1) Information about the collection of personal data and contact data of the controller
Thank you for visiting our website and for your interest. Information on how your personal data is handled when using our website is provided below. Personal data in this case comprises all data that can be used to personally identify you.
The responsible party (controller) for data processing on this website for the purpose of the General Data Protection Regulation (GDPR) is Dr. Müller Diamantmetall GmbH, Leprosenweg 34, 82362 Weilheim i. Ob., Germany, Phone: +49 (0) 881 / 90 11 55-0, Fax: +49 (0) 881 / 90 11 55-100, email: firstname.lastname@example.org. The party responsible for the processing of personal data is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data.
For security reasons and to protect the transferring of personal data and other confidential content (e.g. purchase orders or inquiries to the controller), this website uses either SSL or TLS encryption. An encrypted connection is indicated by the character sequence “https://” and the lock icon in the browser address bar.
2) Data collection when visiting our website
When our website is used purely for information purposes, meaning when you don’t register or otherwise transmit information to us, we only collect the data which your browser transmits to our server (so-called “server log files”). When you view our website, we collect the following data which we require for technical reasons in order to display the website to you:
- Our website being visited
- Date and time of the web page access
- Amount of data transmitted, in bytes
- Source/referrer from which you linked to the page
- Browser used
- Operating system used
- IP address used (in anonymised form, if applicable)
Processing is performed on the basis of point (f) of Art. 6(1) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. Data transfer or other use of the data does not take place. However, we reserve the right to review the server log files at a later date if there are specific indications of illegal use.
In order to make our website appealing to use and to allow for the use of specific functions, we use so-called cookies on various pages. These are small text files which are stored on your device. Some of the cookies we use are deleted again at the end of the browser session, meaning after your browser is closed (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third party cookies) to recognise your browser on your next visit (persistent cookies). When cookies are saved, they collect and process specific user information such as browser and location data as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a specified time, which can vary according to the cookie.
Insofar as data is processed by individual cookies implemented by us, the processing takes place on the basis of point (b) of Art. 6(1) GDPR either for performance of the contract or on the basis of point (f) of Art. 6(1) GDPR to protect our legitimate interests in the best possible functionality of our website as well as customer friendly and effective design of the site visit.
We may work with advertising partners who help us make our website presence more interesting to you. In this case cookies from partner companies (third party cookies) are also saved on your device for this purpose when you visit our website. When we work with aforementioned advertising partners, you are informed individually and separately in the following paragraphs about the use of such cookies and the scope of the respective information being collected.
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Please note that blocking cookies can limit the functionality of our website.
4) Contacting us
Personal data is collected when you contact us (e.g. using the contact form or via email). What data is collected when using a contact form is apparent from the respective contact form. This data is stored and used solely for the purpose of responding to your request or respectively for contacting and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request on the basis of point (f) of Art. 6(1) GDPR. If the aim of contacting you is entering into a contract, then an additional legal basis for processing is point (b) of Art. 6(1) GDPR. Your data is deleted after processing of your request has been completed. This is the case when, according to the circumstances, it is evident that the respective matter has been fully clarified and insofar as not precluded by any statutory data retention requirements.
5) Use of customer data for direct marketing
5.1. Subscribing to our email newsletter
When you subscribe to our email newsletter, we send you information on our offers on a regular basis. The only mandatory information required to receive the newsletter is your email address. Additional data is provided voluntarily and is used in order to address you personally. We use the so-called double opt-in method to send the newsletter. This means that we will only send you an email newsletter when you have expressly confirmed to us that you consent to receiving the newsletter. Then we send you a confirmation email, which asks you to click on a corresponding link in order to confirm that you want to receive the newsletter in the future.
By activating the confirmation link, you provide us with your consent to use your personal data on the basis of point (a) of Art. 6(1) GDPR. When subscribing to the newsletter, we store the IP address registered by the Internet Service-Provider (ISP) as well as the date and time of registration, in order to be able to track possible misuse of your email address at a later point in time. The data collected by us when subscribing to the newsletter is used solely for the purpose of providing promotional material by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or through a corresponding message to the controller indicated above. After unsubscribing, your email address is promptly deleted from our newsletter mailing list, insofar as you haven’t expressly consented to the continued use of your data or we reserve the right to additional use of data which is allowed by law and about which we inform you in this declaration.
5.2 Sending the newsletter to existing clients
If you have provided your email address when purchasing goods or services, we reserve the right to send you emails on a regular basis with offers for goods or services offered by us which are similar to the ones purchased. In accordance with § 7(3) UWG (Act Against Unfair Competition) we don’t have to obtain separate consent from you for this purpose. Data processing in this respect takes place solely on the basis or our legitimate interest in personalised direct marketing on the basis of point (f) of Art. 6(1) GDPR. If you initially revoked the right to use your email address for this purpose, then sending of mail on our part does not take place. You have the right to revoke your consent to the use of your email address for the aforementioned advertising purposes at any time effective from that point onward by sending a message to the aforementioned controller. Your only cost to do so is the transmission cost at the base rates. Upon receipt of your revocation, use of your email address for advertising purposes is promptly discontinued.
5.3 Newsletter mailing via Sendinblue
Our email newsletter is mailed by the technical service provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, with whom we share the data provided when you subscribed to the newsletter. The data is shared on the basis of point (f) of Art. 6(1) GDPR and serves our legitimate interest in using a promotionally effective, secure and user friendly newsletter system. The data entered by you for the purpose of receiving the newsletter (e.g. email address) is stored on Sendinblue servers in the EU.
Sendinblue uses this information to mail the newsletter and for statistical analysis of the newsletter on our behalf. For analysis purposes, the emails which are sent contain so-called web beacons or tracking pixels, which represent a one-pixel image file stored on our website. This makes it possible to determine whether a newsletter email was opened and, if applicable, which links were clicked on. Technical information (e.g. time of access, IP address, browser type and operating system) are collected as well. The data is collected solely in pseudoanonymised form and is not linked with your other personal data, a direct personal association is precluded. This data is used solely for statistical analysis of newsletter campaigns. The results of these analyses can be used in order to better align future newsletters with the interests of the recipients. If you wish to revoke the right to data analysis for statistical purposes, you have to unsubscribe from the newsletter.
Furthermore, Sendinblue itself may use this data on the basis of point (f) of Art. 6(1) GDPR for its own legitimate interests in the demand-based design and optimisation of the services and for market research purposes, for example to determine which countries the recipients are in. However, Sendinblue doesn’t use the data of our newsletter recipients in order to mail them itself or to provide it to third parties.
We have concluded a data processing agreement with Sendinblue, through which we obligate Sendinblue to protect the data of our customers and to refrain from passing the data on to third parties.
5.4 Advertising by letter mail
On the basis of our legitimate interest in personalised direct marketing, we reserve the right to store your first and last name, your mailing address and – insofar as we have received this additional information from you in the course of the contractual relationship – your title, academic rank, your year of birth and your job, industry or business title on the basis of point (f) of Art. 6(1) GDPR and to use this information to send you interesting offers and information regarding our products via letter mail.
You can revoke your consent to store and use your data for this purpose at any time through a corresponding message to the controller.
6) Web analytics services
Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google (Universal) Analytics uses so-called “cookies”, which are small text files stored on your device which allow for analysis of your use of the website. The information generated by the cookie about your use of this website (including the abbreviated IP address) is typically transferred to a Google server and stored there, which may also involve transfer to the Google LLC. servers in den USA.
This website uses Google (Universal) Analytics solely with the extension “_anonymizeIp()”, which ensures anonymisation of the IP address through abbreviation and precludes a direct personal association. The extension results in your IP address being abbreviated by Google within the European Union member states or within other signatory states of the European Economic Area. The full IP address will be transmitted to a Google LLC. server in the USA and abbreviated there only in exceptional circumstances. On our behalf, Google shall use this information to analyse your use of this website, to generate reports on website activities and to provide other services related to the use of the website and the Internet to us. The IP address transmitted by your browser within the Google (Universal) Analytics framework will not be merged with other data in Google’s possession. Through the use of a special function, the so-called “demographic attributes”, Google Analytics also makes it possible to generate statistics with information on the age, gender and interests of the website visitors on the basis of an analysis of interest-based advertising and by incorporating third party information. This allows for the definition and differentiation of website user groups for the purpose of target group optimised alignment of marketing measures. However, the data sets generated via the “demographic attributes” cannot be assigned to any specific person.
All of the aforementioned processing, in particular the use of Google Analytics cookies to read information from the device used, is only performed if you have provided us with your express consent to do so on the basis of point (a) of Art. 6(1) GDPR. The use of Google Analytics during your visit to the website doesn’t occur without this consent being provided.
You can revoke your consent at any time effective from that point onward.
In order to exercise your right to revocation, please deactivate this service using the “cookie consent tool” provided on the website. We have concluded a data processing agreement with Google for the use of Google Analytics, which obligates Google to protect the data of our website visitors and to refrain from providing this data to third parties.
With regard to the transferring of data from the EU to the USA, Google invokes the so-called standard data protection clauses of the European Union, which are intended to ensure compliance with European standards in the USA.
Further information on Google (Universal) Analytics is available here: https://policies.google.com/privacy?hl=de&gl=de
7) Tools and other
Applications to job posts via email
We post current job vacancies under a separate heading on our website, so that interested persons can apply by sending an email to the contact address provided.
Inclusion in the application process hereby requires applicants to provide us via email, along with the application, all personal data required for a well-founded and informed assessment and selection.
The information required in this regard includes general information about the person (the name, address, phone or electronic contact data) as well as achievement-specific proof of qualifications required for a position. If applicable, health-related information may be required in the interests of social protection of the applicant for the purpose of particular labour and employment law considerations.
What information an application must contain in order to be suitable for consideration and in which form this information shall be provided via email can be determined from the respective job posting.
After the application sent to the specified contact address is received, the applicant data is stored by us and analysed solely for the purpose of application processing. For any further questions arising in the course of processing the application, we shall at our discretion use either the email address provided by the applicant with his application or a specified phone number.
The legal basis for this processing including contacting for questions is generally point (b) of Art. 6(1) GDPR (for processing in Germany in conjunction with § 26(1) BDSG (German Federal Data Protection Act), for the purpose of which the application process is deemed a negotiation of an employment relationship.
Insofar as special categories of personal data for the purposes of Art. 9(1) GDPR (e.g. health data such as information on the working capacity of severely disabled persons) are requested from applicants, processing takes place on the basis of point (b) of Art. 9(2) GDPR, so that we can implement rights arising from employment and social security and social protection law and can fulfil our obligations in this regard.
Cumulatively or alternately, processing of the special data categories can also take place on the basis of point (h) of Art. 9(1) GDPR, if it takes place for purposes of preventive or occupational medicine, for the assessment of the working capacity of the applicant, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.
If an applicant is not selected in the course of the aforementioned evaluation or if an applicant withdraws their application ahead of time, the data transferred by them via email as well as all electronic written communication including the original application email are deleted after a corresponding notification at the latest after 6 months. This period is determined on the basis of our legitimate interest in answering any follow-up questions regarding the application and if applicable in order to meet our obligations arising from non-discrimination regulations to provide proof of non-discrimination of applicants.
In the event of a successful application, processing of the provided data will continue on the basis of point (b) of Art. 6(1) GDPR (for processing in Germany in conjunction with § 26(1) BDSG (German Federal Data Protection Act)) for the purpose of implementing the employment relationship.
8) Rights of the data subject
Applicable data protection law grants you comprehensive data subject rights versus the controller with regard to processing of your personal data (right of access and right to rectification) about which we inform you below:
– Right of access on the basis of Art. 15 GDPR: You have an express right to be informed about your personal data processed by us, the purposes of processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period, the existence of the right to rectification, erasure, restriction of processing, lodging a complaint with a supervisory authority, the source of the data if not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing, as well as your right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in the event of your data being transferred to a third country;
- Right to rectification on the basis of Art. 16 GDPR: You have a right to rectification without undue delay of inaccurate personal data pertaining to you and/or completion of your incomplete data stored by us;
- Right to erasure on the basis of Art. 17 GDPR: You have the right to erasure of your personal data where the grounds of Art. 17(1) GDPR apply. However, this right shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- Right to restriction of processing on the basis of Art. 18 GDPR: You have the right to restriction of processing of your personal data, insofar as the accuracy of the personal data is contested, when you oppose the erasure of your personal data due to unlawful processing and instead demand restriction of the processing of your data, when you require your data for the establishment, exercise or defence of legal claims after we no longer require this data subsequent to the purpose having been achieved or if you have lodged an objection founded on your particular situation, pending verification whether our legitimate grounds prevail;
- Right to notification on the basis of Art. 19 GDPR: If you have exercised your right to rectification, erasure or restriction of processing versus the controller, then the controller is obligated to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data pertaining to you has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability on the basis of Art. 20 GDPR: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request transfer to another controller, insofar as this is technically feasible;
- Right to withdraw prior given consent on the basis of Art. 7(3) GDPR: You have the right to withdraw previously given consent to the processing of data at any time, effective from that point onward. If you withdraw consent, we will delete the affected data promptly insofar as further processing cannot be supported by a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- Right to lodge a complaint on the basis of Art. 77 GDPR: If you consider that the processing of personal data pertaining to you infringes the GDPR, you have – without prejudice to any other administrative or judicial remedy – the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
8.2 RIGHT TO OBJECT
IF, IN THE COURSE OF WEIGHING INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR LEGITIMATE INTERESTS WHICH OUTWEIGH YOUR INTERESTS, YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME TO THIS PROCESSING, EFFECTIVE FROM THAT POINT ONWARD.
IF YOU INVOKE YOUR RIGHT TO REVOCATION, WE WILL CEASE PROCESSING OF THE AFFECTED DATA. HOWEVER, THE RIGHT TO FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOURSELF FOR SUCH MARKETING PURPOSES. YOU CAN EXERCISE THIS RIGHT TO OBJECT AS OUTLINED ABOVE.
IF YOU INVOKE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING OF THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.
9) Storage duration of personal data
The duration of storage of personal data is based on the respective legal grounds, on the processing purpose and – if applicable – also on the basis of the respective legal retention period (e.g. tax or commercial law retention periods).
When processing personal data on the grounds of express consent on the basis of point (a) of Art. 6(1) GDPR, this data is stored until the data subject revokes their consent.
If legal retention periods exist for data processed within the framework of contractual or contract-like obligations on the basis of point (b) of Art. 6(1) GDPR, then this data will be routinely deleted at the end of the retention periods, insofar as it is no longer required for contract fulfilment or contract negotiations and/or no legitimate interest for further storage exists on our part.
When processing personal data on the basis of point (f) of Art. 6(1) GDPR, this data is stored until you exercise your right to object on the basis of Art. 21(1) GDPR, unless we are in a position to present compelling protection worthy grounds for the processing of your data, that outweigh your interests, rights and freedoms, or if the purpose of the processing is the claiming, exercising or defence of legal entitlements.
When processing personal data for the purpose of direct marketing on the basis of point (f) of Art. 6(1) GDPR, this data is stored until the data subject exercises their right to object on the basis of Art. 21(2) GDPR.
Insofar as not otherwise indicated by other information in this declaration regarding specific processing situations, stored personal data is otherwise deleted when it is no longer required for the purposes for which it was collected or otherwise processed.