Privacy Statement Föhrenbach GmbH

Data protection information

Responsible party

The responsible party within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

Föhrenbach GmbH
Lindenstrasse 34
D-79843 Löffingen-Unadingen
Tel.: +49 7707 159 0
Fax: +49 7707 159 80
Email: info@foehrenbach.com

Data protection officer

We have appointed the following person as our data protection officer:

Ralf Heimburger
Email: datenschutz@foehrenbach.com

Your rights as a data subject

You can exercise the following rights at any time in accordance with the EU General Data Protection Regulation (GDPR) using the contact details provided:

Information about your data stored by us and its processing (Art. 15 GDPR),
Correction of inaccurate personal data (Art. 16 GDPR),
Deletion of your data stored by us (Art. 17 GDPR),
Restriction of data processing if we are not yet permitted to delete your data due to legal obligations (Art. 18 GDPR),
Objection to the processing of your data by us (Art. 21 GDPR) and
Data portability, provided that you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).

If you have given us your consent, you can revoke it at any time with effect for the future.

You can lodge a complaint with a supervisory authority at any time, e.g. with the competent supervisory authority of the federal state in which you reside or with the authority responsible for us as the responsible body.

A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Processing activities

Collection of general information when visiting our website

Type and purpose of processing

When you access our website, i.e. if you do not register or otherwise submit information, information of a general nature is collected automatically. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address and similar information.

It is processed for the following purposes in particular:

Ensuring a smooth connection to the website
Ensuring smooth use of the website
Ensuring and evaluating system security and stability, in particular for the detection of misuse
for the technically error-free display and optimisation of the website

We do not use your data to draw conclusions about your person. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

Legal basis and legitimate interest

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website and ensuring system security and misuse detection.

Recipients

The recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage period

Data is stored in server log files in a form that allows the identification of the data subjects for a maximum of 7 days, unless a security-related incident occurs (e.g. a DDoS attack).

In the event of such an incident, server log files will be stored until the security-related incident has been resolved and fully investigated.

Third country transfer The data collected may be transferred to the following third countries: Finland The following data protection guarantees are in place: EU Standard Contractual Clauses (SCC)

Provision mandatory or necessary

The provision of the aforementioned personal data is neither legally nor contractually mandatory. However, without the IP address, the service and functionality of our website cannot be guaranteed. In addition, individual services may be unavailable or restricted.

Objection

Please read the information below about your right to object under Article 21 of the GDPR.

Contacting us

Type and purpose of processing

Our website features a contact form that can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored.

The following data is also stored when the message is sent:

Date and time of the enquiry
URL from which the enquiry was made

You can contact us via the email addresses provided. In this case, the user's personal data transmitted with the email will be stored. This includes the date and time the email was sent, the email address, IP addresses and information about the servers involved in the email communication.

You can contact us via the telephone numbers provided. In this case, we collect log data that includes your telephone number and the duration of the call.

Regardless of the type of communication you choose, we collect the content of your enquiry. Your data is stored for the purpose of individual communication with you.

Legal basis

The data is processed on the basis of a legitimate interest (Art. 6(1)(f) GDPR).

Our legitimate interest in processing your data is to enable you to contact us easily.

If you contact us to request a quote, the data will be processed for the purpose of implementing pre-contractual measures (Art. 6 (1) (b) GDPR).

Recipients

The recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage period

Data will be deleted no later than [please add information] after processing the contact request.

If a contractual relationship is established, we are subject to the statutory retention periods. These are generally 6 or 10 years for reasons of proper accounting and tax law requirements.

Provision mandatory or necessary

The provision of your personal data is voluntary. However, we can only process your enquiry if you provide us with the necessary data and the reason for your enquiry.

Objection

Please read the information below about your right to object under Art. 21 GDPR.

Creating a customer account

Type and purpose of processing

When you register to use our personalised services, we collect some personal data, such as your name, address, contact and communication details, such as your telephone number and email address. Once you have registered with us, you can access content and services that we only offer to registered users. Registered users also have the option of changing or deleting the data provided during registration at any time if necessary. Of course, we will also provide you with information about the personal data we have stored about you at any time. We will be happy to correct or delete this data at your request, provided that there are no legal obligations to retain it. To contact us in this regard, please use the contact details provided at the end of this privacy policy.

Legal basis

The data entered during registration is processed on the basis of the user's consent (Art. 6(1)(a) GDPR).

Recipients

The recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage period

Data will only be processed in this context as long as the relevant consent has been given.

Third country transfer

The data collected may be transferred to the following third countries:

Finland

The following data protection guarantees are in place:

EU Standard Contractual Clauses (SCC)

Provision mandatory or necessary

The creation of a customer account is voluntary. It is advantageous but not necessary for the fulfilment of a contract with you or for the implementation of pre-contractual measures.

Withdrawal of consent

Your customer account can be deleted at any time and can be requested using the contact information listed below.

Data protection in the application process

We process the personal data of applicants exclusively for the purpose of carrying out the application process. This applies to applications sent to us by telephone, post or email. The data processed may include, in particular: contact details (e.g. name, address, telephone number, email address), application documents (e.g. cover letter, CV, references) and other information that you voluntarily provide to us as part of the application process.

Your personal data will be processed on the basis of Art. 6 (1) lit. b GDPR in conjunction with § 26 BDSG (Federal Data Protection Act), insofar as this is necessary for the decision on the establishment of an employment relationship. If consent is required, processing will be carried out on the basis of Art. 6 (1) lit. a GDPR. Your data will only be processed by the persons responsible for the application process and will not be passed on to third parties, unless there is a legal obligation to do so. After completion of the application process, your personal data will be deleted no later than six months after notification of the decision, unless there are legal retention obligations or you have expressly consented to longer storage.

Use of Microsoft Office 365

We use Microsoft Office 365 (hereinafter "Office 365") as a cloud-based service for processing personal data. Office 365 includes applications such as Outlook (email), Word, Excel, PowerPoint, Teams and other services for communication, collaboration and document management. Office 365 is provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Personal data may also be processed in third countries (in particular the USA). Microsoft undertakes to comply with the data protection requirements of the GDPR, in particular by concluding standard contractual clauses in accordance with Art. 46 GDPR and by implementing additional technical and organisational protective measures.

Personal data is processed for the purpose of fulfilling contractual obligations, carrying out internal communication and organisational processes, and safeguarding our legitimate interests in efficient and secure work organisation. The legal basis for processing is Art. 6(1)(b) GDPR, Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Microsoft processes the data exclusively on our behalf and in accordance with our instructions on the basis of a data processing agreement concluded in accordance with Art. 28 GDPR. Personal data will not be passed on to unauthorised third parties. Further information on data protection at Microsoft can be found in Microsoft's privacy policy.

Use of Microsoft 365 Teams

We use Microsoft 365 Teams (hereinafter referred to as "Microsoft Teams") as a platform for online meetings, video conferences, telephone conferences, chats and collaboration in working groups. Microsoft Teams is provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Personal data is processed when using Microsoft Teams. This may include, in particular, inventory data (e.g. name, email address), communication data (e.g. chat histories, audio and video data), content data (e.g. shared files, screen sharing) and usage and metadata (e.g. IP address, device information, time of participation).

Personal data is processed for the purpose of conducting online meetings, internal and external communication, and collaboration. The legal basis for processing is Art. 6(1)(b) GDPR, Art. 6(1)(c) GDPR, and Art. 6(1)(f) GDPR. Where consent is required, processing is based on Art. 6(1)(a) GDPR. Microsoft processes the data as a processor on the basis of a data processing agreement concluded with us in accordance with Art. 28 GDPR and exclusively in accordance with our instructions. Personal data may also be processed in third countries (in particular the USA). The transfer is based on the standard contractual clauses approved by the EU Commission in accordance with Art. 46 GDPR and supplementary technical and organisational measures. Audio and video recordings of meetings are only made if all persons concerned have been informed in advance and there is a corresponding legal basis. Further information on data protection at Microsoft can be found in Microsoft's privacy policy.

Embedded YouTube videos

We embed YouTube videos on some of our web pages. The videos have been embedded in extended data protection mode. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. YouTube is informed which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.

Like most websites, YouTube also uses cookies to collect information about visitors to its website. YouTube uses these cookies to collect video statistics, prevent fraud and improve user-friendliness, among other things. This also leads to a connection being established with the Google DoubleClick network. When you start the video, this may trigger further data processing operations. We have no influence on this. If you have disabled the storage of cookies for the Google Ad programme, you will not have to expect such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser.

Further information on data protection at YouTube can be found in the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy/

Social plugin (Shariff)

We use a social plugin on our website to simplify sharing on the social media sites and providers listed below. You can recognise this functionality by the corresponding logo.

By default, these buttons are deactivated and therefore do not establish contact with the servers of the respective provider. Only when the website visitor activates the buttons and thus declares their consent to communication with the respective provider do the buttons become active and establish the connection (but only for the selected provider). With a second click, the website visitor can then send their recommendation to the social media service. We have integrated the social media buttons of the following companies on our website:

facebook, x, pinterest, reddit

A cookie is a small data file that is created when you visit a website and is temporarily stored on the website visitor's system. If the user of the website visits the server of this website again, the browser of the website user sends the previously received cookie back to the server. The server can evaluate the information obtained through this process. Cookies can make navigating a website easier.

Deleting cookies

You can delete individual cookies or your entire cookie inventory. You will also receive information and instructions on how to delete these cookies or block their storage in advance. Depending on your browser provider, you will find the necessary information under the following links:

In addition, you can prevent the loading of scripts by default. NoScript only allows JavaScript, Java and other plugins to run on trusted domains of your choice.

Information and instructions on how to edit this function can be obtained from your browser provider (e.g. for Mozilla Firefox: https://addons.mozilla.org/de/firefox/addon/noscript/).

Technically necessary cookies

Type and purpose of processing

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

The following technically necessary (essential) cookies are used on our website:

Legal basis and legitimate interest

Data processing is carried out solely on the basis of our legitimate interest in the user-friendly design of our website and in the documentation of consent in accordance with Art. 6 (1) lit. f GDPR in conjunction with a weighing of interests pursuant to §25 (2) TDDDG.

Recipients

The recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage period

Please refer to the cookie consent tool for the respective storage period of the cookies.

Provision mandatory or necessary

The provision of the aforementioned personal data is neither legally nor contractually mandatory. However, without this data, the service and functionality of our website cannot be guaranteed. In addition, individual services may be unavailable or restricted.

Objection

Please read the information below about your right to object under Art. 21 GDPR.

Information about your right to object under Art. 21 GDPR

Right to object in individual cases

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) GDPR (data processing based on a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Recipient of an objection

Ralf Heimburger
Email: datenschutz@foehrenbach.com

Changes to our privacy policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

Questions about data protection

If you have any questions about data protection, please send an email to the person responsible mentioned above.

Copyright information

This privacy policy was created with the help of activeMind AG – the experts for external data protection officers (version #2024-10-25).