This Data Privacy Statement will explain the type, extent and purpose of processing of personal data (hereinafter simply referred to as “data”) in our online offer and its associated websites, functions and content, as well as external online presences such as our social media profile (hereinafter referred to collectively as “online offer”). We refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR) in respect of terminology, e.g. “personal data” or its “processing”.
Weber Marking Systems GmbH
Phone: +49 2224 / 77 08 -7101
Commercial Registry No.: HRB Montabaur 11207
Managing Director Eckhard Bluhm
VAT-No.: DE 149530348
Data Protection Officer:
You can contact the Data Protection Officer and the Company at the following e-mail address: firstname.lastname@example.org.
Types of data processed:
- Inventory data (e.g. names, addresses).
- Contact data (e.g. e-mail, telephone numbers).
- Content data (e.g. text input, photos, videos).
- Contract data (e.g. subject matter of contract, term, customer category).
- Usage data (e.g. websites visited, interest in content, access times).
- Meta/communication data (e.g. data on devices, IP addresses).
Processing of special categories of data (Art. 9 Para. 1 GDPR):
No special data categories will in principle be processed, unless such data are submitted by users for processing, e.g. entered in online forms.
Categories of persons affected by processing:
- Customers / interested parties / suppliers.
- Visitors and users of the online offer.
Such affected persons will hereinafter be referred to as “users”.
Purpose of processing:
- Making available the online offer, its content and functions.
- Provisioning of contractual performances and services and customer care.
- Response to contact requests and communication with users.
- Marketing, advertising and market research.
- Security measures
Version: 23 January 2019
1. Definitive legal bases
Pursuant to Art. 13 GDPR, we hereby inform you of the legal bases of our data processing. The following shall apply unless the legal basis is named in the Data Privacy Statement: The legal basis for obtainment of consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR; the legal basis for processing to allow us to perform our services and carry out contractual tasks, also to respond to requests, is Art. 6 Para. 1 lit. b GDPR, the legal basis for processing to allow us to fulfil our legal obligations is Art. 6 Para. 1 lit. c GDPR and the legal basis for processing to protect our legitimate interests is Art. 6 Para. 1 lit. f GDPR. Should the vital interests of the affected person or another natural person require processing of personal data, then Art. 6 Para. 1 lit. d GDPR shall serve as the legal basis.
2. Changes and updating of the Data Privacy Statement
We request you to keep abreast of the content of our Data Privacy Statement. We reserve the right to adapt the Data Privacy Statement as demanded by changes to our data processing. We will inform you as soon as changes require your cooperation (e.g. consent) or if another specific notification is required.
3. Security measures
- We will take appropriate technical and organisational measures as required by Art. 32 GDPR, taking into account technical options, the cost of implementation and the type, extent, circumstances and purposes of processing, also the likelihood of occurrence and severity of risks to the rights and freedoms of natural persons, in order to guarantee a reasonable level of risk protection. Measures will in particular include the assurance of confidentiality, integrity and availability of data based on control of physical access to data including control of associated data availability, input, disclosure and separation. We have furthermore introduced processes to ensure that the rights of persons concerned, appropriate deletion of data and response to risks to the data are observed. We also take into consideration the protection of personal data during the development phase already, i.e. in the selection of hardware, software and processes, in compliance with the principle of data protection through technical design and data protection by default (Art. 25 GDPR).
- Security measures include especially encryption of data transmitted between your browser and our server.
4. Cooperation with order processors and third parties
- To the extent that we disclose or pass on data to other persons and companies (order processors or third parties) or allow other entities to access data within the framework of processing, this shall be contingent upon regulatory stipulations (e.g. when passing on of data to third parties such as providers of payment services is required under the contract, pursuant to Art. 6 Para. 1 lit. b GDPR), upon your consent, upon mandatory disclosure or when required based on our legitimate interests (e.g. when deploying representatives, Web hosts, etc.).
- Insofar as we commission third parties with data processing under a so-called “Order processing agreement”, this will be in compliance with Art. 28 GDPR.
5. Transfer to third countries
Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if such processing involves utilising the services of third parties or disclosure or transfer of data to third parties, this will be contingent upon fulfilment of our (pre)contractual obligations, upon your consent, upon regulatory obligations or upon our legitimate interests. We will, in the absence of legal or contractual permissions, never process data or have data processed in a third country unless the special prerequisites under Art. 44 et seq. GDPR are satisfied. Processing will therefore depend on special guarantees such officially approved compliance with an EU data protection level (e.g. the US Privacy Shield), for instance, or on compliance with officially recognised special contractual obligations (so-called “Standard contract clauses”).
6. Rights of affected persons
- You have a right to demand confirmation of processing of the specific data and to demand information about these data, also additional information and copies of the data, pursuant to Art. 15 GDPR.
- You are entitled pursuant to Art. 16 GDPR to demand completion of your personal data or correction to errors in such data.
- Pursuant to Art. 17 GDPR you are entitled to request immediate deletion of relevant data, or - pursuant to Art. 18 GDPR - alternatively request limited data processing.
- Art. 20 GDPR states that you are entitled to request that the data you provided us be returned and to demand their transfer to other responsible entities.
- Art. 77 GDPR states that you are also entitled to lodge a complaint with the responsible regulatory authority.
7. Right of revocation
Art. 7 Para. 3 GDPR states that you also have the right to revoke a consent you may have given.
8. Right of objection
Art. 21 GDPR also states that you may at any time object to processing of your data in future. Your objection may in particular also be to processing for the purpose of direct advertising.
9. Cookies and the right of objection to direct advertising
10. Deletion of data
We will delete the processed data or limit processing pursuant to Art. 17 and 18 GDPR. Unless explicitly stated otherwise in this Data Privacy Statement, our stored data will be deleted when they are no longer needed for their designated purpose, unless such deletion is in breach of legal obligations to retain the data. Data processing will be limited should the data need to be retained for other purposes permitted by law. The data will thus be blocked for processing for other purposes. This will apply to data that must be stored for commercial or fiscal purposes, for instance.
11. Contacting us
- We will process the data you provide when you contact us (via Contact form or e-mail) pursuant to Art. 6 Para. 1 lit. b) GDPR in order to respond to your request.
- User data may be stored in our Customer Relationship Management (CRM) system or similar request handling organisation.
12. Comments and contributions in the Blog
- Our legitimate interests in terms of Art. 6 Para. 1 lit. f. GDPR allow us to store user comments or other contributions for 7 days.
- This is for our safety in case someone submits comments and contributions with unlawful content (libel, prohibited political propaganda, etc.). Since we may in such cases be held liable for such comments or contributions we need to know the author’s identity.
13. Recording of access data and log files
- Our legitimate interests in terms of Art. 6 Para. 1 lit. f. GDPR, allow us to collect data on every access to the server that provides this service (server log files). Access data includes the name of the website called up, the file, date and time of access, the transferred volume of data, a message about successful access, the browser type and version, the user’s operating system, the referring URL (previous page visited), the IP address and the requesting provider.
- Log file information will be stored for up to seven days for safety (e.g. clearing up cases of abuse or fraud), before subsequent deletion. Data required for verification purposes will not be deleted until final clarification of the relevant incident.
14. Online presences in social media
- We maintain an online presence via social networks and platforms for communication with their active clients, interested parties and users and to inform these about our services. The terms and conditions and data processing guidelines of the operators of networks and platforms you may visit will apply when you access them.
- Unless otherwise stipulated within the framework of our Data Privacy Statement, we will process the data of users communicating with us via social networks and platforms typically by, for instance, writing contributions on our online presences or by sending us messages.
15. Cookies & reach measurement
- Cookies are information transferred from our or third party Web servers to the Web browsers of users, where they will be stored for later use. Cookies may be small files or other types of stored information.
- We use session cookies that are stored only for the duration of the visit to our online presence (e.g. to allow storage of your login status and use of our online offer). A randomly generated unique identification number will be stored in a session cookie - the session ID. A cookie also contains data about its origin and storage time. These cookies cannot store other data. Session cookies are erased as soon as your visit to our website ends, i.e. when you log out or close your browser.
- Users who do not wish to have cookies stored on their computer are advised to deactivate the relevant option in the system settings of their browser. Stored cookies may also be erased in the browser system settings. The functions of this website may be restricted when cookies are blocked.
16. Google Analytics
- Google’s certification under the Privacy Shield Agreement guarantees compliance with the European Data Privacy Law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- We have commissioned Google to use this information to evaluate the usage of our website by users, to compile reports on website activities within the online offer and to provide us with further services related to the usage of this online offer and the Internet. The processed data may be used to compile pseudonymous profiles of utilisation by users.
- We use Google Analytics to restrict adverts placed by advertising services of Google and its partners to users who are interested in our online offer or who have certain traits (e.g. interest in certain topics or products established via the visited websites) that we pass on to Google (“Remarketing” or “Google Analytics audiences”). Remarketing Audiences also helps us to ensure that our adverts will match a user’s potential interest and not annoy him.
- We use Google Analytics exclusively with IP anonymisation activated. This means the IP address of a user will, within the EU member states or in other signatories of the Treaty on the European Economic Area, be abbreviated by Google. Only by exception will a full IP address be transmitted to a Google server in the US for abbreviation.
- The IP address transmitted by the user’s browser will not be linked to other Google data. Users may block the storage of cookies via a setting in their browser software; users may also download and install the browser plugin available under the link below to prevent the cookie from collecting data related to their use of the online offer and transmitting these data to Google for processing: https://tools.google.com/dlpage/gaoptout.
- For further information on data usage by Google, settings and options for objection, please refer to Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Data usage by Google when you use our partners websites or Apps”), https://policies.google.com/technologies/ads (“Data usage for advertising purposes”), https://adssettings.google.com/authenticated (“Administrating information Google uses to display advertising to you”).
17. Google Re/Marketing services
- Our legitimate interests (i.e. interest in the analysis, optimisation and commercial operation of our online offer pursuant to Art. 6 Para. 1 lit. f. GDPR) allow us to make use of the Marketing and Remarketing services (“Google Marketing Services”) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, (“Google”).
- Google’s certification under the Privacy Shield Agreement guarantees compliance with the European Data Privacy Law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- Google Marketing Services allow us to target advertisements for and on our website more specifically in order to ensure that users will only be shown adverts that are of potential interest to them. When a user is, for instance, shown adverts for products he showed an interest in on other websites, this is then referred to as "Remarketing". When our and other websites with active Google Marketing Services are called up, Google will thus directly generate a code and (Re)marketing tags (hidden graphics or codes also referred to as "Web beacons") will be integrated into the website. This will be used to store an individual cookie, i.e. a small file on the user’s device (similar technologies may also be used instead of cookies). The cookies may be placed by different domains, among other by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records the websites a user visits, the content he is interested in and the offers he has clicked on, also technical information on the browser and operating system, referring websites, time of visits and other information for use of the online offer. The users’ IP address will also be recorded, but the IP address will, within the Google Analytics framework, be abbreviated within EU member states or other signatories to the Treaty on the European Economic Area and will be transmitted unabbreviated to a Google server in the US for shortening there only in exceptional cases. The IP address will not be linked to user data within other Google offers. Google may also link the aforementioned information with such information from other sources. Advertisements of interest to the user may then be displayed on other websites he may subsequently visit.
- Google Marketing Services will process user data pseudonymized. Google will thus for instance not store and process the user’s name or e-mail address but only relevant cookie-related data within pseudonymized user profiles. From the Google perspective, the adverts will thus not be processed and displayed to a specific identified person but to the owner of the cookie, irrespective of who this owner may be. This will not apply if a user explicitly allows Google to process the data without pseudonymization. The user information collected by Google Marketing Services will be transmitted to Google and stored on Google’s servers in the US.
- The Google Marketing Services we use includes the online advertising programme “Google AdWords”, among other. For Google AdWords, each AdWords client will receive an own “Conversion Cookie”. Cookies can thus not be tracked via the AdWords client websites. Information collected via cookies is used to compile Conversion Statistics for AdWords clients who opted for Conversion Tracking. AdWords clients will be informed of the total number of users who clicked on their advertisement and were navigated to a Web page with a Conversion Tracking tag. They will not, however, receive any information allowing personal identification of a user.
- We may also use the “Google Optimizer” service. Based on “A/B Testing”, Google Optimizer helps us understand the effect of various website changes (e.g. changing the input fields, designs, etc.). Cookies will be stored on user devices for the purpose of such tests. Only pseudonymized user data will be processed.
- We may furthermore also use the “Google Tag Manager” to integrate the Google Analysis and Marketing Services into our website and administrate this.
- Please visit the overview page for further information on Google’s use of data for marketing purposes: https://policies.google.com/technologies/ads, Google’s Data Privacy Statement can be found under https://policies.google.com/privacy.
- Please refer to the Setting and Opt-out options offered by Google to object to interest-based advertising by Google Marketing Services: https://adssettings.google.com/authenticated.
- The content of our Newsletter is described below as well as registration, dispatch and statistical evaluation and your right of objection. By subscribing to our Newsletter, you agree to its receipt and with the procedures described.
- Content of the Newsletter: We will not send out Newsletters, e-mails and other electronic notifications containing promotional information (hereinafter referred to as “Newsletter”) unless with the consent of the recipients or with legal permission. Insofar as the content of the Newsletter is clearly described on registration, this shall be deemed agreed to by the user. Our Newsletters will for the rest contain information about our products, offers, campaigns and our company.
- Double Opt-In and logging: Registration for our Newsletter is always via a Double Opt-In procedure. After registering, you will therefore receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent someone else registering with false e-mail addresses. Registrations for the Newsletter will be logged to verify registration, pursuant to regulatory requirements. This includes storage of the time of registration and confirmation and the IP address. Changes to your data as stored at the mail service provider will also be logged.
- Mail service provider: Newsletters are dispatched via Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany, hereinafter referred to as “mail service provider”. The Data Privacy Regulations of the mail service provider are available at: https://www.inxmail.com/data-conditions.
- The mail service provider furthermore states that he uses these data under a pseudonym, i.e. with no user named, to optimise or improve his own services, e.g. for technical optimisation of dispatch and presentation of the newsletters or for statistical purposes, to establish the countries of the recipients. The mail service provider will not, however, use data of our Newsletter recipients to correspond with them directly or pass on the data to third persons.
- Registration data: Your e-mail address will suffice when you register for the Newsletter. We also request you to voluntarily furnish a name, company name and address and your line of business for purposes of addressing you personally and reflecting relevancies in the Newsletter.
- Performance measurement: The Newsletters contain web beacons, i.e. a pixel-sized file called up by the mail service provider server when the Newsletter is opened. This process initially collects technical information such as browser and system data as well as your IP address and the time of access. This information is used for technical improvement of services based on technical data or target groups and their reading habits, based on the locations (definable via the IP addresses) and times of access. Statistical data also comprises information on if and when the Newsletters are opened and which links are clicked. Although this information is for technical reasons assignable to individual Newsletter recipients, neither us nor the mail service provider intend to observe individual users. The analyses rather serve to enable us to identify the reading habits of our users in order to adapt our content accordingly or to offer different content depending on the interest of our users.
- Bluhm Systeme GmbH in Germany: Mailing of the Newsletter and the performance measurement are subject to the consent of the recipient, pursuant to Art. 6 Para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 Para. 2 No. 3 UWG [German Fair Trade Law] or subject to legal permission as per § 7 Para. 3 UWG.
- Bluhm Systeme GmbH in Austria: Mailing of the Newsletter and the performance measurement are subject to the consent of the recipient, pursuant to Art. 6 Para. 1 lit. a, Art. 7 GDPR in conjunction with § 107 Para. 2 TKG [Austrian Telecommunications Act] or subject to legal permission as per § 107 Para. 2 and 3 TKG.
- The registration process will be logged based on our legitimate interests as per Art. 6 Para. 1 lit. f GDPR and serves to verify your consent to receipt of the Newsletter.
- Cancellation/Revocation: You may cancel receipt of our Newsletter at any time, i.e. you may revoke your consent. Every Newsletter has a link for cancellation at its end. The personal data of users will be deleted if they have registered for the Newsletter only and cancel registration.
19. Linking of third party services and content
- We will, based on our legitimate interests (i.e. interest in analysis, optimisation and commercial operation of our online offer in terms of Art. 6 Para. 1 lit. f. GDPR), make use of and link third party content or services such as videos or fonts (hereinafter referred to collectively as “content”). This always implies that the third party owners of such content must know the users’ IP addresses, since they need this to send content to their browsers. The IP address is thus necessary for presentation of such content. We endeavour to use only suppliers who will use the IP address exclusively for delivery of content. Third party suppliers may also use pixel tags (hidden graphics, also called “Web beacons”) for statistical or marketing purposes. Pixel tags may be used to assess visitor traffic on the pages of this website. Cookies may furthermore store the pseudonymized information on the users’ devices, containing, among other, technical information on the browser and operating system, referring websites, visiting times and other information on the use of our online offer and may also be linked to such information from other sources.
- The figure below gives an overview of third party suppliers and their content, also links to their data privacy statements containing further information on data processing and, as already mentioned, options for objection (Opt-Out):
- External Google fonts by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland., www.google.com/fonts (“Google Fonts”). Google fonts are linked via a Google server (normally in the US). Data privacy statement: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
- “Google Maps” service by third party provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data privacy statement: www.google.com/policies/privacy/, Opt-Out: www.google.com/settings/ads/.
- Google+ service functions have been integrated into our online offer. These functions are provided by third party provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You may click on the Google+ button when logged onto your Google+ account to link the content of our Web page to your Google+ profile. Google will then be able to assign your visit to our Web pages to your user account. We must point out that we, as the operator of the Web pages, will have no information about the transmitted data or their use by Google+. Data privacy statement: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
- “YouTube” platform videos by third party provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data privacy statement: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
- “Vimeo” platform videos by third party provider Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. Data privacy statement: https://vimeo.com/privacy.
- We make use of the marketing functions (“LinkedIn Insight tag”) of the LinkedIn network in our online offer. The operator is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. A link to LinkedIn servers will be created each time one of our websites with a LinkedIn function is accessed. LinkedIn will be notified that your IP address visited our Web pages. The LinkedIn Insight tag enables us in particular to analyse the success of our campaigns within LinkedIn or to identify target groups for our campaigns based on user interaction. Your registration with LinkedIn will allow the latter to assign your interaction with our online offer to your user account. LinkedIn will also be able to link your visit to our website to your LinkedIn user account if you are logged in at LinkedIn and click the Recommend button. LinkedIn is certified under the Privacy Shield Agreement and compliance with the European Data Privacy Law is in this way guaranteed (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Data privacy statement: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- Our online offer may have links to Twitter platform functions (hereinafter referred to as “Twitter”). Twitter is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions comprise presentation of our Twitter contributions in our online offer, linking to our Twitter profile and the ability to interact with Twitter contributions and functions; also to assess whether users reach our online offer via the advertising we place with Twitter (conversion measurement). Twitter is certified under the Privacy Shield Agreement and compliance with the European Data Privacy Law is in this way guaranteed (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Data privacy statement: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.