DATA PROTECTION DECLARATION
DATA PROTECTION DECLARATION IN ACCORDANCE WITH THE DSGVO
Status: March 2022
A. GENERAL INFORMATION
The controller according to Art. 4 No. 7 of the General Data Protection Regulation (GDPR) is
Am Brühl 6
T: +49 8274 51-0
info (at) surteco.com
Legal notice: https://www.surteco.com/impressum/
Contact details of the Data Protection Officer
Our Data Protection Officer can be reached at the following contact details:
Mailing address: To the Data Protection Officer
SURTECO GROUP SE
Telephone: +49 8274 99 88-0
E-mail address: datenschutz (at) surteco.com
Types of data processed
When visiting and using our online offer, personal data is processed. Personal data is all data that can be related to you personally, e.g. name, address, e-mail address. If you provide us with personal data, we will store and use your data in accordance with the legal requirements, e.g. for contract fulfilment, answering inquiries or pre-contractual measures. Furthermore, when visiting our website, in particular usage data, e.g. access times, websites visited, and metadata, e.g. IP addresses, information about the operating system and Internet service providers, can be processed.
Legal basis for the processing of personal data
Your data will only be processed if there is a legal basis in Art. 6 Para. 1 GDPR, in particular
- if you have given your consent in accordance with Art. 6 Para. 1 lit. a GDPR,
- for the fulfilment of a contract or for the implementation of a pre-contractual measure pursuant to Art. 6 Para. 1 lit. b GDPR. This also applies to processing operations that are necessary to carry out pre-contractual measures,
- to fulfil a legal obligation to which our company is subject pursuant to Art. 6 Para. 1 lit. c GDPR,
- to safeguard a legitimate interest of our company or a third party pursuant to Art. 6 Para. 1 lit. f GDPR, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest.
Data transfer, Transfer to other countries
Transfer of data to processors and third parties
If we disclose data to other persons and companies (contract processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission, in particular if
- you have expressly consented to this,
- a transfer of the data to third parties, such as payment service providers, in accordance with Art. 6 Para. 1 lit. b GDPR is necessary for the fulfilment of the contract or for the implementation of pre-contractual measures,
- a legal obligation provides for this in accordance with Art. 6 Para. 1 lit. c GDPR,
- the disclosure is necessary to protect our legitimate interests (e.g. when using commissioned third parties, web hosts, etc.) as well as to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding, legitimate interest in not disclosing your data.
If we commission third parties with the processing of data on the basis of a so-called “order data processing contract”, then this is done in accordance with Art. 28 GDPR.
Transfers to third countries
If we lawfully process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this takes place in the context of the use of third-party services or disclosure or transmission of data to third parties, this will only take place if the special requirements of Art. 44 et seq. GDPR are met. The processing takes place in particular on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to that of the EU or the conclusion of the EU standard data protection clauses.
Rights of data subjects
If personal data is processed, you as the data subject have the following rights vis-a-vis us:
- Right to information pursuant to Art. 15 GDPR,
- Right to rectification pursuant to Art. 16 GDPR
- Right to erasure pursuant to Art. 17 GDPR
- Right to restriction of processing pursuant to Art. 18 GDPR
- Right to data portability pursuant to Art. 20 GDPR
- Right to object to the processing pursuant to Art. 21 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, pursuant to Art. 77 GDPR, if you consider that the processing of personal data concerning you infringes the GDPR.
The responsible supervisory authority can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
The supervisory authority responsible for us is the
Bavarian State Office for Data Protection Supervision
E-mail: poststelle (at) lda.bayern.de
Right of revocation and right to object
Objection to the processing of your data
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 Para. 1 lit. e or f GDPR, in accordance with Art. 21 GDPR. This is the case if the processing is not necessary, in particular, for the performance of a contract with you. When exercising your right to object, we ask you to explain the reasons why your personal data should not be processed as we have done. In the event of a justified objection, we will discontinue or adapt the data processing or prove to you compelling legitimate reasons for the continuation of the processing that outweigh your interests, rights and freedoms or serve to assert, exercise or defend legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Right to revoke consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of such consent does not affect the legality of the processing carried out on the basis of the consent up until the revocation.
3. You can inform us about your objection or revocation using the above contact details.
Deletion of data and storage duration
No automated decision-making, including profiling
We do not intend to use any personal data collected from you for any automated decision making process (including profiling).
B. INDIVIDUAL DATA PROCESSING
Collection of personal data when using our website for information purposes
In the case of purely informational use of our website, i.e. if you do not log in to use the website, register or provide us with further information in the context of using a service offered, our system automatically collects data and information that your browser transmits to enable you to visit the website. This data is also stored in the log files of our system. A linkage with other visitor data does not take place. The legal basis for the temporary storage is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the provision of the core functionalities of the website, which are absolutely necessary for a qualitative, secure and stable website operation.
The following data is collected here:
- Anonymised IP address
- The accessed website
- The website from which the user reached the accessed website (referrer)
- The subpages that are accessed from the accessed website
- The length of stay on the website
- The frequency of access to the website
- Date and time of the request
- Websites that are accessed by the user's system via our website
As part of the use of our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the user's protection against misuse and other unauthorised use.
The log files will be deleted as soon as the purpose of their data processing has been achieved and further processing is no longer necessary.
The hosting services of our third-party provider used by us are used to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this website. The legal basis for this is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest also lies in the functional and secure provision of this website.
We use the following types of cookies on our website:
Temporary cookies Permanent cookies Third-party cookies
Temporary cookies incl. “session cookies” or “transient cookies” are cookies that are deleted after a user leaves an online offer and closes the user’s browser. In such a cookie, for example, the content of a shopping cart in an online shop or login status can be stored.
Cookies are referred to as “permanent” or “persistent”, which remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days.
“Third-party cookies” are offered by providers other than the party responsible for operating the online offer (otherwise, if it is only their cookies, we speak of “first-party cookies”).
If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser.
Please note that not all functions of this online offer may then be able to be used.
If you actively contact us, by e-mail, contact form or phone call, the personal data you provide will be collected and processed to process your request. This includes, in particular, your name and contact details (e-mail address, address, mobile phone number) as well as other information transmitted by you.
The legal basis for this is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the processing of the request. If your contact is aimed at the conclusion or execution of a contract, the legal basis is Art. 6 Para. 1 lit. b GDPR.
We will delete e-mail inquiries and other contacts within a reasonable period of time, within which it is no longer expected that a contract or the like will be concluded.
On our website you have the opportunity to subscribe to our free e-mail newsletter for various areas of interest.
(1) When registering for our newsletter, we use the so-called double opt-in procedure. After registration, we will send you a confirmation e-mail to the specified e-mail address, in which we would like you to confirm the sending of newsletters.
(2) When registering, we process the date and time as well as your IP address in addition to the e-mail address. The e-mail address is required for the delivery of the newsletter, while the collection of further data serves to prevent misuse of the services or the e-mail address.
(3) The legal basis for data processing in the context of the newsletter is Art. 6 Para. 1 lit. a GDPR.
(4) You can revoke your consent at any time by clicking on the unsubscribe link provided in each newsletter or using our contact details mentioned above. The legality of the data processing carried out until then is not affected by the revocation.
In the event of revocation, we may store the necessary information taken during subscribing and unsubscribing in a block list to avoid possible consent-free e-mail advertising.
If you have given your consent, Google Analytics, a web analysis service of Google LLC, is used on this website. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
(1) Scope of processing
We use the User-ID function. With the help of the User ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse user behaviour across devices.
We use Google Signals. As a result, Google Analytics collects additional information about users who have activated personalised ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.
We use the function ‘anonymizeIp' (so-called IP masking): Due to the activation of IP anonymisation on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, the following data is collected, among others:
- The pages you have accessed, your “click path”
- Achievement of “website goals” (conversions, e.g. newsletter registrations, downloads, purchases)
- Your user behaviour (e.g. clicks, length of stay, bounce rates)
- Your approximate location (region)
- Your IP address (in abbreviated form)
- Technical information about your browser and the devices you use (e.g. language setting, screen resolution)
- Your Internet provider
- The referrer URL (via which website / advertising medium you came to this website)
(2) Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activities. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.
The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as the processor. For this purpose, we have concluded an order data processing contract with Google. Google LLC, based in California, USA, and, if applicable, US authorities can access the data stored by Google.
(4) Transfer to third countries
A transfer of data to the USA cannot be ruled out.
(5) Storage period
The data sent by us and linked to cookies will be automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.
In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) being sent to Google and the processing of this data by Google by
a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on for deactivating Google Analytics available HERE.
You can also prevent the storage of cookies by setting your browser software accordingly. However, if you configure your browser in such a way that all cookies are rejected, functionalities on this and other websites may be restricted.
(6) Legal basis and possibility of revocation
The legal basis for this data processing is your consent, Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by calling up the consent settings and changing your selection there.
Google Tag Manager
The legal basis is our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR. This is due to the need-based design in terms of effective control of the implementation of tags as well as the optimisation of the service.
The service provider for Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). For this purpose, we have concluded an order processing contract with Google. Google LLC, based in California, USA, and, if applicable, US authorities can access the data stored by Google. Further information is available at: https://marketingplatform.google.com and https://policies.google.com/privacy.
LinkedAdd Insight tag (LinkedIn Pixel)
(1) We use the so-called LinkedIn Insight tag (or LinkedIn Pixel) on our website. The service provider responsible for the EU is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
The legal basis is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.
(2) By integrating the LinkedIn Insight tag, your browser automatically establishes a direct connection to the LinkedIn server, both when visiting the LinkedIn website and from websites that have the LinkedIn Insight tag installed. LinkedIn and we are jointly responsible for the collection of your usage data when you visit our website and the transmission to the provider, but LinkedIn is solely responsible for the relevant processing for the implementation of the described goals after the transmission of the data.
We have no influence on the extent and nature of the use of the data by LinkedIn, we can therefore only inform you to the extent of our own knowledge: By integrating the LinkedIn Insight tag, LinkedIn receives the information that you have accessed the corresponding website of our website or clicked on an ad from us. If you are registered with a LinkedIn service, LinkedIn can assign the visit to your account. Even if you are not registered with LinkedIn or have not logged in, there is a possibility that the provider will learn your IP address, time slot, and other identifiers and link them to the actions associated with you. The data will be deleted after 90 days.
We have no access to the personal data processed by LinkedIn. We only receive the statistics generated from this in anonymous form.
LinkedIn also processes your personal data in the USA and has imposed a standard that corresponds to the former EU-US Privacy Shield.
(3) The legal basis for the processing of your data is Art. 6 Para. 1 lit. a GDPR and this means that the integration takes place only with your consent. You can revoke your consent at any time, and the easiest way to do this is via our consent tool.
In addition, the deactivation of the LinkedIn Insight tag and other advertising objections is available in the settings for advertisements under www.linkedin.com/help/linkedin/answer/62931?trk=microsites-frontend_legal_privacy-policy&lang=en as well as under www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Further setting options and information can be found in the LinkedIn Privacy Center: https://privacy.linkedin.com/de-de?lr=1/ .
(5) For more information about the LinkedIn Insight day, visit https://business.linkedin.com/de-de/marketing-solutions/insight-tag?lr=1/ and about data processing by LinkedIn in the data protection information at www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy/ .
Facebook Marketing Services (Facebook Pixel, Conversion Tracking, Custom Audiences)
Within our website, we use so-called “Facebook Pixel” and related marketing services of the social network Facebook for the purpose of analysis, optimisation and economic operation of our online offer. The service provider responsible for the EU is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter “Facebook”).
The legal basis is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.
(1) The following data processing takes place:
Facebook Pixel enables Facebook to target the visitors of our online offer as a target group for the display of advertisements (so-called. “Facebook ads”), by allowing us to track your actions after you have viewed or clicked on an ad on Facebook. Accordingly, we use the Facebook Pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook.
With Facebook Pixel we also want to make sure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. Facebook Pixel also allows us to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
Furthermore, when using Facebook Pixel, we use the additional function “extended matching” (here, data such as telephone numbers, email addresses of newsletter recipients or Facebook IDs of users) to create target groups (“Custom Audiences” or “Look Alike Audiences”) transmitted to Facebook (encrypted).
The upload is used solely to determine the recipients of our Facebook ads. We want to ensure that the ads are only displayed to users who are interested in our information and services.
The data collected in this way is anonymous to us. Facebook stores Facebook's data and processes it, so that it can be connected to your Facebook account and Facebook uses the data for its own advertising purposes in accordance with its Data Usage Policy. This applies to the user name, cookie ID, user ID and advertising ID. Further information on the “extended comparison” can be found at https://www.facebook.com/business/help/611774685654668 .
(2) Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server when you visit our website. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore present the processes known to us: By integrating the Facebook Pixel, Facebook receives the information that you have accessed the corresponding web page of our website or clicked on an ad from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider may find out your IP address and other identifying features and use them to create a profile.
(3) General information on the display of Facebook ads (advertisements) in Facebook's data usage policy can be found at https://www.facebook.com/policy.php . Specific information and details about Facebook Pixel and how it works can be found in Facebook's help section: https://www.facebook.com/business/help/651294705016616.
In addition to the possibility of revoking your consent at any time with effect for the future via our consent banner, you have the following options to object to the collection by Facebook Pixel and to the use of your data for the display of Facebook ads:
To set what types of ads are shown to you within Facebook, you can go to the page set up by Facebook and follow the instructions there about usage-based advertising settings: https://www.facebook.com/settings/ads , https://de-de.facebook.com/help/568137493302217 .
We use YouTube to integrate videos. The responsible provider in Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The legal basis is your consent in accordance with Art. 6 I lit. a GDPR.
As soon as you start a YouTube video on our website, a connection to the YouTube servers is established. The YouTube server will be informed which of our pages you have visited. If you are logged into your Google account, you are enabling YouTube to assign your surfing behaviour directly to your personal profile. Data may be transferred to the USA and linked to other data from other Google services, in particular if you are logged in to your Google account. If such a transmission of this information to YouTube and Google is not desired, you can prevent this transmission by logging out of your Google account before calling up our website.
The processed data includes
- Information about the devices and browsers used (e.g. unique identifiers, IP address, type and settings, operating system, mobile network)
- Your activities (videos viewed, date and time of visit to the page in question, website visited, interactions)
- Location data
We have no influence on the storage period of the data and the further data processing by YouTube and Google.
In order to reduce the data transfer before the actual start of a video, we use the extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, regardless of whether you are watching a video, YouTube establishes a connection to the Google DoubleClick network when you visit our website. We therefore embed the videos on our website in such a way that a transfer of your data to YouTube partners (the Google DoubleClick network) only begins with your consent.
We integrate the interactive maps of the service “Google Maps” on our website to show you interactive maps directly on the website and to enable you to use the map function comfortably. The service provider for Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
In order to ensure data protection on our website, Google Maps is deactivated the first time you visit our website. A direct connection to Google's servers will only be established if you have given your consent in accordance with Art. 6 Para. 1 lit. a GDPR. This prevents your data from being transferred to Google the first time you enter the site.
If you visit a website of our website on which Google Maps is integrated after giving your consent, your browser establishes a direct connection to Google's servers. Information about the use of this website may be transmitted to Google servers in the USA and linked to other data from other Google services, in particular if you are logged in to your Google account.
The data processed includes information about the devices and browsers used (e.g. unique identifier, IP address, date and time of the visit to the page in question, Internet address or the URL of the website accessed) and other user data provided as part of the route planner function (e.g. location data, addresses entered, directions).
The legal basis for data processing is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.
The data transfer takes place regardless of whether Google provides a user account through which you are logged in, or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
We have no influence on the storage period and further data processing by Google.