1. DATA PRIVACY AT A GLANCE
Basic information
We, Fleck GmbH, as the operator of this website, take the protection of your personal data very seriously. We treat your personal data confidentially and according to the statutory data protection regulations as well as this Privacy Policy.
On our website, and if you use our services, personal data is only collected to the necessary extent and is processed for a specific purpose. Personal data are data by which you are personally identifiable or other data linked to you.
The following notes provide you with a simple overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. Detailed information on the topic of data privacy is given in our Privacy Policy that follows this text.
Data collection on our website
Responsible body (Controller) within the meaning of the GPDR:
Fleck GmbH
Industriestr. 12
45711 Datteln, Germany
Phone:+49 (o) 2363 / 9123-0
Fax:+49 2363 / 9123-80
Email:
The Controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).
You can also contact our data protection officer by email or letter if you have any suggestions or complaints regarding the processing of your personal data:
Datenschutz Consult Bernd Schulz
Endelner Weg 205 a
46286 Dorsten, Germany
Phone:+49 (o) 2369 / 2080428
E-Mail: datenschutz@fleck-dach.de
How do we collect your data?
Cookie-EinstellungenYour data are collected on the one hand by you disclosing it to us. This can be data, for example, that you enter in a contact form. Other data are collected automatically by our IT systems when you visit the website. These are mainly technical data (e.g. internet browser, operating system or time the page was viewed). These data are collected automatically as soon as you access our website.
What do we use your data for?
Part of the data is collected to ensure fault-free provision of the website. Other data can be used to analyse your user behaviour.
What rights do you have regarding your data?
You have the right to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to demand the rectification, restriction or erasure of these data. To this end, and if you have any other questions about data privacy, you can contact us at any time at the address given in the Legal notice. Furthermore, you also have the right to lodge a complaint with the competent supervisory authority.
Analysis tools and tools of third party providers
When you visit our website, your surfing behaviour can be evaluated statistically. This is mainly done with cookies and so-called analysis programs. Your surfing behaviour is normally analysed anonymously; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information on this is provided in the following Privacy Policy.
You can object to this analysis. We inform you about your objection options in this Privacy Policy.
2. GENERAL AND MANDATORY INFORMATION
Withdrawal of your consent to data processing
Many data processing operations are only possible with your explicit consent. You can withdraw an already issued consent at any time. An informal notification sent by email is sufficient for this. The lawfulness of the data processing carried out until the withdrawal remains unaffected by the withdrawal.
Right to lodge a complaint with the competent supervisory authority
In case of breaches of data protection law, the person (“data subject”) concerned has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection law issues (in Germany) is the State Data Protection Officer of the federal state in which our company has its registered office. A list of the data protection officers and their contact details is given under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have the data which we process automatically on the basis of your consent or for the performance of a contract issued to you or to a third party in a commonly used machine-readable form. If you demand the direct transfer of the data to another data controller, this is done only insofar as it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential contents, such as orders or enquiries, which you send to us as the site operator. You can identify an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser line.
If SSL or TLS encryption is activated, the data that you transmit to us cannot be intercepted and read by third parties.
Objection to advertising emails
We herewith object to use of the contact details published under the mandatory legal notice to send advertising and information material that we have not explicitly requested. The operators of the site reserve the right to take legal steps in case of the sending of unsolicited advertising information, for example, in the form of spam emails.
3. DATA COLLECTION ON OUR WEBSITE
Cookies
Some pages of this site use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our offer more user-friendly, more effective and more secure. Cookies are small text files which are placed on your computer and are stored by your browser.
Most of the cookies used by us are so-called “session cookies”. They are deleted automatically at the end of your visit. Other cookies remain on your terminal device until you delete them. These cookies enable us to recognise your browser the next time you visit our site.
You can set your browser so that you are informed of the setting of cookies and only allow cookies on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of the cookies on closing the browser. If you disable cookies, the functions of this website can be limited.
Cookies, which are required to implement the electronic communication process or for the provision of certain functions required by you (e.g. shopping basket function), are stored on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of their services. Insofar as other cookies are stored (e.g. cookies for the analysis of your surfing behaviour), they are dealt with separately in this Privacy Policy.
Server log files
The provider of the pages collects and stores information automatically in so-called server log files, which your browser sends to us automatically. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data are not merged with other data sources.
The basis for this data processing is our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR.
Contact form
If you send us enquiries by contact form, your details from the enquiry form including the contact details given there by you are stored by us for the purpose of processing the enquiry and in case of follow-up questions. We do not pass on these data without your consent.
The data entered in the contact form are there processed solely on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can withdraw this consent at any time. An informal notification sent by email is sufficient for this. The lawfulness of the data processing operations carried out until the withdrawal remains unaffected by the withdrawal.
The data entered by you in the contact form remain with us until you request their erasure, withdraw your consent to their storage or the purpose of the data storage no longer applies (e.g. after completed processing of your enquiry). Mandatory legal provisions – especially retention periods – remain unaffected.
Matomo
We use Matomo (formerly Piwik) for web analysis, a service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, (“Matomo”) by means of cookie technology. Matomo is hosted on our server, the analysis data are thus not forwarded to third parties. The data are processed pursuant to Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in the compilation of visitor statistics. Further information on the Matomo terms of service and data privacy policy can be found at: https://matomo.org/privacy/
4. PLUGINS UND TOOLS
YouTube
Our website uses plug-ins of the YouTube site operated by Google. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you visit one of our pages equipped with a YouTube plug-in, a connection is established to the YouTube servers. The YouTube server is notified which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of providing an attractive display of our online offers. This requires your consent pursuant to Art. 6 Para. 1 lit. a GDPR.
Further information of how user data is handled can be found in the YouTube Privacy Policy at: https://www.google.de/intl/de/policies/privacy.
Google Maps
This site uses the Google Maps service via an API. Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
To use the functions of Google Maps, it is necessary to store your IP address. This information is generally transferred to a Google server in the USA where it is stored. The provider of this site has no influence on this data transfer.
Google Maps is used in the interest of providing an attractive display of our online offers and easy findability of the places given by us on the website. This requires your consent pursuant to Art. 6 Para. 1 lit. a GDPR.
More information on how user data is handled can be found in the Google Privacy Policy: https://www.google.de/intl/de/policies/privacy/.
5. SEPARATE INFORMATION
Provisions for business partners
In the following we inform you pursuant to Art. 13, 14 of the EU General Data Protection Regulation (EU GDPR) about our processing of your personal data and your rights resulting from the data protection law.
1. Name and contact details of the Controller
Fleck GmbH
Industriestr. 12
45711 Datteln, Germany
Phone:+49 (o) 2363 / 9123-0
2. Contact details of the Data Protection Officer
Datenschutz Consult Bernd Schulz
Endelner Weg 205 a, 46286 Dorsten, Germany
Phone:+49 (o) 2369 / 2080428
E-Mail:
3. Purposes for which the personal data are processed and the legal basis of the processing
We process personal data insofar as this is necessary for establishing, implementing or performing a contract and to take steps prior to entering into a contract (Art. 6 Para. 1 lit. b GDPR, e.g. associated with the initiation, execution and management of orders), for fulfilling a legal obligation (Art. 6 Para. 1 lit. c GDPR, e.g. complying with commercial and tax retention obligations under § 257 HGB and § 147 AO), to safeguard the legitimate interests of the Controller or a third party (Art. 6 Para. 1 lit. f GDPR, e.g. the storage of data during a period appropriate for acquisition efforts or to make legal claims and defence in the event of legal disputes) as well as on the basis of the consents of the data subjects (Art. 6 Para. 1 lit. a GDPR, e.g. passing on data to third parties, evaluation for marketing purposes and promotional approaches by email).
4. Sources and categories of the processed personal data
We process personal data, which we receive within the scope of making contact and our business relationship, e.g. for processing an enquiry or an order, from you or from public sources such as commercial registers, internet and directories, or from third parties such as commercial credit and credit reference agencies.
Relevant personal data are, in particular, personal details (such as last name, first name, address, bank details, invoice address, tax number of VAT ID) and other contact details (such as phone number, email address). In addition, these can also be contract or order data (e.g. turnover data, order volume), information about your financial situation (e.g. creditworthiness data) as well as details about you (e.g. profession, position, duties and powers) as well as other data comparable with the named categories. In individual cases, equipment data are also recorded, e.g. name and IMEI number.
5. Recipients or categories of recipients of the personal data
Within the company, only the persons and positions that need access to the data to fulfil contractual and legal obligations or to establish our legitimate interest (e.g. sales). We can transfer your personal data to companies affiliated with us, provided this is permitted within the purposes and legal basis set out under clause 3 of this data protection information sheet. Processors engaged by us pursuant to Art. 28 GDPR can also process data for these purposes, e.g. IT service providers, cloud providers and disposers in the data destruction sector. All service providers are contractually obliged to handle your data confidentially.
Data are only forwarded to recipients outside the company in compliance with the applicable data protection regulations. Recipients of personal data can be, for example, a logistics company, service providers, suppliers, subcontractors, tax consultants, auditors and public auditors, banking and financial service providers, credit rating agencies, collection agencies, solicitors and authorities. In such cases, information is passed onto these companies or individual persons to enable the further processing.
6. Transfer to a third country (outside the EU / EEA) or an international organisation
Transfer to a third country does not take place and is also not planned.
7. Duration for which the personal data are stored and the criteria for determining this duration
The required personal data are stored for the duration of the existence of warranty and guarantee claims. In addition, the personal data are retained for the legally specified periods. Corresponding obligations to produce proof and retention obligations result from the German Commercial Code (“Handelsgesetzbuch”, HGB) and the Revenue Code (“Abgabenordnung”, AO). The retention and documentation periods specified there are accordingly up to ten years. If the data are no longer required to fulfil contractual or legal obligations they are erased regularly.
In addition to the above-named information, the following is an overview of your other data protection rights:
- Right of access and information about the personal data concerned (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) as well as the restriction of processing (Art. 18 GDPR)
- Right to object to the processing (Art. 21 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up until it is withdrawn (Art. 7 Para. 3 GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
We do not use any fully automated decision-making pursuant to Art. 22 GDPR to justify, perform or undertake the business relationship or for the taking of steps prior to entering into a contract. Should we use this procedure in individual cases, we will inform you separately or obtain your consent, where this is required by law.
Is there an obligation to provide data?
Within the scope of the contractual relationship or the contract initiation, you must provide the personal data which are required for the starting, performance and ending as well as the associated contractual obligations or which we are required to acquire by law. Without these data, in general we will not be able to take the required pre-contract steps or establish the contractual relationship with you.
Separate information about your right to object according to Article 21 GDPR
According to Art. 21 Para. 1 GDPR, you have the right to lodge an objection to the processing of your personal data at any time, undertaken on the basis of Article 6 Para. 1 lit. f GDPR (data processing on the basis of a weighing up of interests), for reasons which result from your particular situation.
If you submit an objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercising or defence of legal claims.
If the processing is for direct marketing purposes, according to Art. 21 Para. 2 GDPR, you have the right to object to the processing of your personal data for the purposes of such marketing at any time; this also applies to profiling to the extent that it is related to such direct marketing. If you object to the processing for the purposes of direct marketing, we will no longer process your personal data for these purposes.
If you would like to exercise your right to object or other data subject rights, it is sufficient to notify us in text form. You can write to us or contact us by email.
Provisions for online meetings with “MS Teams” of Fleck GmbH
In the following we inform you, on the basis of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) about the processing of personal data related with the holding of online meetings using the “Microsoft Teams” video conference tool”.
1. Name and contact details of the Controller
The Controller responsible for the data processing, which is directly related to the holding of “online meetings” is
Fleck GmbH
Industriestr. 12
45711 Datteln, Germany
Phone:+49 (o) 2363 / 9123-0
Note: If you open the internet site of “Microsoft Teams”, the provider of “Microsoft Teams” is responsible for the data processing (i.e. is the controller). However, it is only necessary to open the website for the use of “Microsoft Teams” in order to download the software for the use.
If you do not want or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” via your browser. The service is then provided via the “Microsoft Teams” website.
2. Contact details of the Data Protection Officer
Datenschutz Consult Bernd Schulz
Endelner Weg 205 a, 46286 Dorsten, Germany
Phone:+49 (o) 2369 / 2080428
E-Mail:
3. Purposes for which the personal data are processed and the legal basis of the processing
We use the “Microsoft Teams” tool to hold phone conferences, video conferences and webinars (referred to as “online meetings” in the following). “Microsoft Teams” is a service of the Microsoft Corporation.
Legal basis of the data processing
Insofar as personal employee data of Fleck GmbH are processed, the legal basis of the data processing is § 26 BDSG. If, in relation to the use of “Microsoft Teams”, personal data are not required for the establishing, implementation or ending of the employment relationship, however, they are an elementary component of the use of “Microsoft Teams”, the legal basis for the data processing is Art. 6 Para. 1 lit. f GDPR. In these cases, our interest is in the effective holding of “online meetings”.
Where the processing of personal data within the scope of the online meetings is required to perform a contract for which you are a contracting party, or for taking steps prior to entering into a contract, which occur at your request, the legal basis for the processing of personal data is Art. 6 Para. 1 lit. b GDPR.
If a contractual relationship does not exist, the legal basis is Art. 6 Para. 1 lit. f GDPR. Here too, our interest is in the effective holding of “online meetings”.
If video and sound recordings are required by way of exception, this is done solely on the basis of the consent given by you pursuant to Art.6 Para. 1 lit. a GDPR.
Type and scope of data processing
We use “Microsoft Teams” to hold “online meetings”. If we want to record “online meetings” we will inform you in advance to maintain transparency and ask for your consent. If it is required to record the results of an online meeting, we will log the chat content. However, this will generally not be the case.
Automated decision-making in the sense of Art. 22 GDPR is not used.
The following personal data are the subject of the processing for the use of “Microsoft Teams”, whereby the scope of the data also depends on what details you provide on data before or during the participation in an “online meeting”:
Details of the user (registration information): e.g. user name, activation and conference codes, email address, first and last name, company, organisation ID, participant IP, profile image (optional)
Configuration and communication data: e.g. device name, IP address, geodata, time zone, activity logs, hardware type
Conference information: e.g. date, time, duration, number of participants, dial-in method, diagnostic information
Text, audio and video data: You possibly have the option of using the chat function in an “online meeting”. In this case, the text inputs made by you will be processed to display them in the “online meeting”. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and any video camera of the terminal device are processed accordingly for the duration of the meeting. You can switch off or mute the camera or the microphone yourself at any time using the “MS Teams” applications.
4. Recipient / passing on of data
Regarding the processing of personal data related to the participation in “online meetings”, there is no passing on to third parties provided that they are not intended for passing on. Please note that content from “online meetings” as well as in-person meetings is frequently used to communicate information to customers, potential customers or third parties and is thus intended for passing on.
A further recipient is the provider of “Microsoft Teams”, the Microsoft Corporation.
5. Data processing outside the EU / EEA
There is no data processing in third countries, as we or the service provider have limited the storage location to data centres in the EU or the EEA.
However, we cannot rule out that the service provider also uses servers outside the EU or the EEA or the data are routed over internet servers that are located outside the EU or the EEA. In this case, a reasonable data protection level is guaranteed by concluding the adoption of so-called EU standard data protection clauses. In addition, the data are encrypted as additional protective measures during transport over the internet and are thus secured against unauthorised access by third parties.
6. Storage duration
Your personal data, which we process within the scope of your use of “Microsoft Teams”, are invariably erased as soon as they are no longer needed for the purposes for which they were . However, a need for storage can exist, especially if the data are still needed to perform contractual services and to check and grant or defend against guarantee or possibly warranty claims. In case of legal retention obligations of 6 years and 10 years respectively under commercial and tax law, erasure is only considered after the expiry of the respective retention obligation. If and insofar the processing is based on your consent, the data are only stored until you withdraw your consent, unless another legal basis exists for the processing.
Your rights as a data subject
As a data subject, you can exercise the rights granted you under the GDPR at any time, provided they apply to the processing:
- the right to information on whether and which of your data are processed (Art. 15 GDPR);
- the right to demand rectification or completion of the data concerning you (Art. 16 GDPR);
- the right to erasure of the data concerning you according to Art. 17 GDPR;
- the right according to Art. 18 GDPR to demand restriction of the processing of data;
- the right to data portability according to Art. 20 GDPR;
- the right to object to future processing of your data according to Art. 21 GDPR
Revocability of your consent
If the processing occurs on the legal basis of a consent, this can be withdrawn at any time. The withdrawal does not affect the lawfulness of the processing that took place up to the withdrawal (Art. 7 Para. 3 GDPR).
Right to lodge a complaint with a supervisory authority
You have the right to complain to a supervisory authority for data protection about the processing of personal data by us.