Data Privacy

1 Name and contact details of the person responsible

Fuchs + Sanders Schrauben Wholesale GmbH & Co.KG

Im Westerfeld 1, 49504 Lotte

Tel.: +49 (0) 5404 9160 0

E-Mail: info@fuchssanders.de

 

2 Contact details of the Data Protection Officer

Our company Data Protection Officer is available for information or suggestions on the subject of data protection:

Data Protection Officer of Fuchs + Sanders Schrauben Wholesale GmbH + Co.KG

Im Westerfeld 1, 49504 Lotte

E-Mail: datenschutzbeauftragter@fuchssanders.de

 

3 Data processed for the provision of the website

3.1 Description and purpose of data processing:

When you visit our website, information is automatically collected which your browser transmits to our server for technical reasons. This information (server log files) includes the type of web browser, the operating system used, the date and time of the visit, the access status, the use of website features, the domain name of your internet service provider, your IP address, and the like. The temporary storage of this data is necessary for the website's provision. Additional storage in log files is done to ensure the functionality and security of the website, especially to prevent and detect attacks on our website or attempted fraud. This also represents our legitimate interest in data processing according to Art. 6 para. 1 lit. f) GDPR.

We only store other personal data if you provide this data to us, e.g., during registration or via the contact form, and even in these cases, only if permitted by your consent or applicable legal regulations.

3.2 Data recipients for website operation and hosting

We also use qualified service providers for the operation, optimization, and security of our websites. We transmit your data as part of order processing according to § 28 GDPR to service providers who support us in operating our websites and related processes. These include, for example, hosting providers, web designers, IT service providers, consent management platforms.

3.3 Further third-party services and plug-ins

Our website may also contain additional third-party services (e.g., plug-ins). Examples include display, tracking, remarketing, and web analytics technologies. When you select a third-party service, we transfer data to the respective provider as required. The specific data transferred to the third-party service and its use can be found in the information about individual third-party services in our consent banner.

3.4 Data transfer to recipients outside the European Economic Area

We prioritize processing your data within the EU/EEA. However, we may use third-party services that process data outside the EU/EEA. In these cases, we ensure that there is an adequate level of data protection comparable to EU standards before transferring your personal data. This can be achieved through EU standard contracts or binding corporate rules or specific agreements that the company can comply with.

However, we still point out that in countries outside the EU/EEA, a data protection level comparable to the EU cannot be guaranteed. For instance, US companies are obliged to hand over personal data to security authorities without you being able to take legal action against it. Thus, it cannot be ruled out that US authorities (e.g., intelligence agencies) process, evaluate, and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities.

3.5 Legal basis

3.5.1 Website operation and hosting

The legal basis for necessary data processing related to the website's operation is our predominant legitimate interest according to Art. 6 para. 1 S.1 lit. f) GDPR.

3.5.2 Use of other third-party services and social plugins

Data transfer to third-party service recipients is based on your consent according to Art. 6 para. 1 S. 1 lit. a) GDPR. The transfer of data to an insecure third country is also based on your consent according to Art. 49 para. 1 S. 1 lit. a) GDPR.

3.6 Storage period

Unless we have already informed you about the storage duration, we will delete personal data when they are no longer necessary for the aforementioned processing purposes and no legal retention obligations oppose deletion.

3.7 Mandatory or required provision

You are not legally or contractually obliged to provide your personal data. However, certain features of our websites may depend on the provision of personal data. If you do not provide personal data in these cases (use of third-party services), this may result in features being unavailable or limited.

4 Cookies

4.1 Scope and purpose of data processing:

When visiting our websites, cookies may be used. Cookies are text files created by the browser during page visits to store data about a browser during and after a site visit. Unique character strings are regularly stored in the cookie so that a server can recognize a browser. Cookies can also contain personal data. We use cookies, among other things, to ensure the technical functionality of the website (technically necessary cookies) and to integrate additional online services from third parties on our website (technically non-essential cookies). Cookies can be stored by the visited site (First-Party) or by online services of a third party (Third-Party) if you have activated a third-party service.

To use cookies and third-party services in compliance with data protection regulations and to give you control over the use of cookies, we use a consent banner on our web presence. The consent banner is used to ask for the user's decision, document it, and pass it on to other systems. The consent banner is displayed the first time you access our web presence, and you can make your cookie settings, i.e., declare your consent for the respective use of the cookies.

Whether and which cookies are used during your visit to our website depends on which areas and functions of our website you use and whether you allow the use of cookies that are not technically necessary in your browser and agree to them in our consent banner. More information and decision options can be found in the consent banner.

4.2 Legal basis

4.2.1 Technically necessary cookies

The legal basis for the use of technically necessary cookies is our predominantly legitimate interest according to Art. 6 Para. 1 S. 1 lit. f) GDPR in conjunction with § 25 Para. 2 No. 2 TTDSG

4.2.2 Technically non-essential cookies

The legal basis for the use of technically non-essential cookies is your consent according to Art. 6 Para. 1 S. 1 lit. a) GDPR in conjunction with § 25 Para. 1 TTDSG.

4.3 Data recipients

Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website. Further recipients can be found in the information below on the third-party services used.

4.4 Storage duration

The storage duration of individual cookies can be found in the information in the consent banner.

4.5 Provision mandatory or necessary / removal option

Of course, you can also view our website without cookies. Web browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time via your browser settings (see revocation of consent). Please note that individual functions of our website may not work if you have deactivated the use of cookies. In addition, you can revoke non-essential cookies via our consent banner.

5 Use of Google Analytics

5.1 Description and purpose of processing:

This website uses the web analytics service Google Analytics to analyze visitor flows on our website. We process the data provided to evaluate the use of our website, create reports on activities related to our website, and possibly provide further services related to the use of our website and internet use. We rely on the data collected to control our public relations work to continuously adapt our website to the needs of website visitors. If you give us permission to use the web analytics service Google Analytics, a connection to Google servers will be established to load the script required for Google Analytics. At the time of initializing Google Analytics, cookies are stored (see above) by which your browser can be recognized when calling up pages on our website. Every time you call up a page on our website that uses Google Analytics, data on the page view (e.g., the page from which you accessed our website and the accessed page, browser and system information, operating system, IP address, click path and visited pages, date and time of the visit, downloads, flash version, location information, JavaScript support, referrer URL, widget interactions) and data from cookies are processed and usually transferred to a Google server in Ireland and stored there. Our website uses IP anonymization (so-called IP masking). If you access our website from locations within the member states of the European Union or the European Economic Area, the IP address collected for web analysis will be shortened. More information on the transmitted data can be found at https://developers.google.com/analytics/resources/concepts/gaConceptsTrackingOverview.

It can be assumed that Google uses your data, among other things, for advertising purposes, market research, and/or the needs-based design of its websites. Such an evaluation is carried out, in particular (even for users who are not logged in), to provide needs-based advertising. Overall, we have no influence on whether and to what extent Google processes personal data after activation. However, it is likely that Google creates user profiles from your data and passes them on to third parties for the purpose of personalized advertising.

5.2 Legal basis for processing:

The legal basis for processing is your consent according to Art. 6 Para. 1 lit. a) GDPR.

5.3 Data recipient:

The data recipient is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, and possibly their affiliated companies (e.g., Alphabet Inc., Google LLC). The activation of Google Analytics can mean that your data may also be processed outside the EU or the EEA. In this case, there is a risk that authorities will access the data for security and surveillance purposes without you being informed or being able to take legal action. The transfer of data to an insecure third country is based on your consent according to Art. 49 Para.

5.4 Duration of Storage

Data collected by us will automatically be deleted after 14 months. Data that has reached its retention period will be automatically deleted once a month. Your decision regarding the use of the service is stored in a cookie, the storage duration of which can be viewed in the consent banner (see above).

5.5 Provision Mandated or Necessary

You are not legally or contractually obligated to provide your personal data. The provision of your data is voluntary.

5.6 Possibility of Revocation and Elimination

You can check the status of Google Analytics via our consent banner. If you want to prevent tracking of your activities on our website, please revoke your consent for Google Analytics or all technically unnecessary cookies and data transfers. You can also prevent the use of cookies by adjusting your browser settings accordingly. However, please note that if you do this, you may not be able to use all the features of this website to their full extent. In addition, you can prevent the data generated by the cookie and related to your use of the website (including your IP address) from being sent to and processed by Google by downloading and installing the browser plugin available at the following link: Browser Add-on to deactivate Google Analytics.

6 Registration for the Fuchs+Sanders Online Shop

6.1 Type and Purpose of Processing:

For access to our online shop, we require your registration data. We provide your registration data upon request for the first time. Furthermore, we use your personal data for processing your online purchases (your orders and returns are handled via our online services) and for sending notifications about the delivery status or notifications regarding issues with the delivery of your items.

6.2 Legal Basis:

The processing of registration data is based on the existing contractual relationship according to Art. 6 Para. 1 lit. b) DSGVO.

6.3 Recipients:

Possible recipients of the data are technical service providers who act as processors for the operation and maintenance of our website.

6.4 Duration of Storage:

Your data will only be processed in this context as long as there is an active business relationship with you. Typically, your registration data will be deleted two years after your last order.

6.5 Provision Mandated or Necessary:

The provision of your personal data is voluntary, solely based on your consent. Without providing your personal data, we cannot grant you access to our offered content.

7 Use of the Contact Form

7.1 Description and Purpose of Data Processing:

By providing our email address and the contact form, we offer you the opportunity to establish initial contact with us. When making contact, the transmitted personal data of the user is stored. The processing of personal data is exclusively for the purpose of processing your request.

7.2 Legal Basis:

The legal basis for processing the data transmitted as a result of sending an email or through the contact form is Art. 6 Para. 1 S. 1 f) DSGVO. If the email contact aims at concluding a contract, an additional legal basis for processing is Art. 6 Para. 1 S. 1 lit. b) DSGVO. The same applies analogously for postal dispatches.

7.3 Duration of Storage:

Data will be deleted as soon as it is no longer necessary for achieving its purpose of collection. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is considered to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. This will occur no later than one year after the last email contact.

7.4 Data Recipients:

We occasionally use external service providers to manage our IT within the scope of order processing according to § 28 DSGVO to process your data.

7.5 Provision Mandated or Necessary:

The provision of personal data is not legally or contractually required, but may serve for the conclusion of a contract for the reasons mentioned above. If you do not wish to provide the data, this means we cannot contact you.

8 Processing of Your Data in the Context of Business Communication and Transaction Processing

8.1 Description and Purposes of Data Processing:

Within the framework of cooperation with business partners and interested parties, we process personal data for the following purposes:

 

  • Communication with business partners about products, services, and projects of ours or business partners, e.g., by answering inquiries or follow-up questions;
  • Planning, execution, and management of the (contractual) business relationship between us and the business partner, e.g., to process the ordering of products and services, to collect payments, for accounting and billing purposes;
  • Making contact with business partners with information and offers about our products and services and carrying out other marketing activities, such as managing and conducting customer surveys, marketing campaigns, market analyses, competitions, newsletters, contests, or other promotional activities or events;
  • Maintaining and protecting the security of our products, services, and our websites, preventing and detecting security risks, fraudulent behavior, or other criminal or malicious actions;
  • Complying with legal requirements (e.g., tax and commercial retention obligations), existing obligations to carry out compliance screenings (to prevent economic crimes or money laundering), as well as internal guidelines and standards; and
  • Resolving legal disputes, enforcing existing contracts, and asserting, exercising, and defending legal claims.

8.2 Legal Basis:

Depending on the phase of contact with you, the following legal bases for processing your data may be relevant:

  • For the implementation of pre-contractual measures or the fulfillment of a contract, this is Art. 6 Para. 1 lit. b) DSGVO.
  • To comply with legal obligations to which we are subject, this is Art. 6 Para. 1 lit. c) DSGVO.
  • To protect our legitimate interests, this is Art. 6 Para. 1 lit. f) DSGVO.
  • If you have given us consent to data processing, this is Art. 6 Para. 1 lit. a) DSGVO.

8.3 Recipient or Categories of Recipients of the Data:

Within our company, we ensure that only those persons receive your data who need them to fulfill contractual and legal obligations. Depending on the nature of the business relationship with you, the data may be passed on to partners and suppliers. We sometimes use other service providers to process business transactions. These can be, for example, parcel services, banks, internet service providers, manufacturers, IT service providers, lawyers, and tax consultants.

8.4 Data Transfers to Third Countries:

Our IT service providers may process data in third countries outside the EU for which there is no adequacy decision from the EU Commission. Where necessary, we conclude standard contractual clauses of the EU Commission with these service providers and take additional guarantees to protect your data to comply with the level granted in the European Union according to the ECJ decision C-311/18 (Schrems II decision). You can access relevant documents through our data protection officer. No data is passed on to third parties.

8.5 Duration of Storage:

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. The purpose arises from the content of the communication and the respective business transaction. It is not possible to specify in general terms which retention periods must be observed; this must be determined individually for each business transaction. Data is typically retained to meet commercial and tax retention periods (usually six or ten years), unless longer storage is necessary to defend against legal claims.

Mandatory or required provision: An obligation to provide your personal data may arise from the respective contractual relationship.

8.6 Provision Mandatory or Required:

An obligation to provide your personal data may sometimes arise from the respective contractual relationship. Without providing your personal data, we often cannot achieve the aforementioned purposes.

9 Participation in Competitions

9.1 Description and Purpose of Processing:

Personal data collected as part of the competition (including Instagram username and other participant data) are processed for the purposes required in connection with the competition:

  • Execution of the competition,
  • Determination of eligibility to participate,
  • Notification of the winner(s),
  • Handing over of the prize, and
  • Public announcement of the winner(s) on Instagram.

9.2 Provision Mandatory or Required:

Without providing your Instagram username, it is not possible to participate in the competition and be contacted regarding a prize notification. Participation is voluntary.

9.3 Legal Basis:

Participation in the competition results in a competition contract, so Art. 6 Para. 1 lit. b) DSGVO is the legal basis.

9.4 Recipients of Personal Data:

The competition is carried out via the Instagram platform. Instagram belongs to Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Facebook transfers your data to the USA. We point out that a level of data protection comparable to the EU cannot be guaranteed in the USA. For example, US companies are obliged to hand over personal data to security authorities without you as the person concerned being able to take legal action against this. Therefore, it cannot be excluded that US authorities (e.g., intelligence agencies) process, evaluate, and permanently store your data located on US servers for surveillance purposes. We have no influence on Facebook's data processing.

9.5 Duration of Storage:

We delete your data after the end of the competition. We have no influence over Facebook's data processing.

9.6 Revocation of Your Consent:

You can revoke your consent to the publication of the winner(s) at any time without giving reasons. In the event of a revocation, we will contact you in the event of a win with a private message on Instagram. The revocation of my consent does not affect the legality of the processing carried out up to that point.

10 Use and Application of Various Social Networks

10.1 General Information about Processing Your Data:

We maintain numerous company profiles on various social networks and comparable platforms, including Instagram and XING. These presences are intended to promote the company and create contact channels for potential clients and customers. We regularly link to these profiles on our homepage.

If you use our profiles on social networks to contact us (e.g., by creating your own posts, responding to one of our posts, or sending us private messages), the data you share with us will be processed solely for the purpose of communicating with you and addressing your concerns.

However, we would like to point out that when you visit our profiles on the networks listed above, your personal data may also be collected, used, and stored by the operators of the respective social network. This happens even if you do not have a profile on that particular social network. The individual data processing operations and their scope vary depending on the operator of the respective social network, and they are not necessarily transparent to us. Therefore, it is not ruled out that your data will be processed by the platform provider for market research and advertising purposes and passed on to third parties. For example, usage profiles can be created from the user behavior and the resulting interests. These usage profiles can, in turn, be used to display advertisements within and outside the respective platforms that presumably match the interests of the users. Furthermore, data from the devices used by users, as well as location data and other so-called metadata, can be stored in the user profiles. Typically, cookies, which store the user behavior and the interests of the users, are stored on the users' computers. Most platforms also use so-called tracking pixels.

For a detailed description of the respective processes and opt-out options (Opt-Out), we refer to the following linked information from the respective providers:

10.1.1 Instagram

Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)

Privacy Policy: http://instagram.com/about/legal/privacy/

10.1.2 Twitter

Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)

Privacy Policy: https://twitter.com/de/privacy

10.1.3 LinkedIn

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)

Privacy Policy: https://www.linkedin.com/legal/privacy-policy

10.1.4 XING

XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)

Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung

10.2 Legal Basis

10.2.1 Communication Data:

Depending on the stage of contact, the following legal bases may be relevant for processing your data:

  • For pre-contractual measures or for fulfilling a contract: Art. 6 Para. 1 lit. b) DSGVO
  • To meet legal obligations: Art. 6 Para. 1 lit. c) DSGVO
  • To protect our legitimate interests: Art. 6 Para. 1 lit. f) DSGVO
  • If you have given us consent: Art. 6 Para. 1 lit. a) DSGVO

10.2.2 Other Processes:

The additional data processing carried out on social networks serves our and the legitimate interest of the respective provider to enhance the user experience when visiting our company profiles. The legal basis for these processes is Art. 6 Para.1 lit. f) DSGVO. If users are asked by the respective platform providers for consent to the described data processing, the legal basis is Art. 6 Para. 1 lit. a) DSGVO.

10.3 Duration of Storage:

We delete stored data as soon as they are no longer required or if you ask us to delete them. In the case of legal retention obligations (usually six or ten years), we limit data processing accordingly, unless longer storage is necessary to defend against legal claims.

10.4 Data Recipients:

We do not pass on the data you provide to third parties. However, we cannot rule out and have no influence on whether the operators of the respective networks pass on your data to third parties (e.g., business partners, advertising companies, etc.).

10.5 Data Transfer to Recipients Outside the European Economic Area

Please note that visitor data on social networks may also be processed outside the European Union. This can pose risks for users, e.g., enforcing user rights could become more difficult.

10.6 Exercising Your Rights:

In addition to the section "Your Rights," we point out that you can most effectively assert your rights, especially access requests, directly with the providers. Only the providers have access to user data and can take appropriate measures and provide information. If you need assistance, please contact us.

11 Job Applications

11.1 Purpose of Processing:

If you send us an application, we will process your application data to determine whether you possess the suitability, competence, and professional performance for the position to which you are applying.

11.2 Legal Basis of Data Processing:

The legal basis for data processing as part of the selection process for establishing an employment relationship is § 26 DSGVO.

11.3 Recipients or Categories of Data Recipients:

In some cases, we use external service providers to process your data for our IT support. These service providers have been carefully selected by us, commissioned in writing, and are bound by our instructions.

11.4 Duration of Storage:

Your personal data/application documents will be deleted or destroyed no later than six months after receiving the decision about your application (acceptance or rejection), unless longer storage is required to defend against legal claims. In the case of a positive decision and possible employment, your documents will be transferred to your personnel file.

11.5 Provision Required or Mandatory:

The provision of personal data is necessary for the lawful conduct of the selection process. If your application does not contain all the necessary personal data for the decision, I would like to point out that this could result in your non-consideration for the position.

12 Career Network XING

If you apply through the social media platform XING, accessible via https://xing.com, the following additional information applies:

We have adjusted the job posting on XING to be privacy-friendly. This means that there is no automated pre-selection of applicants (cf. Art. 22 DS-GVO), and we do not use offered functionalities such as aptitude tests or suitability questions.

If you click on the "Apply" button on XING to apply for our job advertisement, a contact form will open.

If you apply "classically" as requested by us, with a cover letter, CV, and references via email, the same data protection notes apply to your application as for the "classical" application process.

Additionally, we would like to draw your attention to XING's data protection notes, which you can access here:

https://privacy.xing.com/de

13 Your Rights

At any time, you can exercise the following rights by contacting our data protection officer using the provided contact details:

  • Access: You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have the right to access this personal data and the detailed information specified in Art. 15 DS-GVO.
  • Rectification: You have the right to promptly demand the correction of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data (Art. 16 DS-GVO).
  • Deletion: You have the right to request the immediate deletion of personal data concerning you if one of the specific reasons listed in Art. 17 DS-GVO applies, e.g., if the data is no longer required for the pursued purposes and legal retention and archiving regulations do not oppose deletion.
  • Restriction: You have the right to request a limitation on processing if one of the conditions listed in Art. 18 DS-GVO applies, e.g., if you have lodged an objection to the processing, pending the verification of whether the objection will be upheld.
  • Data Portability: If you have consented to data processing or have concluded a contract with us, you may receive your personal data in a structured, commonly used, and machine-readable format or request that this data be transmitted to a third party (Art. 20 DSGVO).
  • Revocation: If data processing is based on your consent, you are entitled under Art. 7 para. 3 DSGVO to revoke your consent to the use of your personal data at any time. Please note that the revocation only has a future effect. Processes that occurred before the revocation are not affected.
  • Objection: You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you under the conditions of Art. 21 DS-GVO.

14 Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority at any time, e.g., with the competent supervisory authority of the federal state of your residence or the authority responsible for us. A list of supervisory authorities (for the non-public sector) with their addresses can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.