Data protection
We are delighted about the visit of our website. Grunwald GmbH (hereinafter ‘Grunwald’, ‘we’ or ‘us’) attaches great importance to the security of users’ data and compliance with data protection provisions. Hereinafter, we would like to inform about how personal data is processed on our website.
Controller
Grunwald GmbH
Pettermandstraße 9
88239 Wangen
Deutschland
Telephone: +49 7522/9705-0
Fax: +49 7522/9705-999
E-Mail: info@grunwald-wangen.de
Data protection officer
Mr. Maximilian Musch
Deutsche Datenschutzkanzlei
Telephone: +49 7542 94921-02
E-Mail: musch@ddsk.de
Terms
The specialist terms used in this Privacy Policy are to be understood as legally defined in article 4 GDPR.
Information on data processing
Automated data processing (log files etc.)
Our website can be visited without actively providing personal information about the user. However, every time our website is accessed, we automatically store access data (server log files), such as the name of the internet service provider, the operating system used, the website the user visited us from, the date and duration of the visit and the name of the file accessed, as well the IP address of the device used (for security reasons, such as to recognise attacks on our website) for a duration of 7 days. This data is solely evaluated for the purpose of improving our offering and does not enable conclusions to be drawn about the person of the user. This data is not merged with other data sources.
We process and use the data for the following purposes: to provide the website, to improve our websites and to prevent and identify errors/malfunctions and the abuse of the website.
Legal base:
legitimate interests (Art. 6 (1) (f) GDPR
Legitimate interests:
ensuring the functionality of the website and its error-free, secure operation, as well as in adapting this website to suit users’ needs.
Use of cookies (general, functionality, opt-out links etc.)
We use ‘cookies’ on our website to make visiting our website more attractive and to enable certain functions to be used. The use of cookies serves our legitimate interest in making a visit to our website as pleasant as possible and is based on article 6 (1) (f) GDPR. Cookies are standard internet technology used to store and retrieve login details and other usage information for all the users of a website. Cookies are small text files that are deposited on your end device. They enable us to store user settings, inter alia, to ensure that our website can be shown in a format tailored to your device. Some of the cookies we use are deleted after the end of a browser session, i e. when closing the browser (known as ‘session cookies’). Other cookies remain on the user’s end device and enable us or our partner companies to recognise the browser on the next visit (known as ‘persistent cookies’).
The browser can be set so that the user is informed when cookies are to be stored and can decide whether to accept them in each individual situation, to accept them under certain circumstances, or to exclude them in general. In addition, cookies can be retrospectively deleted to remove data that the website stored on your computer. Deactivating cookies (known as ‘opting out’) can limit our website’s functionality in some respects.
Categories of data subjects:
Website visitors, users of online services
Opt-Out:
Internet Explorer: https://support.microsoft.com/de-de/help/17442
Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
Safari https://support.apple.com/de-de/HT201265
Legal bases:
Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
The pertinent legal basis is specifically stated for each tool in question.
Legitimate interests:
Storing of opt-in preferences, presentation of the website, assurance of the website's functionality, provision of user status across the entire website, recognition for the next website visitors, user-friendly online offering, assurance of the chat function
Web analysis and optimisation
We use procedures on our website to analyse user behaviour and to measure reach. For this purpose, information about the behaviour, interests and/or demographic information of visitors is collected in order to determine whether and where our website needs to be optimised or adapted (e.g. forms on the website, improved placement of buttons or call-to-action buttons, etc.).
In addition, we can measure the click and scroll behaviour of website visitors. Among other things, this helps us to recognise at what time our website, its functions or content are most frequented.
The collection of this data is made possible by the use of certain technologies (e.g. cookies). These are placed on the end devices of users when they visit our website as part of client-side tracking.
We take precautions to protect the identity of our website visitors. For the purposes described above, we do not process any clear data of the website visitors.
Categories Data:
Usage data (e.g. websites visited, interest in content, access times), demographic characteristics (age, gender), meta and communication data (e.g. device information, anonymised IP addresses, location data), contact data (e.g. e-mail address), content data (e.g. text details)
Purposes of the processing:
Analysis of user behaviour on the website (website interaction) for general web optimisation, e.g. in the area of the newsletter, range measurement, checking and monitoring the utilisation of the website
Legal basis:
Consent (Art. 6 para. 1 lit. a) DSGVO)
Google Analytics
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Guarantee in case of transfer to an unsafe third country pursuant to Art. 44 et seq. GDPR: Adequacy Decision of the European Commission for the USA, for those companies or organisations that are certified under the EU-US Data Protection Framework.
Recipient's privacy policy: https://policies.google.com/privacy?gl=DE&hl=de
Presence on social media
We maintain online presences on social networks and career platforms so we can exchange information with users registered there and easily contact them.
Sometimes, data belonging to social network users is used for market research and, by extension, for advertising purposes. Users’ usage behaviour, such as their stated interests, can lead to user profiles being created and used in order to adapt adverts to suit the interests of the target group. To this end, cookies are normally stored on users’ end devices, which sometimes occurs regardless of whether you are a registered user of the social network.
In conjunction with the use of social media, we also make use of the associated messenger services to communicate easily with users. We would like to point out that the security of some services can depend on the user's account settings. Even in cases of end-to-end encryption, the service provider can draw conclusions about the fact that the user is communicating with us, when they do so, and, on occasion, capture location data.
Depending on where the social network is operated, the user data can be processed outside the European Union or outside the European Economic Area. This can lead to risks for users because it is more difficult for them to assert their rights, for example.
Categories of data subjects:
Registered users and non-registered users of the social network
Data categories:
Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos), usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses)
Purposes of processing:
Increase in the reach, networking of users
Legal bases:
Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests:
Interaction and communication on social media pages, increase in profits, findings regarding target groups
Tool:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy: https://help.instagram.com/519522125107875
and https://www.facebook.com/about/privacy
Opt-Out-Link: https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/
Tool:
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
Privacy: https://www.linkedin.com/legal/privacy-policy
Opt-Out-Link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Online conferences and online meetings
We make use of the opportunity to hold online conferences and meetings s. To do so, we use offerings provided by other carefully selected providers.
When actively using offerings of this nature, data regarding the participants in the communication is processed and stored on the servers of the third-party services used, provided this data is necessary for the communication process. In addition, usage data and metadata can also be processed.
Categories of data subjects:
Participants in the online offering in question (conference, meeting, webinar)
Data categories:
Master data (e.g. name, address), contact data (e.g. email address, telephone number), Content data (e.g. text inputs, photographs, videos), metadata and communication data (e.g. device information, IP addresses)
Purposes of processing:
Processing of enquiries, increase in efficiency, promotion of cross-company or cross-location collaboration
Legal bases:
Consent (article 6 (1) (a) GDPR)
Microsoft Teams
Tool:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Privacy: https://privacy.microsoft.com/de-de/privacystatement
Opt-Out-Link: https://account.microsoft.com/account/privacy
Legal base: Consent (article 6 (1) (a) GDPR)
Advertising communications
We also use data provided to us for advertising purposes, particularly to provide information on various channels about new products from us or in our portfolio of offerings. However, promotional contact from our side is only undertaken within the framework of the statutory requirements, and once consent has been granted, insofar this is necessary.
If the recipients of our advertising do not want to receive it, they can inform us of this at any time with future effect. We are happy to acquiesce to their request.
Categories of data subjects:
Communication partners
Data categories:
Master data (e. g. name, address), contact data (e. g. email address, telephone number)
Purposes of processing:
Direct marketing
Legal bases:
Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests:
Retention of existing contacts/contractual partners and acquisition of new ones
Contacting us
On our online offering, we offer the option of contacting us directly or requesting information via various contact options.
In the event of contact being made, we process the data of the person making the enquiry to the extent necessary for answering or handling their enquiry. The data processed can vary depending on the method via which contact is made with us.
Categories of data subjects:
Individuals submitting an enquiry
Data categories:
Master data (e. g. name, address), contact data (e. g. email address, telephone number), content data (e. g. text inputs, photographs, videos), metadata and communication data (e. g. device information, IP addresses), usage data (e. g. websites visited, interest in content, access times)
Purposes of processing:
Processing requests
Legal bases:
Consent (article 6 (1) (a) GDPR), performance of contract (article 6 (1) (b) GDPR)
Events and activities
On our website, visitors have the opportunity to find out in advance about upcoming events, such as trade fairs at which we will be represented or other events that we plan and organize, and to register for them if necessary. The information we collect, and which is required for the initiation and fulfilment of the contract is marked as mandatory. The provision of additional data is voluntary.
Categories of data subjects:
Interested Parties, Participants
Data categories:
Master data (e. g. name, address), contact data (e. g. email address, telephone number), Transaction data (bank details, invoices, payment history), contract data (e. g. subject of contract, term)
Purposes of processing:
Performance of a contract, Initiation of a contract
Legal bases:
Performance of contract (article 6 (1) (b) GDPR), Consent (article 6 (1) (a) GDPR)
Downloads (Customer magazine)
We offer our visitors various information such as catalogs, magazines or datasheets for download.
To protect the use of the internal area, we collect the IP addresses and the time of access to prevent misuse of a user account and unauthorized use. This data is not passed on to third parties.
Categories of data subjects:
Website visitors
Data categories:
Master data (e. g. name, address), if necessary, contact data (e. g. email address, telephone number), metadata (e. g. Device information, IP-address)
Purposes of processing:
Marketing
Legal bases:
Consent (article 6 (1) (a) GDPR)
Data transfer
We transfer the personal data of visitors to our online offering for internal purposes (e. g. for internal administration or to the HR department so we can meet statutory or contractual obligations). Internal data transfer or the disclosure of data only occurs to the extent necessary, under the pertinent data protection provisions.
It may be necessary for us to disclose personal data for the performance of contracts or to comply with legal obligations. If the data necessary in this regard is not provided to us, it may be the case that the contract cannot be concluded with the data subject.
Your data may also be processed outside the EU/EEA, in so-called third countries (e. g. the USA), using or accessing certain services.
The European Commission has not issued an adequacy decision for the transfer of data to the USA, which is considered an unsafe third country.
For this reason, we conclude a data processing agreement with the providers including standard contractual clauses, pursuant to Art. 44 et seq. GDPR. In addition, we define measures to ensure the highest possible protection for the personal data of data subjects.
Guarantees used (standard contractual clauses):
Microsoft-Services:
https://www.microsoft.com/licensing/docs/view/Online-Services-Data-Protection-Addendum-DPA?lang=14
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=de
Storage period
In principle, we store the data of visitors to our online offering for as long as needed to render our service or to the extent that the European body issuing directives and regulations, or another legislator stipulates in laws and regulations to which we are subject. In all other cases, we delete personal data once the purpose has been fulfilled, with the exception of data that we need to continue to store to comply with legal obligations (e. g. if retention periods under tax law and trade law require us to keep documents such as contracts and invoices for a certain period of time).
Automated decision-making (including profiling)
We do not use automated decision-making or profiling (Art. 22 GDPR).
Legal bases
The decisive legal bases primarily arise from the GDPR. They are supplemented by national laws from member states and can, if applicable, be applied alongside or in addition to the GDPR.
Consent:
Article 6 (1) (a) GDPR serves as the legal basis for processing procedures regarding which we have sought consent for a particular purpose of processing.
Performance of a contract:
Article 6 (1) (b) serves as the legal basis for processing required to perform a contract to which the data subject is a contractual party or for taking steps prior to entering into a contract, at the request of the data subject.
Legal obligation:
Article 6 (1) (c) GDPR is the legal basis for processing that is required to comply with a legal obligation.
Vital interests:
Article 6 (1) (d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
Public interest:
Article 6 (1) (e) GDPR serves as the legal basis for processing that is necessary to perform a task in the public interest or to exercise public force that is transferred to the controller.
Legitimate interest:
Article 6 (1) (f) GDPR serves as the legal basis for processing that is necessary to protect the legitimate interests of the controller or a third party, provided this is not outweighed by the interests or fundamental rights and fundamental freedoms of the data subject that require personal data to be protected, particularly if the data subject is a child.
Rights of the data subject
Right of access:
Pursuant to article 15 GDPR, data subjects have the right to request confirmation as to whether we process data relating to them. They can request access to their data, along with the additional information listed in article 15 (1) GDPR and a copy of their data.
Right to rectification:
Pursuant to article 16 GDPR, data subjects have the right to request that data relating to them, and that we process, be rectified or completed.
Right to erasure:
Pursuant to article 17 GDPR, data subjects have the right to request that data relating to them be erased without delay. Alternatively, they can request that we restrict the processing of their data, pursuant to article 18 GDPR.
Right to data portability:
Pursuant to article 20 GDPR, data subjects have the right to request that data made available to us by them be provided and transferred to another controller.
Right to lodge a complaint:
In addition, data subjects have the right to lodge a complaint with the supervisory authority responsible for them, under article 77 GDPR.
Right to object:
If personal data is processed on the basis of legitimate interests pursuant to article 6 (1) (1) (f) GDPR, under article 21 GDPR data subjects have the right to object to the processing of their personal data, provided there are reasons for this that arise from their particular situation or the objection relates to direct advertising. In the latter case, data subjects have a general right to object that is to be put into effect by us without a particular situation being stated.
Withdrawal of consent
Some data processing procedures can only be carried out with the express consent of the data subject. Once granted, you are able to withdraw consent at any time. To do so, sending an informal note or email to info@grunwald-wangen.de is sufficient. The legality of the data processing carried out up to the point of withdrawal shall remain unaffected by the withdrawal.
External links
Our website includes links to online offerings from other providers. We note that we have no influence over the content of the online offerings linked to and over whether their providers comply with data protection provisions.
Amendments
We reserve the right to amend this information on data protection, in compliance with the applicable data protection provisions, if changes are made to our online offering so that it complies with the legal requirements.
This Privacy Policy was drawn up by the
Deutsche Datenschutzkanzlei
- Maximilian Musch -