Privacy policy

Data protection declaration under the EU GDPR

Dear Website User,

According to the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), we are obliged to inform you about the purpose, nature and scope of the personal data collected and used on our website. Detailed information about this is available below. This document also informs you about your rights concerning data protection. Please read the following data protection information carefully.

I. Scope of application

This data protection declaration as well as the information obligations fulfilled here under the EU GDPR and the Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG) [German Telecommunications-Telemedia Data Protection Act] apply exclusively to this website including all sub-pages.

II. Definitions

Our data protection declaration is based on the terms used by the European authority responsible for issuing directives and ordinances when issuing the General Data Protection Regulation (GDPR). Our data protection declaration is intended to be easy to read and understand for the public as well as for our customers, interested parties and business partners. To achieve this, we have explained the terms we use in advance. Our data protection declaration uses the following definitions, among others:

Supervisory Authority is an independent public body established under Article 51 GDPR which is responsible for monitoring the application of the Regulation in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of personal data within the EU.

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Right of appeal – you may contact the supervisory authority if you believe a provider has not processed your personal data correctly. You can formulate your complaint in a simple and straightforward manner. Some providers may issue a complaint form for this purpose.

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

Third party means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Consent given may be withdrawn at any time.

Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, be it a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.

Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

III. Name and contact details of the data protection officer

The responsible body within the meaning of the EU General Data Protection Regulation (Art. 4(7) GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Sauter GmbH
Untere Mühlewiesen 14
79793 Wutöschingen
Germany
Phone: +49 7746 92300
E-Mail: info@sauter-gmbh.de
Website: www.sauter-gmbh.de

The “controller” means the natural or legal person, which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

IV. Name and contact details of the data protection officer

Our data protection officer will be happy to answer any questions, provide any explanations or address any queries regarding the use of your data:

DASBP Consulting
Feldkreuzweg 21
79793 Wutöschingen
Germany
E-Mail: info@dasbp-consulting.de
Website: https://www.dasbp-consulting.de

V. General information on data processing via the website

1. Description and scope of processing of personal data

Personal data also includes information about your use of our website. In this context, we collect the following personal data: Information about your visits to our website including the amount of data transferred, the location from which you retrieve data from our website, and other connection data and sources retrieved by you. This usually occurs through the use of log files and cookies. You will find more information on log files and cookies below.

2. Legal basis for the processing of personal data

We process personal data in compliance with the relevant data protection requirements, in particular the EU-GDPR, TTDSG and the new Federal Data Protection Act (Bundesdatenschutzgesetz [BDSG-neu]). The processing of your personal data is based on legal permission arising out of the following legal bases:

Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data insofar as we obtain the consent of the data subject for processing operations involving personal data. If you have consented to the storage of cookies or to access to information in your terminal device, the data are also processed on the basis of Section 25(1) TTDSG.

Wenn im Rahmen von Datenverarbeitungen Cookies oder Cookie ähnliche Technologien eingesetzt werden, erfolgt die Speicherung von Informationen in der Endeinrichtung des Endnutzers oder der Zugriff auf bereits in der Endeinrichtung des Endnutzers gespeicherte Informationen gemäß § 25 Abs. 1 TTDSG in Verbindung mit Art. 6 Abs. 1 Buchst. a DSGVO und die weitere Datenverarbeitung gemäß Art. 6 Abs. 1 DSGVO. Falls die Cookie-Nutzung als unbedingt erforderlich ist, erfolgt diese auf Grundlage von § 25 Abs. 2 TTDSG und die weitere Datenverarbeitung gemäß Art. 6 Abs. 1 DSGVO.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation, Art. 6(1)(c) GDPR serves as the legal basis (e.g. obligations under labour law or tax law).

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

Where processing is necessary for the legitimate interests of the controller or a third party, Article 6(1)(f) GDPR serves as the legal basis for the processing, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Information on the relevant legal basis in each individual case is provided in the following paragraphs of our data protection declaration.

3. Purposes of use for the processing of personal data

We only collect, process and use personal data relating to the use of this website (usage data) insofar as this is necessary, and do so exclusively within the scope provided for by law for the following purposes:

  • insofar as this is necessary for the provision of a functional website as well as our content and services,
  • to ensure that our website is presented in the most effective and appealing way possible;
  • in order to fulfil our obligations under any contracts that you have entered into with us;
  • to inform you about any changes to our services,
  • to enable you to use the service or to bill you for the service.

In general, it should not be necessary for you to provide personal data in order to use our website. However, we may require your personal data in order for us to actually make our services available. This is especially true when responding to individual enquiries.

4. Links to third-party websites

In order to ensure our data protection declaration is transparent, we refer at various points to third-party websites in the form of links to information and data protection notices displayed on external websites. The links published on our website are researched and compiled by us with the greatest possible care.

Data are transferred to the link destination solely when you click on such a link; this is technically necessary. Data transmitted include in particular: Your IP address, the time at which you clicked on the link, the page on which you clicked on the link and details of your internet browser. Please do not click on the link if you do not want these data to be transferred to the link destination.

5. Links to other websites/Data protection and third-party websites/Note about third-party providers

The website may contain hyperlinks to and from third-party websites. We cannot accept liability or responsibility for third-party content or data protection conditions if you click on a hyperlink to one of these websites. Please check the applicable data protection conditions before submitting any personal data to these websites.

6. Our objection to the use of our contact details for cold marketing

The use of contact data published due to our legal obligation to provide a legal notice (known as the “legal notice”) for the purpose of sending unsolicited advertising and information material is hereby prohibited.

We expressly object to the processing of our contact data, which are published in the legal notice or the data protection contact details, for the unsolicited sending of advertising or information by third parties. The website operator expressly reserves the right to take legal action in the event of unsolicited and unlawful sending of advertising and information, including spam emails.

VI. Information on the rights of data subjects

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have extensive rights vis-à-vis the controller, which arise in particular out of Articles 15 to 21 of the same regulation:

1. Right to information (Art. 15 GDPR; Section 34 BDSG-neu)

Sie können von dem Verantwortlichen eine Bestätigung darüber verlangen, ob personenbezogene Daten, die Sie betreffen, von uns verarbeitet werden.

Liegt eine solche Verarbeitung vor, können Sie von dem Verantwortlichen über folgende Informationen Auskunft verlangen:

(1) the purposes for which your personal data are being processed;

(2) the categories of personal data which are being processed;

(3) the recipients or categories of recipients to whom your personal data have been or will be disclosed;

(4) the planned storage duration of your personal data or, if specific information in this regard is not possible, criteria for determining the storage duration;

(5) the existence of the right to request from the controller rectification, erasure or restricted processing of your personal data by the controller or to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) where the personal data are not collected from you as the data subject, any available information as to their source;

(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information regarding whether your personal data are transferred to a third country or to an international organisation. In this context, you can ask to be kept informed about the appropriate safeguards under Article 46 GDPR in connection with the transfer.

2. Right of rectification (Art. 16 GDPR)

You have a right of rectification and/or completion vis-à-vis the controller if your processed personal data are inaccurate or incomplete. The person responsible must rectify the data without delay.

3. Right to restriction of processing (Art. 18 GDPR)

You may request the restriction of the processing of your personal data under the following conditions:

(1) if you contest the accuracy of your personal data: this restriction would be for a period enabling the controller to check the accuracy of the data;

(2) the processing is unlawful and you object to the erasure of the personal data and request the restriction of their use instead;

(3) the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims;

(4) if you have objected to the processing under Art. 21(1) GDPR pending verification as to whether the legitimate grounds of the controller override your grounds.

Where processing has been restricted, such personal data are, with the exception of storage, only allowed to be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted in accordance with the above conditions, you will be informed by the controller before this restriction has been lifted.

4. Right to erasure (Art. 17 GDPR, Section 35 BDSG-neu)

a) Obligation to erase

You may request that the controller erases your personal data without undue delay and the controller is obliged to erase these data without undue delay if one of the following reasons applies:

(1) Your personal data are no longer necessary for the purposes for which they were collected or processed.

(2) You withdraw your consent on which the processing was based under Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.

(3) Sie legen gem. Article 21 1 DSGVO Widerspruch gegen die Verarbeitung ein und es liegen keine vorrangigen berechtigten Gründe für die Verarbeitung vor, oder Sie legen gem. Article 21 2 DSGVO Widerspruch gegen die Verarbeitung ein.

(4) Your personal data have been processed unlawfully.

(5) The erasure of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

(6) Your personal data were collected in relation to an offer of information society services (ISS) under Art. 8(1) GDPR.

b) Information passed on to third parties

Where the controller has made your personal data public and is obliged to erase it under Article 17(1) GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.

c) Exceptions

The right to erasure does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health under Art. 9(2)(h) and (i) and Art. 9(3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes under Article 89(1) GDPR, where the right referred to in (a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

(5) for the establishment, exercise or defence of legal claims.

5. Right to information/Notification obligation regarding erasure or restriction (Art. 19 GDPR)

If you have exercised the right to rectification, erasure or restriction of processing vis-a-vis the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom your personal data have been disclosed, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the controller.

6. Right to data portability (Art. 20 GDPR)

You have the right to receive personal data that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer these data to another controller without hindrance from the controller to whom the personal data have been provided, provided that

(1) die Verarbeitung auf einer Einwilligung gem. Art. 6 Abs. 1 lit. a DSGVO oder Art. 9 Abs. 2 lit. a DSGVO oder auf einem Vertrag gem. Art. 6 Abs. 1 lit. b DSGVO beruht und

(2) the processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to have your personal data transferred directly from one controller to another controller, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object to the collection of data in specific cases and to direct marketing (Art. 21 GDPR)

7.1. Right to object on a case-by-case basis (Art. 21(1) GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balance of interests) with effect for the future; this also applies to profiling based on these provisions within the meaning of Article 4(4) of the same regulation.

The controller must no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (objection under Article 21(1) GDPR).

7.2. Right to object to data processing for direct marketing purposes (Art. 21(2) GDPR)

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection under Art. 21(2) GDPR).

The objection can be made informally by sending an email with “Objection” in the subject line, and providing your name, address or other identifiers to datenschutz@sauter-gmbh.de

In the context of using information society services (ISS) and notwithstanding Directive 2002/58/EC, you may exercise your right to object to automated means using technical specifications.

8. Withdrawal of consent to data processing (Art. 13(2)(c) GDPR)

If the processing of your personal data is based on consent, you have the right to withdraw your voluntarily and expressly granted declaration of consent to processing under data protection law at any time with effect for the future. The relevant data will then be blocked or deleted immediately in accordance with legal storage periods. Withdrawal of the consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

Ihren Widerruf können Sie formlos auf gleichem Weg wie Ihre Einwilligung durchführen/mitteilen. Alternativ können Sie sich unter Angabe Ihres vollständigen Namens und Ihrer E-Mail-Adresse an folgende E-Mail-Adresse wenden: datenschutz@sauter-gmbh.de

9. Automated individual decision-making including profiling (Art. 22 GDPR, Section 37 BDSG-neu)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests;

(3) is made with your express consent.

However, these decisions must not be based on special categories of personal data under Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) of the same regulation applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller must implement suitable measures to safeguard your rights and freedoms, and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express your point of view and to contest the decision.

10. Right to complain to a supervisory authority (Art. 13(2)(d) and Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority of your choice (Art. 77 GDPR in conjunction with Section 19 BDSG-neu), in particular in the Member State of your place of residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority to which the complaint has been lodged must inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

A list of the supervisory authorities and their contact details with addresses can be found under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

In the event of data protection complaints, please contact the competent supervisory authority:

The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Tel. 0711 6155410
Fax: 0711 61554115
Email: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de

To exercise these rights, you can contact the data controller referred to in Section III or the data protection officer referred to in Section IV at any time.

Please also contact us using the contact details provided if you have any questions, comments or requests regarding the collection, processing or use of your personal data.

VII. Processing of customer and contract data

1. Description and scope of processing of personal data

We process your data to execute and perform those services to which we have committed ourselves (contractually) towards you. Insofar as the provision of these services is accompanied by legal obligations (such as legal documentation or retention obligations), we also process your data in the course of fulfilling them.

2. Categories of personal data processed

Within the scope of our business relationship, we process and store the following categories of personal data: Personal data (name, address), bank details, order data (e.g. delivery order) if applicable, payment data, documentation data (data from consultation and service discussions), as well as comparable data.

3. Purposes and legal basis for the processing of personal data

We collect, process and use personal data only insofar as they are necessary for the establishment of the legal relationship, the determination of its content or its amendment (inventory data). Personal data are processed for the performance of our contracts with you, for pre-contractual negotiations, for the execution of your orders, as well as all activities required for the operation and administration of our company. We only collect, process and use personal data concerning the use of our web pages (usage data) insofar as this is necessary to enable the user to use the service or to bill the user.

In addition, we process personal data in accordance with Art. 6(1)(c) GDPR insofar as this is necessary for the fulfilment of legal obligations to which we are subject as a company. The purposes of the processing include, among others, commercial and tax law retention obligations according to Section 257 of the German Commercial Code (German Commercial Code [HGB]) and Section 147 of the German Fiscal Code (Fisical Code [AO]).

4. Storage duration or criteria for determining storage duration

We only store data that we process within the scope of contractual relationships – insofar as necessary – for tax reasons for a 10-year period. In accordance with legal requirements, data are stored for six years under Section 257(1) HGB (account books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years under Section 147(1) AO (e.g. books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation).

5. Disclosure of data to internal recipients

The information collected on this website is passed on to the relevant internal departments within our companies that are involved in the execution and fulfilment of the relevant business processes (e.g. marketing, IT department).

6. Disclosure of data to contractual service providers (data processors)

In order to achieve our stated processing purposes, it is occasionally necessary for us to disclose your data to individual recipients who need to process the data on our behalf. Below is a list of data controllers and/or processors to whom we may transfer, furnish or provide access to personal data on a case-by-case basis. Insofar as the naming of specific recipients is not possible at this point, the GDPR allows us to specify categories of recipients:

  • EDP and IT service provider
  • Web hosting and email dispatch hosting
  • Advertising agency
  • Telecommunications
  • Logistics
  • Sales and marketing

These service providers only process the data according to explicit instructions and are contractually obliged to ensure appropriate technical and organisational data protection measures. Furthermore, they are obliged to process the information in accordance with this data protection notice and German data protection laws.

7. Disclosure of data to external recipients (third parties)

Furthermore, we may transfer the personal data of our customers to bodies such as:

  • Banks, for the processing of payment transactions
  • Competent administrative authorities, especially tax advisors/auditors
  • Postal and delivery service providers
  • Financial management
  • Your personal data will not be transferred to third parties for purposes other than those listed above.

8. Data security/Security measures

8.1. SSL encryption

This website uses Secure Socket Layer (SSL) encryption for the transmission of data from your browser to our server, and to servers that provide files that we embed on our website.

With SSL, data are transmitted in encrypted form. The data cannot be changed and the sender cannot be identified. SSL encryption is recognisable by the “https” that precedes the website address that you call up in the browser.

8.2. Security notice

We secure our website and other IT systems against loss, destruction and unauthorised access, modification or disclosure of your data by means of appropriate technical and organisational measures. However, total protection against all risks is not possible in every case, despite all due care.

Because we cannot guarantee complete data security when communicating by email, we recommend that confidential information be sent by post. Our security measures are constantly being updated in line with technological developments.

VIII. Data processing for the provision of the website and the creation of log files

1. Description and scope of processing of personal data

You can browse our website anonymously. Each time a customer (or other visitor) accesses/calls up our website, the internet browser used on your end device (computer, laptop, tablet, smartphone, etc.) automatically sends or transfers data and information about your usage patterns and interaction with us to the server of our website and registers data on your computer or mobile device (access data). This information is temporarily stored in a file called a server log file. These data constitute information that relates to an identified or identifiable natural person (website visitor).

2. Categories of personal data processed

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data are routinely collected:

  • Information about the browser type and version used,
  • Information about the operating system of the user’s computer,
  • Details of the user’s internet service provider,
  • IP address of the user,
  • Date and time of access/server request (HTTP status code)
  • Websites from which the user’s system accesses our website
  • Websites accessed by the user’s system via our website

An evaluation of the data for marketing purposes does not take place in this context. These data are not stored together with other personal data belonging to the user. These data are collected and stored anonymously; we do not draw any conclusions about the person concerned. No personal surfing profiles or similar are created or processed.

3. Legal basis for data processing

Data in the server log files are processed to protect our overriding legitimate interest on the basis of Art. 6(1)(f) GDPR and Section 31 BDSG.

We have a legitimate interest in providing a website optimised for your browser, ensuring the website’s stability and functionality and enabling you to communicate between our server and your terminal device.

We reserve the right to subsequently check the log data/server log files if there are reasonable grounds to suspect unlawful use.

4. Purpose of data processing

The listed data (without personal reference) in log files are collected, stored and processed to ensure the functionality of the website. In addition, we use the data to optimise the website, for technical administration and to ensure the security of our information technology systems as well as for defence against and analysis of attacks.

5. Storage duration or criteria for determining storage duration

This data/information is stored in the log files of our system for a limited period of time based on the following criteria:

  • The data we collect in connection with the (purely informational) call-up of our website for the purpose of providing the website will only be stored for the duration of your use of the website and will be deleted immediately after (i.e. when the session in question has ended). In the case of data stored in log files, this will generally take place after seven days at the latest (log rotation). In this case, the IP addresses of the users are deleted or uncoupled from identifiers (anonymised by shortening), so that it is no longer possible to allocate them to the computer calling them up (client).
  • Log data whose further storage for verification purposes (e.g. to clarify cases of abuse or fraud, to detect abuse or to maintain proper functioning) is waived and where there is a justified suspicion of unlawful use due to concrete indications and further examination and processing of the information is necessary for this reason are exempt from deletion until the respective incident has been finally clarified. These data will be deleted or overwritten after six months at the latest.

An evaluation of the data for marketing purposes does not take place in this context. These data are not stored together with other personal data belonging to the user. These data are collected and stored anonymously; we do not draw any conclusions about the person concerned. No personal surfing profiles or similar are created or processed.

6. Recipients or categories of recipients of personal data

The data recipient is our technical hosting service provider, Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany, which acts as a processor for the operation and maintenance of our website under Art. 6(1)(f) GDPR in conjunction with. Art. 28 of the same regulation. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

7. Legal or contractual requirements to provide personal data; necessity for the conclusion of the contract; obligation of the data subject to provide personal data; and possible consequences of non-provision

The processing and storage of data by the system is technically necessary to visit a website in order to enable delivery of the website to the user’s computer, to avoid server overload and to ensure stability and security.

There is no legal or contractual obligation to provide data, however, it is not technically possible to call up our website without providing data.

8. Objection and removal option

The collection of data for the provision of the website and the storage of the data in log files are absolutely necessary for the operation of the website. There is no right to object to the processing due to the exception according to Art. 21(1) GDPR.

IX. External hosting/web hosting and emailing

1. Use of web hosting

a) Description and scope of data processing

For our web presence, we use the web hosting service of Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany, which acts on our behalf as a data processor.

We or our hosting provider process inventory, contact, content, contract, usage, meta and communication data of our customers, interested parties and website users, as well as contact requests, IP address (which is necessary to be able to deliver online content to browsers), website accesses and other data generated via our website and incurred in the context of usage and communication in order to make available the hosting services.

b) Purpose and legal basis for data processing

The hosting services we use are for the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the website.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in our legitimate interest in a secure, fast and efficient provision and supply of our online services by a professional provider in accordance with Art. 6(1)(f) of the same regulation.

c) Storage duration or criteria for determining storage duration

The personal data collected on this website are stored on the host’s servers. Our host will only process your data to the extent that this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to these data.

2. Emailing

a) Description and scope of data processing

We use the hosting service Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn Germany to send our emails.

The email delivery services we use include the sending, receipt and storage of emails. For these purposes, the addresses of the recipients and senders as well as further information regarding the sending of the emails and the contents of the respective emails are processed.

b) Purpose and legal basis for data processing

The above data may also be processed for spam detection purposes. Please note that emails are generally not sent in encrypted form. As a rule, emails are encrypted in transit, but unless an end-to-end encryption method is used, they are not encrypted on the servers from which they are sent and received. Accordingly, we cannot assume any responsibility for the transmission path of the emails between the sender and our server on which they are received.

X. Data collection when contacting us by email, post or telephone

a) Description and scope of data processing

You may contact us by post, telephone or email.

If you contact us by post, we may in particular process your address data (e.g. surname, first name, street, place of residence, postcode), date and time of receipt of the post as well as the data resulting from the correspondence itself.

If you contact us by telephone, your telephone number in particular and, if necessary, your name, your email address, the time of the call and details of your request will be processed during the conversation with your permission.

If contact is made by email to our email addresses, the user’s personal data transferred with the email will be stored in our contact list. When you contact us by email, your email address, the time of the email and the text data (including attachments, if applicable) are processed.

Depending on the data you enter here, we will then contact you again either by telephone or email and call you back or write to you if necessary.

b) Legal basis for data processing

The legal basis for the processing of data transferred in the course of sending an email is Art. 6(1)(f) GDPR as we have a necessary legitimate interest in the effective processing of the requests addressed to us, to respond to your email or to enable you to contact us at any time and to answer your requests. If the email contact aims to conclude a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR.

c) Purpose of data processing

The purpose of processing the above data is to process the contact enquiry or to be able to contact you in order to answer the request and process it, to fulfil your wish to be contacted and to contact you in the event that follow-up questions arise.

d) Recipients or categories of recipients of personal data

The data recipient is our technical hosting service provider, Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany, which acts as a data processor for the operation and maintenance of our website. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

In this context, these personal data will not be passed on to third parties or other recipients. These data will also not be transferred to a third country or to an international organisation.

e) Storage duration or criteria for determining storage duration

The personal data you send to us by email remains with us until you request its erasure, revoke your consent for storage or the purpose for storing the data no longer applies, e.g. your request has been completed or correspondence with you has ceased. This is the case if it can be inferred from the circumstances that the facts concerned have been conclusively clarified or as soon as they are no longer required to achieve the purpose for which they were collected and provided that there are no statutory retention obligations to the contrary.

Where a contractual relationship arises, we are subject to the mandatory statutory provisions – in particular statutory retention periods – and delete your data after six or ten years.

f) Objection and removal option

The user may object to the storage of their personal data at any time by sending an email. You can object to the storage of your data at any time in writing or by sending an email to us at datenschutz@sauter-gmbh.de[/].

g) Withdrawal of consent under data protection law

Where you have given us separate consent to data processing, you may withdraw this consent at any time in accordance with Art. 7(3) GDPR. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. All personal data stored in the course of contacting us will be deleted in this case.

Your consent can be withdrawn by sending an email to datenschutz@sauter-gmbh.de.

h) Legal or contractual requirements to provide personal data; necessity for the conclusion of the contract; obligation of the data subject to provide personal data; and possible consequences of non-provision

The provision of personal data is neither legally nor contractually required and is also not necessary for the conclusion of a contract. You are also not obliged to provide your personal data. However, failure to provide this information may mean that you are unable to use our contact form or contact us, and it may not be possible to process your enquiry without this information. In such cases, the correspondence cannot be continued.

XI. Information on the cookies used

1. Use of technically necessary cookies

We use cookies on various pages in order to make visiting our website attractive and to enable the use of certain functions.

In its original form, a cookie is a data record that is stored on your data carrier/end device (laptop, tablet, smartphone or similar) and that stores certain settings and data for exchange with our system via your browser in order to tailor the offer to its needs and enable it to use certain functions.

Cookies do not cause any damage to your end device and do not contain viruses, Trojans or other malware. Cookies cannot access, read or amend any other data on your computer.

a) Description and scope of data processing

The technical structure of the website requires us to use certain techniques, in particular cookies. Without these techniques, our website cannot be displayed completely correctly and the support functions cannot be enabled. These are basically transient cookies that are deleted after the end of your browsing session, at the latest when you close your browser. You cannot opt out of these cookies if you wish to use our website. Individual cookies can be seen in the Consent Manager.

WordPress

We use WordPress to edit our website. WordPress uses necessary functional cookies to allow editors and administrators to log in. Specifically, when you try to log in to the WordPress administration interface, a cookie called wordpress_test_cookie is set. This cookie is used exclusively for the active session and is deleted as soon as you close the browser. The cookie is not used to evaluate user behaviour.

Elementor
We also use Elementor, a WordPress plugin from the software company Elementor Ltd. Elementor does not set HTTP cookies. Instead, it works with Local Storage and Session Storage. The data collected is only stored on the visitor’s local browser and is not sent to Elementor, our server or any third party. Local Storage and Session Storage are responsible for ensuring that pop-ups, sidebars etc. are not displayed again, so that you can use our website undisturbed. Information on the exact validity period of the individual cookies can be found in the table below:

Further information and the Elementor data protection declaration can be found at https://elementor.com/about/privacy.

b) Purpose of data processing

The purpose of the use of technically necessary cookies is to make using our services more convenient for you, to simplify and optimise them and to make the website available in a user-friendly manner. They are also vital for the operation of the website. The following purposes are stated:

  • Management of the online offer/presentation of the website
  • Adoption of language settings
  • Storage of user decision when the cookie banner is confirmed
  • Ensuring system security

The user data collected by technically necessary cookies are not used to create user profiles.

c) Legal basis for the use of technically necessary cookies

We may lawfully store cookies on your device where strictly necessary and required for the operation and functioning of our websites.

The legal basis for the processing of personal data using technically necessary cookies for the above purposes is Art. 6(1)(f) GDPR. Access to and storage of information in the terminal device is based on Section 25(2) TTDSG.

d) Recipients or categories of recipients of personal data

The data recipient is our technical hosting service provider which acts as a processor for the operation and maintenance of our website, and for this we have concluded the corresponding data processing agreement.

e) Storage duration or criteria for determining storage duration

All personal data collected by us during your visit through the use of session cookies are automatically deleted after the web browser session ends (by leaving or closing/logging out of the website).

f) Objection and removal option

There is no right/possibility of objection on the part of the user regarding the data processing required for the operation of the website. The use of technically necessary cookies is important for the operation of the website.

If you wish to prevent the use of cookies in general, you can do this through your local internet browser settings (e.g. Internet Explorer, Mozilla Firefox, Opera or Safari).

g) Legal or contractual requirements to provide personal data; necessity for the conclusion of the contract; obligation of the data subject to provide personal data; and possible consequences of non-provision

The provision of the above personal data is mandatory in order for the website to be displayed. Without these data, the service and functionality of our website are not guaranteed and some functions of the website, such as language selection or the storage of log-in data, cannot be used properly without these cookies. Essential cookies enable basic functions and are necessary for the proper functioning of the website.

1.1. Cookie consent with CCM19 Consent Tool

a) Description and scope of data processing

Our website uses CCM19 Cookie cookie consent technology to obtain your consent to the storage of certain cookies in your browser and to document this in a manner compliant with data protection laws. The provider of this technology is Papoo Software & Media GmbH, Bornschein, Auguststr. 4, 53229 Bonn, Germany (“CCM19”).

b) Categories of personal data processed

In order to obtain users’ consent to the use of cookies and therefore to the collection of personal data, CCM19 Cookie cookie consent technology stores, among other things, information about

  • the log file,
  • the browser used by the user and
  • user consent such as the timestamp, processorID and controllerID

and transfers it to CCM19. These data are not passed on to other third parties.

c) Purpose of data processing

Our website uses the CCM19 Cookie cookie consent technology which sets a technically necessary cookie to obtain your legally required consent for the use and storage of certain cookies in your browser or for the use of certain technologies and to document this in a manner compliant with data protection laws.

d) Legal basis for data processing

The legal basis for data processing is Art. 6(1)(c) GDPR. Our legal obligation is to inform you about the cookies we use and to obtain and document your consent to data processing. We set the technically necessary cookies on the basis of Art. 6(1)(f) GDPR in order to document your consent. Access to and storage of information in the terminal device is absolutely necessary in these cases on the basis of Section 25(2) TTDSG.

e) Recipients or categories of recipients of personal data

The data recipient is Papoo Software & Media GmbH, Bornschein, Auguststr. 4, 53229 Bonn, Germany.

f) Storage duration or criteria for determining storage duration
When you access our website, a CCM19 cookie (ccm_consent) is stored in your browser, which records the consent you have given or withdrawn. These data will not be shared with CCM19. Information on the exact validity period of the individual cookies can be found in the table below:

Further information and the CCM19 Cookie Banner data protection declaration can be found at https://www.ccm19.de/datenschutzerklaerung.html

g) Objection and removal option

The CCM19 Cookie Banner stores the consent you gave when accessing the website. Simply delete the cookie in your browser if you wish to withdraw this consent.

If you delete the cookies, we will ask you for your consent again if you visit the site again.

h) Legal or contractual requirements to provide the personal data

CCM19 cookie consent technology is used in order to obtain the legally required consent to the use of cookies.

XII. Use of TeamViewer Support

a) Description and scope of data processing

We use Team Viewer QuickSupport, a web conferencing and remote maintenance service, on our website. The provider is TeamViewer Germany GmbH (“TeamViewer”), Bahnhofsplatz 2, 73033 Göppingen, Germany.

The TeamViewer data protection team and data protection officer can be contacted at privacy@teamviewer.com or at TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen, Germany.

Further information about TeamViewer can be found in its data protection notice available here: https://www.teamviewer.com/de/datenschutzinformation (as of 27 January 2022).

b) Categories of personal data processed

The following personal data are processed within the scope of support services via TeamViewer:

  • Content data transmitted when using the software and services, e.g. the data related to the chat functionality
  • Connection data stored on the user’s device (log files)
  • Data from conference recordings stored on the user’s device

In addition, TeamViewer collects data that are part of its online support service, including data such as

  • Usernames
  • Email addresses
  • IP addresses
  • Preferred language
  • Meeting ID
  • Location

TeamViewer states that it uses different types of cookies depending on the purpose. Detailed information in connection with the use and purpose of cookies, pixels and similar technologies can be found at https://www.teamviewer.com/de/datenschutzinformation/ (as of July 2022), under “Data protection information for cookies”.

If you have any questions about the processing of your personal data by TeamViewer Germany GmbH in connection with your contractual relationship, please contact privacy@teamviewer.com.

c) Legal basis for data processing

The processing of personal data for data transfer to TeamViewer is exclusively based on your prior consent under Art. 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the storage of or access to information in terminal equipment within the meaning of the TTDSG is concerned.

d) Purposes for which personal data are processed

With the help of TeamViewer QuickSupport software, we offer you support services directly on your PC upon request and only during our business hours following telephone or written consent. This allows us to offer better and more tailored support in the case of questions or problems.

In the context of setting up and performing remote maintenance, data is collected, stored and processed exclusively for the purpose of providing the support services. Your data will not be linked to any other data, will not be used for any other purposes and will not be passed on to third parties under any circumstances.

The purpose and scope of the data collection and the further processing and use of the data by TeamViewer in connection with the use of its products as well as your rights in this regard and setting options for protecting your privacy can be found in the relevant data protection information, in particular the TeamViewer data policy, which can be found under the following link https://www.teamviewer.com/de/datenschutzinformation/ (as of January 2023).

e) Storage duration or criteria for determining storage duration

The browsing history of the online service is not stored beyond the browsing session. Exceptions are log data, which are only used to maintain IT security and are deleted after seven days.

The data will only be stored by Sauter GmbH for as long as is necessary for the setup and follow-up as well as the implementation of the online support. The data are deleted after completion of a TeamViewer Online Support session.

f) Internal recipients of personal data

The information collected in this regard is received within our companies by our support staff/IT department involved in the execution and fulfilment of the respective business processes. Our employees are sufficiently trained and familiar with the duties of confidentiality and due diligence.

g) Recipients or categories of recipients of personal data as data processors

The data recipient is TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen, Germany, with whom we have concluded a contract on data processing in accordance with Art. 28 GDPR. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

h) Withdrawal of the declaration of consent under data protection law

If you have expressly given your voluntary consent to data processing, you can withdraw it in accordance with Art. 7(3) GDPR at any time with effect for the future and without giving a reason by calling up the cookie settings on our website where you will find an overview of the cookies used as well as the option to adjust or withdraw the individual cookies or the category of cookies/your selection. Withdrawal of your consent does not affect or prejudice the lawfulness of processing conducted on the basis of your consent prior to this.

i) Legal or contractual requirements to provide personal data; necessity for the conclusion of the contract; obligation of the data subject to provide personal data; and possible consequences of non-provision

The provision of the above personal data is neither legally nor contractually required and is also not mandatory in order to display the website or to conclude a contract. You are also not obliged to provide your personal data.

In cases of data collection based on your consent, the provision of data by you is voluntary and not mandatory. However, if consent is not given, we will not be able to provide the benefits or services based on data processing by means of consent.

XIII. Data protection in the context of job applications

a) Description and scope of data processing

We also offer you the opportunity to apply electronically for job vacancies on our website and to send us a speculative application by email or post. We advertise current vacancies in a separate section. Interested parties can apply by email using the contact address provided. In the case of postal delivery, we process the data provided by you.

b) Purpose of processing

The purpose of processing the personal data resulting from the application documents you send is exclusively to process your application or to manage the application procedure and to be able to identify a suitable applicant.

c) Legal basis for data processing

Rechtsgrundlage für die Verarbeitung der sich aus der Bewerbung ergebenden personenbezogenen Daten einschließlich der Kontaktaufnahme für Rückfragen ist grundsätzlich Art. 6 Abs. 1 lit. b DSGVO (allgemeine Vertragsanbahnung) i.V.m. § 26 Abs. 1 BDSG-neu (Anbahnung eines Beschäftigungsverhältnisses) sowie Art. 88 Abs. 1 DSGVO und Art. 6 Abs. 1 lit. a DSGVO (sofern Einwilligung) in deren Sinne das Durchlaufen des Bewerbungsverfahrens als Arbeitsvertragsanbahnung oder Vertragserfüllung gilt.

In the event of an application being successful, the data provided will be processed on the basis of Art. 6(1)(b) GDPR in conjunction with Section 26(1) BDSG-neu for the purpose of establishing the employment relationship.

d) Recipients or categories of recipients of personal data

Personal data are only passed on within our company to the departments involved in the application process.

A career quiz is offered for speculative applications. This is an e-recruiting service provided by the personnel service provider Universal Job Süd GmbH, Eisenbahnstraße 17, 79761 Waldshut-Tiengen which constitutes joint processing under Art. 26 GDPR (cooperation of two or more controllers in the processing of personal data).

When operating the application platform at https://www.upgrade-worklife.de we process and use your personal data in our online application system exclusively for the purposes necessary to ensure effective and correct processing of the application procedure. This also applies to data added during the application process, e.g. as a result of queries and subsequently submitted documents.

We seek to obtain a brief overview of you and your current situation through the online application process/career quiz.

e) Storage duration or criteria for determining storage duration

The data transferred for the purpose of establishing the employment relationship are stored in compliance with the statutory provisions:

If we conclude an employment contract with an applicant, we also store the data submitted so that we can enter into an employment relationship.

Where we do not conclude a contract with you, where we are unable to make you a job offer or where you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided for up to six months from the end of the application process (i.e. rejection, or having been informed of the rejection or withdrawal of the application) on the basis of our legitimate interests. After this period, the data are deleted and the physical application documents destroyed. If it is evident that data will be needed after the six-month period has expired (due to an impending or pending legal dispute), they will only be deleted when the purpose for continued storage no longer applies.

They may be stored for longer if you have given your consent or if legal storage obligations prevent erasure.

The application email and the documents sent will be deleted after six months once the application process is over, unless we are legally obliged to retain these data.

If you have sent us your application documents by post, we will return your submitted documents to you once the application process is over.

f) Data sources

We process personal data that we receive from you by post or email in the course of contacting you or processing your application, or that you send to us via https://www.upgrade-worklife.de.

g) Legal or contractual requirements to provide personal data; necessity for the conclusion of the contract; obligation of the data subject to provide personal data; and possible consequences of non-provision

The provision of personal data in the context of an application process is neither legally nor contractually required. You are therefore not obliged to provide details about your personal data. However, please note that these are necessary for any decision on an application or the conclusion of a contract as part of an employment relationship with us. If you do not provide us with your personal data, we cannot make a decision on entering into an employment relationship. We recommend that you only provide the personal data required to complete the application.

XIV. Validity and amendment of this data protection declaration

Due to the ongoing development of our website, the growth of our business objectives and offers, and due to new technologies, changes to our data processing or changes because of changed legal, judicial or official requirements (e.g. an adjustment required by new case law), it may become necessary to change or adapt this data protection declaration at any time with effect for the future.

We therefore ask you to revisit this data protection declaration each time you visit the website and to check whether it has changed since your last visit, especially if you are making personal data available. You can easily tell if changes have been made by checking the date shown at the bottom of this text. The new data protection declaration will apply to your next visit.

XV. Accessibility of the data protection provisions

These data protection provisions can be accessed at any time from any page of our website under the heading “Data protection declaration”.

.

.

As of February 2023