circumstances, you may not be able to use the full functionality of this website. If you do not want to accept any restrictions in use possibilities, then it is better on your first visit to our websites that you use the function provided to disable the analysis cookies (cookiebot procedure in Section 8) or exercise your right to object to us at any time.
(7) You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) for Google as well as the processing of these data by Google by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de ). However, for opt-out solutions you must in general consider that your browser or “cleaning programs” may not be permitted to be set with access to internet history data so that opt-out cookies from external providers are deleted again. Your decision in the cookiebot process (see Section 8) is saved for one year and if you delete the “CookieConsent” cookie from Novoferm you will simply be asked again the next time you visit the website. We therefore consider this approach to be better.
(8) For more information about how Google Analytics handles user data, please consult Google's data privacy policy: support.google.com/analytics/answer/6004245; or at www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and privacy).
Section 3 Advertising for our group websites via Google Adwords, Remarketing
(1) Google AdWords
(2) Our website uses Google Conversion Tracking. If you arrive at our website via an advertisement operated by Google, a cookie will be set on your computer by Google Adwords. The Conversion Tracking cookie is set when a user clicks on an advert displayed by Google. These cookies become invalid after 30 days and are not used for personal identification. If the user visits specific pages of our website and if the cookie has not yet expired, we and Google can identify that the user has clicked on the advertisement and has been forwarded to this page. Each Google AdWords customer receives a different cookie. This means that cookies cannot be tracked via websites by AdWords customers. The information obtained with the help of Conversion Cookies is used to compile Conversion Statistics for AdWords customers who have decided to use Conversion Tracking. Customers are informed of the total number of users who have clicked on their advertisement and who were forwarded to the page equipped with a Conversion Tracking Tag. However, they do not receive any information through which the user can be personally identified.
(3) If you do not want to use the tracking you can reject the requisite cookie setting – for example via the browser setting that disables the automatic setting of cookies in general or you can configure your browser so that cookies from the domain “googleleadservices.com” are blocked.
(4) Please note that you must not delete opt-out cookies if you want to record measurement data. If you have deleted all cookies in your browser you must re-set the respective opt-out cookie.
(5) Use of Google Remarketing
(6) This website uses the Remarketing function from Google Inc. This function is used to display interest-based web advertisements from within Google’s advertising network to website visitors. A cookie is stored in the browser of the website visitor which enables it identify the visitor the next time he/she visits these websites which belong to the Google advertising network. On these pages advertisements are displayed to the visitor which refer to content that the visitor has previously searched for on other websites which use Google Remarketing.
(7) Based on information supplied by Google it does not collect any personal data in this process. However, if you do not want to use the Google Remarketing function you can disable this by enabling the relevant settings at www.google.com/settings/ads. Alternatively you can disable the use of cookies for interest-based advertising via the network advertising initiative by following the instructions at www.networkadvertising.org/managing/opt_out.asp.
Section 4 Facebook Pixel (currently not active on the web pages Novoferm Siebau GmbH)
(1) Within our websites on some pages and with your consent we use the tracking pixel from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The collected data are anonymous for us, therefore no conclusions can be drawn as to the identity of users. However, the data are stored and processed by Facebook enabling both a connection to the respective user profile and Facebook to use the data for its own advertising purposes in accordance with the Facebook data use guideline (https://www.facebook.com/about/privacy/). You can enable Facebook and its partners to switch on advertisements in and outside of Facebook. A cookie can also be stored on your computer for these purposes.
(2) Please click here to disable the advertising. www.facebook.com/ads/website_custom_audiences/
Section 5 Embedded YouTube-Videos
In some of our websites we embed YouTube videos. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a page with a YouTube plugin, a connection to YouTube servers is established. This informs YouTube which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing habits to you personally. You can prevent this by first logging out of your YouTube account.
When a YouTube video is started, the operator sets cookies which collect information about user behaviour.
If you have disabled the storage of cookies for the Google Ad Program, when watching YouTube videos you do not need to take such cookies into account. However, YouTube stores non-personal usage information in other cookies. If you want to prevent this you must block cookies being saved in the browser.
You can find more information about YouTube’s data privacy policy in the privacy statement of the operator at: www.google.de/intl/de/policies/privacy/
Section 6 Social Plugins
On our website we offer you the option to use social media buttons. To protect your data we use the “Shariff” solution in the implementation. Here these website buttons are only incorporated as a graphic which contains a link to the corresponding website of the button provider. By clicking on the graphic you are then forwarded to the services of the respective provider. Only then are your data sent to the respective provider. If you do not click on the graphic no data exchange takes place between you and the providers of the social media buttons. You can read information about the collection and use of your data in social networks in the respective conditions of use of the relevant providers. You can find out more about the Shariff solution here: www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html
On some pages of our group websites we have incorporated the social media buttons of the following companies:
Facebook Inc. (1601 S. California Ave - Palo Alto - CA 94304 - USA). Accountable for the European legal sphere is Facebook Ireland Ltd., with its headquarters in 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Twitter Inc. (795 Folsom St. - Suite 600 - San Francisco - CA 94107 - USA). Accountable for the European legal sphere is Twitter Ireland Ltd., with its headquarters in 1 Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
Section 7 Collection and processing of personal data
(1) Additional personal information is only collected when you have provided this to us voluntarily, for instance as part of a request or your registration.
(2) If you contact us by email the information provided by you will be stored for the purposes of processing the request and for any possible follow-up enquiries. Personal data are always only used if you have given your consent (GDPR Article 6 (a)) or for performance of a contact (GDPR Article 6 (b)). You have the option to revoke this consent at any time.
(3) We act in accordance with statutory provisions in all data processing processes (e.g. collection, processing and transfer). The following statement gives you an overview of which type of data are collected, how these data are used and forwarded, which security measures we undertake to protect your data and how you can find out about the information that has been given to us.
(4) Within the meaning of data economy we only request the data that we require to answer your enquiries or to perform and process orders (e.g. your full name and/or full company name as well as the person or persons with authorised representation, your email address, any pre-existing customer number and your delivery and invoice address).
(5) We only process data from another source if you already have a customer account with us or with our sales partners or representatives. The data from your enquiry or your order data will then be added to your customer account. When initiating a contract for new customers and commercial customers, credit worthiness data of our trade credit insurers are collected and attached to the customer account.
Section 8 Cookies
(1) This website uses cookies. Cookies are small text files that are transferred by a website server to your hard disk. These enable us to automatically obtain specific data items such as IP address, browser used, operating system via your computer and your internet connection.
(2) Cookies cannot be used to launch programs or transfer viruses to a computer. Using the information contained in cookies we can make your navigation easier and enable our websites to be displayed correctly.
(3) In no case are the data collected by us in this way forwarded to third-parties nor is any link to the personal data established without your consent.
(4) You can of course also view our website without cookies. You can prevent the use of cookies if you set your browser to block cookies. You can as a minimum continue to see essential part of these pages. Please note that individual functions of our website and the extranet services available through your registration and login and the connected trading platforms will not function if you have disabled the use of cookies.
(5) Cookies have different functions. Some cookies are necessary for specific functions or services of our websites, for example when attacks on our websites have to be averted or when you have to be identified again as a registered user on our trading platform. These functions and services cannot be used without the necessary cookies and instead of the function you want you will receive error messages or notifications. However, consent that you have previously did not grant or you have revoked can be granted subsequently or repeated at any time by cancelling the block on the respective cookie and revisiting the website or updating your browser.
(6) To make it easier to use cookies on our websites we have implemented the expanded Cookiebot cookie notice banner and we refer to the following procedural instruction. Cookiebot is a service provided by Cybot A/S, Havnegade 39, DK-1058 Copenhagen, Denmark. The cookies required for the functionality of the websites and the services offered are pre-set. If you press the “OK” button on the banner you grant your consent, that can be revoked at any time, for the pre-set cookies.
(7) The cookie list of the service explains the further function groups and functions of the integrated cookies and the term (time limit) of the cookies when they automatically lose their validity is stated. You can switch off cookies individually and also in function groups. Please note that although cookies also have functions which are not absolutely necessary, they can save your user habits and preferences. One example of this is your decision, in a bilingual country, to opt for one of the two language versions offered. In order to enable the habitual use, the cookiebot is pre-set in such a way that you must remove the green cross in the overview toolbar in order to restrict your declaration of consent accordingly. If you also enable statistics (analysis cookies) and personalised advertising (tracking and profiling cookies), we can inform you individually in the usual way, remind you of content already viewed and optimise our websites based on the anonymous analysis of your user behaviour on our pages and in our services and platforms. We thank every user who helps us in this way to continuously improve.
(8) The cookies set by us are
Cookie_Name
Function
Term
Section 9 Security Notices
(1) We have undertaken many security measures to adequately protect personal information at a reasonable extent.
(2) Our databases are protected by physical and technical measures as well as by procedural measures which restrict access to information to specifically authorised persons in accordance with this Data Privacy Policy. Our information system is located behind a software firewall to prevent access from other networks which are connected via the internet. Only employees who require the information in order to fulfil a specific task are given access to personal information. Our employees are trained in security and data privacy practices. All our employees and all third-parties involved in data processing are under the obligation to treat personal data confidentially in accordance with the Federal Data Protection Act.
(3) In an email communication we cannot guarantee full data security.
Section 10 Usage, forwarding and erasure of personal data
(1) We use the personal data provided by you to answer your enquiries, to process your order and to check credit-worthiness and for the purpose of the technical administration of the websites.
(2) We only forward your personal data to third-parties if this forwarding is required for the purposes of processing the contract or if you have expressly consented to this.
(3) Furthermore, we do not exclude the fact that we transfer anonymised usage data for marketing research purposes. And here user identification is excluded (see above).
(4) We hereby inform you that on instruction of the competent authority, we are authorised and obliged in an individual case, to provide information about data, if this is
• for criminal prosecution purposes,
• for averting risks by the police authorities of the specific countries
• for compliance with statutory requirements of the constitution protection authorities of the Federation and the German Federal States, the Federal Intelligence Service and the Military Counter-Intelligence Service
• or for enforcing the rights required for intellectual property.
(5) User data of the visitor are automatically deleted as soon as the visitor leaves the page. The term of cookies is described in detail in Section 8. Data from an enquiry are deleted after any follow-up correspondence has been completed, at the latest six months after the last unanswered message from the user. Data from a specific quotation are deleted on request, however at the latest three years after the quotation was drawn up. Contractual data are deleted after the full processing of the contractual relationship, in particular after expiry of the warranty, guarantee or liability periods. For manufacturers of safety-related construction products these periods may last up to 10 years after delivery of the products or acceptance of the contractual service. Our data protection officer will answer any questions about the deletion policy.
Section 11 Your data privacy rights
(1) You have the right of access in accordance with GDPR Article 15, the right to rectification in accordance with GDPR Article 16, the right to erasure in accordance with GDPR Article 17, the right to restriction of the processing in accordance with GDPR Article 18 and the right to data portability from GDPR Article 20. In relation to the right of access and erasure, Sections 34 and 35 of the Federal Data Protection Act (BDSG) must also be observed. There is also a right to lodge a complaint with a supervisory authority (GDPR Article 77 and Section 19 BDSG).
(2) You have the right at any time to access your personal data saved with us. You also have the right to the rectification, blocking or erasure of your personal data, apart from the prescribed data storage for business processing. Please contact our data protection officer, Thorsten Werbeck (thorsten.werbeck@novoferm.de), at any time for all questions regarding privacy and data protection.
(3) So that a data block can be considered at all times, these data must be held in a blocked file for control purposes. You can also request the erasure of data provided that there are no statutory archiving obligations. If such an obligation exists, we block your data on request.
(4) You can perform changes or revoke your consent with a relevant notification to us with future effect. The revocation is informal and is possible without stating a reason. For this purpose you can use all the above addresses and contact data of Novoferm Siebau GmbH.
Section 12 Amendment to our data privacy provisions
We reserve the right to occasionally adapt this Data Privacy Policy so that it constantly complies with current legal requirements or to implement amendments to our services in the Data Privacy Policy, e.g. with the introduction of new services or policies. When you visit the site again, the new Data Privacy Policy will then apply.
Section 13 Right to object
(1) You have the right to lodge an objection on grounds that arise from your particular situation
• as a website user
• as a sales prospect after making contact with us and our sales partners
• or as a customer of Novoferm Siebau GmbH
at any time in relation to the processing of personal data concerning you which is based on GDPR Article 6 (1) (f) (data processing on the basis of a balance of interests).
(2) In the event of your objection, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing is for the purpose of the assertion or defence of legal claims or the exercise of rights.
(3) The objection is not subject to any condition as to form and can be addressed to our address stated in Section 1.
Isselburg in May 2018
Thorsten Werbeck