Data Protection GFM Spezialmaschinenbau
I. Name and Address of the Responsible Person The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
GFM Spezialmaschinenbau GmbH
45721 Haltern am See
Tel.: +49 2364 50898-0
Fax: +49 2364 50898-11
II. Data Protection Officer Our data protection officer is available under JURANDO GmbH, Rathausplatz 21, 58507 Lüdenscheid, Germany
III. General Information on Data Processing
1. Scope of Processing of Personal Data We only process personal data of our users if this is necessary to provide a functional website as well as our contents and services. The processing of personal data of our users takes place regularly only after the user has granted his/her consent. An exception applies in those cases where prior consent cannot be obtained for actual reasons and where the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
If and to the extent that we obtain consent from the data subject to the processing activities, Art. 6 subs. 1 a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing.
Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 1 subs. 1 b) GDPR serves as the legal basis for the processing.
This also applies for processing activities that are necessary for taking steps prior to entering into a contract.
If and to the extent that the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 1 subs. 1 c) GDPR serves as the legal basis for the processing.
Where the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 1 subs. 1 d) GDPR serves as the legal basis for the processing.
Where the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 1 subs. 1 f) GDPR serves as the legal basis for the processing.
3. Erasure of data and duration of storage
The personal data of the data subject is erased or blocked as soon as the purpose of storage ceases to exist. The data can be stored beyond that time if this is provided for by European or national legislation in EU Regulations, EU laws or other provisions to which the controller is subject. The data is also erased or blocked as soon as the storage period prescribed by the aforesaid regulations expires unless further storage of the data is necessary for the conclusion or performance of a contract.
IV. Provision of the website and generation of log files
1. Description and scope of the data processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected in this context:
(1) Information on the type of the browser and the browser version used
(2) Referrer (“referring page“)
(3) IP adress
(4) Date and time of access
(5) Website which is accessed by the system of the user via our website
(6) Successful loading or error in loading
This data is also stored in the log files of our system. The data is not stored together with other personal data of the user.
2. Legal basis for the data processing
The legal basis for the temporary storage of the data and log files is Art. 6 subs. 1 f) GDPR.
3. Purpose of the data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For such purpose, the ID address of the user must be and remain stored during the session.
The data is stored in log files to ensure the functionality of the website. Moreover, the data helps us to optimise the website and ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.
The said purposes also constitute our legitimate interest in the processing in terms of Art. 6 subs. 1 f) GDPR.
4. Duration of storage
The data is erased when and as soon as it is no longer needed to achieve the purpose of the data collection. Where the data is collected for the purpose of making the website available, the data is erased when and as soon as the relevant session is closed.
Where the data is stored in log files, the data is erased after seven days at the latest. However, the data can also be stored beyond that time. In this case, the IP addresses of the users are erased or masked such that the accessing client can no longer be allocated to such data.
5. Opposition and elimination
The collection of the data for the purpose of making the website available and the storage of the data in log files are indispensable for operating the website. Thus, the user has no possibility to oppose.
Some of the cookies we use are deleted after the end of the browser session, ie after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliate (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process individual user information such as browser and location data as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.
In some cases, cookies are used to simplify the ordering process by storing settings (for example, remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as individual cookies implemented by us also process personal data, processing according to Art. 6 para. 1 lit. b GDPR either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f GDPR for the protection of our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
We may work with advertising partners, who help us, to make our website more interesting for you. For this purpose, cookies from partner companies will also be stored on your hard drive when you visit our website (Third-party cookies). If we cooperate with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in the following paragraphs.
Please note that you can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or can exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the Help menu of each browser, which explains how to change your cookie settings.
If you do not accept cookies, the functionality of our website may be limited.
VI. Contact form and email contact
1. Description and scope of the data processing
A contact form is available on our website which can be used if you want to contact us electronically. When a user makes use of the contact form, the data he enters in the form is transferred to us and we store this data. This data includes - depending on how and to which extent it is entered by the user - :
(2) first name
(5) telephone/ fax
(7) concerns and text message
In addition, the following data is stored at the time you send us the message:
(1) IP address of the user
(2) Date and time of registration
Alternatively, you can contact us via the email address indicated on our website. In this case, we store the personal data of the user which is transferred in his email.
The so transferred data is not disclosed or transferred to third parties. The data is exclusively used for processing the conversation.
2. Legal basis for the data processing
The legal basis for the processing of the data is Art. 6 subs. 1 a) GDPR when the user has given his consent to the processing.
The legal basis for the processing of the data that is transferred in the context of an email sent to us is Art. 6 subs. 1 f) GDPR. Where the email contact is established for the purpose of concluding a contract, Art. 6 subs. 1 b) GDPR constitutes an additional legal basis.
3. Purpose of the data processing
The processing of the personal data entered in the form exclusively serves to process your contact request. If you contact us by email, this constitutes at the same time the required legitimate interest in the processing of the data.
The other personal data processed during email transmission serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data is erased when and as soon as it is no longer needed to achieve the purpose of the data collection. In the case of personal data collected from the contact form or personal data transferred to us by email, the data is erased when and as soon as the relevant conversation with the user is terminated. The conversation is deemed terminated when it can be concluded from the specific circumstances of the case that the issue in question has been finally settled.
The additional personal data collected during email transmission is erased after seven days at the latest.
5. Opposition and elimination
The user has the right to withdraw his consent to the processing of the personal data at any time. When the user contacts us by email, he can oppose the storage of his personal data at any time. In this case, the conversation cannot be continued.
In this case, all personal data that was stored in the context of contacting us is erased. VII. Web analysis by google analytics
We use Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043 USA), hereinafter referred to as "Google", on our site.
The software sets a cookie on the computer of the users (for cookies see above). If individual pages of our website are called, the following data is stored:
(1) Information about the browser type and version used
(2) used operating system
(4) IP adress
(5) Date and time of access
(6) Website accessed by the user's system through our website
The information generated by these cookies, such as the time, location and frequency of your website visit, including your IP address, is transmitted to Google in the United States and stored there.
In this case, your IP address will already be shortened and thus anonymised by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
On our behalf, Google will use this information to evaluate your use of our site, to compile reports on website activity for us, and to provide other services related to website activity and internet usage.
The legal basis for the use of Google Analytics is § 15 para. 3 TMG or Art. 6 para. 1 lit. f GDPR.
Google transmits this information only to third parties, if this is required by law or if third parties process this data on behalf of Google. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. The data sent by us and linked to cookies, user IDs or advertising IDs will be automatically deleted after 14 months. The deletion of data whose retention period has been reached is done automatically once a month.
By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.
In addition, Google offers a deactivation option for the most popular browsers, giving you more control over what data Google collects and processes. If you enable this option, website visit information will not be sent to Google Analytics. Activation does not prevent information from being transmitted to us or any other web analytics services we may use. For more information about Google's opt-out option and to enable this option, please visit the link below: https://tools.google.com/dlpage/gaoptout?hl=en
For more information about terms of service and privacy related to google analytics, please visit:
VIII. Social Media (youtube)
We cannot only be found on our website but also in various social media. If you visit any of these sites, personal data might be transferred to the provider of the social network. In addition to the data which you have deliberately entered in that social medium, also other data and information may be collected, processed or used by the provider of the social network. This provider might collect, process and use the most important data of the computer system from which you access the social media site such as your IP address, the type of processor used and the browser version including plug-ins. If, while visiting such a social medium, you are logged in to your personal user account with the relevant provider, the latter can automatically allocate the visit to this account. If you do not want such an allocation to be made, you have to log out from your account before you visit the website.
IX. YouTube components with enhanced data protection mode
On our website, we use components (videos) of YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, which is a company of Google Inc.
Here, we use the option provided by YouTube “enhanced data protection mode”. As soon as you access a page which contains an embedded video, a connection is established to the YouTube servers and the content is presented on the Internet page through an appropriate message to your browser. Pursuant to the information provided by YouTube, only data is transferred to the YouTube server in the “enhanced data protection mode” including in particular the information from which of our Internet pages you are viewing the video. Only when you are logged in to YouTube at the same time, this information will be allocated to your YouTube member account. You can prevent this allocation by logging out from your member account before you visit our website.
Further information on data protection by YouTube/Google is available in sec. VIII. X. Rights of the data subjects
When your personal data is processed, you are a data subject in terms of the GDPR and you are entitled to the following rights in the relationship with the controller: 1. Right to information/ access
You have the right to request from the controller a confirmation whether personal data concerning you is processed by us.
If such personal data is processed, you have the right to request from the controller information about the following:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data which are processed;
(3) the recipients resp. the categories of recipients to whom personal data concerning you has been or will still be disclosed;
(4) the scheduled duration of storage of the personal data concerning you or, where no detailed information can be provided on this point, the criteria for the determination of the duration of storage;
(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of the processing by the controller or a right to object to this processing;
(6) the existence of a right to lodge a complaint with a supervisory authority; (7) all information available on the origin of the data where the personal data is not collected from the data subject;
(8) the existence of an automated decision-making procedure including profiling according to Art. 22 subs. 1 and 4 GDPR and – at least in these cases – sound information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or an international organisation. In this context, you have the right to request information about appropriate safeguards in terms of Art. 46 GDPR provided in connection with the transfer.
2. Right to rectification
You have the right to rectification and/or completion by the controller if the personal data concerning you which is processed is inaccurate or incomplete. The controller is obliged to rectify the data without undue delay.
3. Right to restriction of the processing
You have the right to request restriction of the processing of the personal data concerning you where any of the following applies:
(1) the accuracy of the personal data concerning you is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
(4) you have objected to processing pursuant to Article 21 subs. 1 GDPR pending the verification whether the legitimate grounds of the controller override the grounds you rely on.
Where the processing of your personal data was restricted, your personal data may only be processed, with the exception of storage, with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. Where the processing was restricted according to the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Obligation to erase
You have the right to request from the controller erasure of personal data concerning you without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) you withdraw the consent on which the processing was based according to Article 6 subs. 1 a) or Art. 9 subs. 2 a) GDPR, and there is no other legal ground for the processing;
(3) you object to the processing pursuant to Article 21 subs. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 subs. 2 GDPR;
(4) your personal data has been unlawfully processed;
(5) our personal data has to be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject;
(6) your personal data has been collected in relation to the offer of information society services referred to in Article 8 subs. 1 GDPR.
b) Notification of third parties
Where the controller has made your personal data public and is obliged pursuant to Art. 17 subs. 1 GDPR to erase this personal data, the controller, taking account of available technology and the cost of implementation, is obliged to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.
The right to erasure does not apply to the extent that the processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 subs. 2 h) and i) and Art. 9 subs. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 subs. 1 GDPR in so far as the right referred to under a) above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) or the establishment, exercise or defence of legal claims.
5. Right to be notified
When you have asserted your right to rectification, erasure or restriction of processing against the controller, the latter is obliged to communicate this rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to request the controller to inform you of the aforesaid data recipients. 6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. Moreover, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where:
(1) the processing is based on consent pursuant to Art. 6 subs. 1 a) GDPR or Art. 9 subs. 2 a) GDPR or on a contract pursuant to Art. 6 subs. 1 b) GDPR, and (2) the processing is carried out by automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The exercise of this right must however not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 subs. 1 e) or f) GDPR, including profiling based on those provisions.
In this case, the controller will no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw your consent given under data protection law You have the right to withdraw your consent given under data protection law at any time. The withdrawal of consent does not affect the lawfulness of the processing that has taken place based on this consent until the time of the withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
(1) is necessary for entering into, or for the performance of, a contract between you and a data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions must not be based on special categories of personal data referred to in Art. 9 subs. 1 GDPR unless Art. 9 subs. 2 a) or g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests have been implemented.
In the cases referred to in subs. (1) and (3), the controller is obliged to implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this GDPR. The supervisory authority with which the complaint has been lodged is obliged to inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.