Website/Social Media
Customers, suppliers & service providers

Data Privacy Statement Website & Social Media

General

Protecting your personal data during its collection, processing, and use while you visit our website is an important matter to us. We handle your personal data confidentially and according to the legal data protection regulations as well as according to this data privacy statement.

Responsible party:

The responsible party in the sense of the General Data Protection Regulation (VO (EU) 2016/679) is Crespel & Deiters GmbH & Co. KG, Groner Allee 76, 49479 Ibbenbüren, Germany, Phone: +49 5451 5000-0, Fax: +49 5451 5000-300, Electronic mail: info@crespeldeitersgroup.com represented by its Managing Director Gustav Deiters.

Data privacy supervisor:

Mr Sascha Hesse, Attorney at Law, Hanauer Landstraße 151-153, 60314 Frankfurt am Main, Germany, Phone: +49 69 90437965, Fax: +49 69 90437974, Electronic mail: shesse@agor-ag.com

Visiting our Website/Homepage

You may visit our homepage without registering yourself or providing personal details.

Log files

With every access of a user on our website and with each access of a file, data concerning these events are automatically collected and stored in a log file. In detail, the following data are stored about each access:

  • IP address of the requesting device
  • Name of the accessed file.
  • Date and time of the access.
  • Amount of data transferred.
  • Notification of whether the access was successful.
  • Description of the type of web browser used.
  • Requested domain.

The storage exclusively supports internal system-related and statistical purposes. We use this information to continuously improve and update our website in order to increase its attractiveness (safeguarding legitimate interests). In addition, we use the data to identify and defend against attempted attacks and to clarify the suspicion of use relevant to criminal law. The basis of law for this is Article 6 Section 1 Letter f of the DSGVO (Datenschutzgrundverordnung, English: General Data Protection Regulation [GDPR]) (safeguarding legitimate interests).

The recorded data will not be pooled together with other data sources, in particular data which permits an association with a particular person.

Cookies

Our website uses cookies. Cookies are small text files that make it possible to save specific information related to the user on the terminal device of the user while the user uses the website. Cookies enable us to determine, in particular, the frequency of use and the number of users of web pages, to analyze website activity behaviours, and to design our offering in a more customer-friendly manner. The basis of law for this is Article 6 Section 1 Letter f of the General Data Protection Regulation (GDPR).

Most of the cookies we use are so-called “session cookies.” These cookies are automatically deleted at the end of your visit. Other cookies remain saved on your terminal device until you delete them. These cookies enable us to recognize your browser the next time you visit our website.

If you do not wish that we recognize information about your computer, please configure your browser so that it deletes cookies from your computer’s hard drive, blocks all cookies, or warns you before a cookie is saved. However, in those cases, not all functions of this website may be available to you.

If you leave our website through a link or through clicking possible banner advertising, and reach the site of a third party, it can happen that the addressee of the clicked-on target site sets cookies. We are not legally responsible for these cookies. Please refer to the data privacy policies of those third parties concerning the use of such cookies and the information recorded in them through our advertising partners.

Your cookie settings for this website

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address that is anonymized) will be, as a rule, transmitted to and stored by Google on servers in the United States of America. Please be advised that on this website, Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure anonymized collecting of IP addresses (so-called IP masking). Through the anonymization, Google shortens IP addresses within member states of the European Union or in other contracting states of the Agreement on the European Economic Area, which is why no conclusions about your identity are possible. Only in exceptional cases is the full IP address transmitted to a Google server in the United States of America and shortened there. Google complies with the data protection policies of the “EU-US Privacy Shield” framework and is certified accordingly, so that an appropriate level of data protection is guaranteed. Google processes the collected information to analyze the use of our website, create reports for us on website activities and use, and to provide us with further services regarding website use. The IP address transmitted by your browser in the context of Google Analytics will not be combined with other data from Google.

You may refuse the installation of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

If you do not consent to the processing of data about you by using this website, then you can download a browser add-on from this link: https://tools.google.com/dlpage/gaoptout?hl=de (German language) or http://tools.google.com/dlpage/gaoptout?hl=en (English language) that allows you to configure Google Analytics such that no more information about the website visit will be sent to Google Analytics.

More information on Google data protection may be found at https://policies.google.com/privacy?hl=de (German language) and https://policies.google.com/privacy?hl=en (English language).

Google Fonts

We use Google Fonts to visually improve the presentation of various information on this website. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed. The legal basis is Art. 6 para. 1 letter f of the General Data Protection Regulation (GDPR). Our legitimate interest lies in the optimisation and economic operation of our Internet presence.

Through the established connection to their server, Google are able to determine from which website your request has been sent and to which IP address the representation of the font is to be transmitted.

The opt-out can be set under: https://adssettings.google.com/authenticated

Vimeo

Our website uses an embedded Vimeo Player for the display and playback of videos. The operator of the video platform Vimeo is Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. When you view a page on our website containing an embedded Vimeo Player, a connection to the servers of Vimeo is established. In the process, your IP address along with the URL of the retrieved video is transmitted to the server. If you have a Vimeo account and are logged into Vimeo, Vimeo can assign this information to you and process it in your personal profile.

If you do not wish Vimeo to collect data about you and link it to your personal profile, you must log out of Vimeo before visiting our website. Further information about the collection and use of your data by Vimeo can be found in Vimeo’s data protection statement at https://vimeo.com/privacy (English language).

YouTube

Our website uses an embedded YouTube Player for the display and playback of videos. The operator of the video platform YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you view a page on our website containing an embedded YouTube Player, a connection to the servers of YouTube/Google is established. In the process, your IP address along with the URL of the retrieved video is transmitted to the server. If you are logged into Google, YouTube/Google can assign this information to you and process it in your personal profile.

If you do not wish Google to collect data about you and link it to your personal profile, you must log out of Google before visiting our website. Further information about the collection and use of your data by YouTube can be found in YouTube’s data protection statement at https://policies.google.com/privacy?hl=en

Social Media Plugins

We maintain fan pages within various social networks and platforms with the purpose of communicating with customers, interested parties and users who are active there, and informing them about our services. For the operation of fan pages on social media platforms, a relationship in accordance with Section 26 Par. 1 GDPR (so-called joint responsibility) exists in part.

We would like to point out that your personal data may be processed outside the European Union, so that risks may arise for you (e.g. in the enforcement of your rights under European / German law). Please note that some US vendors are certified under the Privacy Shield and are committed to compliance with EU privacy standards.

User data is usually processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the resulting interests of users. In turn, these usage profiles can be used, for example, to place advertisements inside and outside the platforms that are presumed to correspond to the interests of users. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behaviour and interests are stored. Furthermore, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged on there).

The processing of users’ personal data is performed on the basis of our legitimate interests in providing effective information for users and communicating with users, pursuant to Section 6 Par. 1 lit. f. GDPR. If the users are asked for their consent to data processing by the respective providers (i.e. to declare their consent, e.g. by ticking a check box or confirming via a button), the legal basis for processing shall be Section 6 Par. 1 lit. a., Section 7 GDPR.

More information on the processing of your personal data as well as on your possibilities to object to this can be found under the links of the respective provider listed below. The assertion of the right to information and other rights of the persons affected can also be effected against the providers, since only they have direct access to the data of the users and possess the corresponding information. Needless to say, we are at your disposal if you have any questions and are happy to support you if you need help. Provider:

Facebook

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Data Privacy Declaration: https://www.facebook.com/about/privacy/

Opt-Out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com

Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

Instagram

Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA

Data Privacy Declaration/ Opt-Out: http://instagram.com/about/legal/privacy/.

Google/ YouTube

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

Data Privacy Declaration:  https://policies.google.com/privacy

Opt-Out: https://adssettings.google.com/authenticated

Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

LinkedIn

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Data Privacy Declaration https://www.linkedin.com/legal/privacy-policy

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out,

Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.

Xing

XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany

Data Privacy Declaration/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.

Shariff ABC for the sub-function of the blog about social plugins (social media, e-mail)

We do not collect any personal data ourselves via the social plugins or through their use. We use the Shariff plugin to prevent data from being transmitted to the service providers of social media channels without the user’s knowledge. This plugin ensures that, in a first step, no personal data is passed on to the providers of the individual social plugins when visiting our website. Data can only be transferred to the service provider and stored there only once you click on one of the social plugins. With the Shariff solution, to the extent that this is possible, we take the data privacy interests of our visitors into account, based on currently applicable state-of-the.art technology.

You can find more information on the Shariff solution on the provider’s pages, Heise Medien GmbH & Co. KG: http://m.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

Auxiliary Programs, Active Content

To make this website available, Java applets, Active-X controls, and JavaScript are used. If, for security reasons, you do not wish to utilize these auxiliary programs or this active content, kindly deactivate the appropriate settings of your browser.

Use of Personal Data You Make Available to Us

Personal data such as your name, your address, telephone number, or electronic mail address are not collected unless you provide this data voluntarily.

We call your attention to the fact that transferring data in the Internet (for example, during communication by electronic mail) is subject to security breaches. It is not possible to completely protect such data against access by third parties.

Inquiries and Contracts

Insofar as you have made personal data available to us, we use these solely for the purpose of technically administering the website and fulfilling your wishes and requests, in particular for processing a contract made with you, or for answering your inquiry.

If you have made inquiries through our contact form, the information from the contact form, including the contact data you have entered into the form, will be saved by us to process your inquiry and in the event of follow-up questions. The basis of law for this is Article 6 Section 1 Letter b of the General Data Protection Regulation (pre-contractual measures and performance of the contract).

Forwarding, selling, or otherwise transferring your personal data to companies outside the Crespel & Deiters Group does not occur; excepting that:

  • This is necessary to conclude the contract. Thus it can be necessary, for example, that for product orders, your address and order data are forwarded to our suppliers.
  • You have previously consented to it.

The basis of law for this is Article 6 Section 1 Letter b of the General Data Protection Regulation (performance of the contract) and Article 6 Section 1 Letter a of the General Data Protection Regulation (consent).

Other Advertising and Customer Relations Management

Without your permission, we use personal data only within the legally permitted scope; that means, for customer relations management and sending advertisements by mail. We do not use your electronic mail address, fax number, or telephone number for advertisements without your express consent. The basis of law for this is Article 6 Section 1 Letter f of the General Data Protection Regulation (protection of legitimate interests).

You can object to the use of your data for the purpose of direct marketing at any time and then will not receive further advertisements from us.

Duration of Storage

We delete your data if they are no longer needed after processing an inquiry or termination of the contract. Excluded from this are data which we are not yet allowed to delete due to legal obligation (e.g., documents which are to be retained according to tax law and commercial law) and data which we need to represent legitimate interests; in particular, for asserting claims or for direct marketing.

Your Rights

You have the following rights if the respective legal requirements are met:

  • You have the right to receive information about the personal data saved about you. (Article 15 GDPR).
  • You have the right to request the correction of incorrect information (Article 16 GDPR).
  • You have the right to request the deletion (Article 17) or restriction of processing (Article 18 GDPR) of data which is no longer required. Insofar as statutory retention obligations exist; e.g., for business correspondence under commercial law and tax law or another statutory exception, data will not be deleted, but only their processing will be restricted.
  • You may at any time object to the processing of your data for direct marketing purposes and, for special reasons, also to the further processing of your data (Article 21 GDPR).
  • You have the right to data transferability (Article 20 GDPR); that is, the right to request the data you have provided us in a structured, current, and machine-readable format and to transmit this data to another person responsible without our interference; if necessary, you also have the right to request that we transmit the data directly to another person responsible if this is technically feasible.

Right of objection: In accordance with Article 21 Section 2 GDPR, you may object to the processing of your data for direct marketing purposes at any time. The processing of your data will then be restricted to other purposes for which it is necessary, and will no longer be processed for direct marketing. Furthermore, you can also object to the additional processing of your data if there is a special reason.

To assert your rights, please contact the responsible party named above.

If you believe that the processing of your data violates data protection law, you can complain to a supervisory authority (Article 77 GDPR).

This English translation of the German original is a courtesy translation. Only the German version is binding and shall prevail.

Data protection information for customers, suppliers, service providers and other affected parties according to Article 13 of the EU-GDPR

The following is intended to inform you how we process your personal data and to provide you with an overview of the EU General Data Protection Regulation (EU-GDPR). Please note that not all parts of this letter will apply to you because the details of which data will be processed and how it will be used is largely dependent on our business relationship with you and the services that have been agreed between us.

I. Who is responsible for data processing and who is the data protection officer?

The person responsible for data processing is:

Crespel & Deiters GmbH & Co. KG
Groner Allee 76
49479 Ibbenbüren
Germany
Tel. +49 5451 5000-0
Fax +49 5451 5000-300
datenschutz@crespel-deiters.com
www.crespel-deiters.com

Crespel & Deiters has designated the lawyer Mr Sasha Hesse as their external data protection officer. You can contact Mr Hesse at:

Herr Rechtsanwalt Sascha Hesse
Hanauer Landstraße 151-153
60314 Frankfurt am Main
Telephone: +49 69 90437965
Fax: +49 69 90437974
Email: shesse@agor-ag.com

II. Which categories of data do we use and where do they come from?

In particular, we process the following items of your personal data within the scope of our business relationship:

• Personal details such as forename, surname, name affixes, gender
• Contact details such as address, (mobile) phone number, email address
• Company-related data such as your position in your company, area of responsibility
• Characteristics that can possibly be assigned to you e.g car registration number for the collection or delivery of goods
• Log data generated during processing in our IT systems
• as well as other data comparable with the stated categories.

We generally receive your personal data directly from you within the scope of our business relationship. In addition, where it is necessary for the provision of our service, we also process personal data that we acquire from publicly accessible sources (e.g. the press, internet) or from other companies of our corporate group or third parties (e.g. associations) that are authorised to such data.

III. For what purposes and on what legal grounds is data processed?

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (EU-GDPR) and the Federal Data Protection Act in its latest version.

1. Fulfilment of contractual obligations (Art. 6 para. 1 b EU-GDPR)

Your data is processed within the scope of execution of contracts with our business partners or to execute pre-contractual measures on request. Primarily, these are:

• for the purchase of products, services and advice,
• for the maintenance, servicing and further development of our buildings, plant and machinery,
• for the marketing and sale of products and services manufactured and provided by us.

2. Consent (Art. 6 para. 1 a EU-GDPR)

To the extent that you have consented to our processing of your personal data for particular purposes (e.g. photographs or video recordings in the context of events) the lawfulness of this processing is given on the basis of your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent that have been granted to us prior to the application of the EU-GDPR, i.e. before 25 May 2018. We would point out that the revocation of consent is only effective with respect to the future and does not affect the lawfulness of data processed prior to the revocation.

3. Balancing of legitimate interests (Art. 6 para. 1 f EU-GDPR)

Where necessary, we process your data beyond the actual fulfilment of the contract to protect our own legitimate interests or those of third parties. Examples:

• Consultation and exchange of data with credit bureaux, insurance companies and banks for determining creditworthiness and default risks
• Assertion of legal claims and defence in legal disputes
• Ensuring IT security and IT operations
• Prevention and investigation of criminal offences
• Video recordings on our company premises including for the purposes of controlling our logistic processes and for evidence in insurance cases
• Measures to ensure the security of buildings and plant (e.g. access controls and visitor lists)
• Measures to secure and preserve the right to determine who has access to premises
• Measures for business management and further development of services and products

4. Statutory requirements (Art. 6 para. 1 c EU-GDPR) or public interest (Art. 6 para. 1 e EU-GDPR)

Like many other companies we are subject to various legal obligations. For example, under the European Anti-Terror Regulations 2580/2001 and 881/2002 we are obliged to check your data against the so-called ‘EU terror lists’, in order to ensure that no funds or other economic resources are made available for terrorist purposes.

IV. Who receives your data?

Within our corporate group your data is made accessible to those entities that require it to fulfil our contractual and legal obligations.
Service providers and vicarious agents that we employ may also be able to receive or view your data in the course of their activities. A passing on to or inspection by third parties only takes when required by law, if you have consented to it, or when a legitimate interest exists. The recipients of your personal data may thus include the following categories of enterprises:

• Public offices and institutions in the case of statutory or official obligations,
• other enterprises that we transmit your personal data to in order to carry out the business relationship with you, such as logistics and transport providers or also affiliated distribution partners in various countries
• who we use within the scope of processing contractual relationships e.g. IT service providers, companies for the destruction of files and data media, credit bureaux, insurance companies and banks.

Other data recipients can be those entities for which you have given us your consent for data transmission or for which you have released us from the obligation of confidentiality by accordance with agreement or consent, or those to which we are authorised to transmit personal data on the grounds of a balance of interests.

V. Transfer of data to a third country

A transfer of data to entities in states outside of the European Union (so-called third countries) is permitted, provided it

• is necessary to carry out your enquiry or orders,
• required by law (e.g. legal reporting obligations)
• you have given your consent to do so

Furthermore, a transfer of data to entities in third countries is allowed in the following cases:

• Where necessary in individual cases, your personal data may be transferred to an IT service provider in the USA or another third country to safeguard the IT operations of our corporate group.
• In individual cases personal data is transferred as a consequence of statutory regulations to combat money laundering, the financing of terrorism and other criminal acts

VI. How long will my data be stored?

We process and store your personal data for as long as it is necessary for the fulfilment of our contractual and statutory obligations. As a rule, this results from the commercial and tax retention obligations under the German Commercial Code (HGB), the Fiscal Code (AO), the Banking Act (KWG) and the Money Laundering Act (GwG). The time limits for storage and documentation specified there are generally two to ten years.

If the data is no longer necessary for the fulfilment of contractual or legal obligations, it will be regularly deleted, unless further processing is necessary for the preservation of evidence within the framework of the statute of limitations. According to Section 195 ff of the German Civil Code (BGB) these limitation periods may be up to 30 years, with a regular limitation period of 3 years.

VII. What data protection rights do you have?

As an affected person you have:
• The right of access to information according to Article 15 of the GDPR,
• The right to rectification according to Article 16 of the GDPR,
• The right to erasure (‘right to be forgotten’) according to Article 17 of the GDPR,
• The right to restriction of processing according to Article 18 of the GDPR,
• The right to object to processing according to Article 21 of the GDPR,
• and the right to data portability according to Article 20 of the GDPR.

The right of access to information and the right to erasure are subject to the restrictions of Sections 34 and 35 of the Federal Data Protection Act in its latest version.

Furthermore, there exists a right of complaint to a competent supervisory data protection authority (Article 77 of the GDPR in connection with Section 19 of the Federal Data Protection Act in its latest version.

You can revoke your consent to our processing of your personal data at any time. This also applies to the revocation of declarations of consent that have been granted to us prior to the application of the EU-GDPR, i.e. before 25 May 2018. Please note that the revocation is only effective with respect to the future. It does not affect the processing of data that takes place before the revocation.

VIII. Is there an obligation to provide data?

As part of our business relationship, you must provide the personal information necessary to establish, conduct and terminate a business relationship and for the performance of its associated contractual obligations, or which we are required to collect by law. We would point out that without the provision of this data, we would not normally be able to conclude, execute or terminate a contract with you.

IX. Does automated decision-making take place?

Automated decision-making within the meaning of Article 22 of the GDPR for the establishment and execution of the business relationship is generally not used. Should we use these processes in individual cases, we will inform you separately about this and about your rights in this respect, if this is required by law.

X. Does profiling take place?

We partly process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases:

• Legal and regulatory requirements oblige us to combat money laundering, the financing of terrorism and asset-endangering crimes. In doing so, we also carry out data analyses. These measures also serve to protect you.

XI. Information about your right to object under Article 21 GDPR

1. Individual right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you carried out pursuant to Article 6 (1)(e) of the GPDR (data processing in the public interest) and Article 6(1)(f) GPDR (data processing on the basis of a balancing of interests). This also applies to profiling based on this provision within the meaning of Article 4 No. 4 of the GPDR.
If you lodge an objection, we will no longer process your personal data, unless we can prove compelling, legitimate reasons for doing so that outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.

2. Right to object to the processing of data for the purposes of direct advertising

If your personal data is processed for the purposes of direct advertising, you can at any time lodge an objection against the processing of personal data affecting you for the purposes of this kind of advertising. This also applies to profiling if it is in connection with such direct advertising. If an objection has been lodged, no further data processing will take place for direct marketing purposes. unless we can prove compelling, legitimate reasons for doing so that outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.

3. Addressing an objection

At any time you have the option of lodging an informal complaint with the body responsible for data processing mentioned at the beginning, the data protection officer mentioned above or a data protection supervisory authority.