We, AVANTEC Zerspantechnik GmbH (hereinafter referred to as “the company”, “we” or “us”) take the protection of your personal data very seriously and would like to inform you about data protection in our company at this point.
As part of our data protection responsibility additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) in order to protect the personal data of the person affected by processing (hereinafter referred to as “customer”, “user”, “you”, “you” or “data subject”).
As far as we decide on the purposes and means of data processing, this includes above all the obligation to inform you transparently about nature, scope, purpose, duration and legal basis of the processing (cf. Art. 13 and 14 GDPR). With this declaration (hereinafter: “Privacy Policy”) we inform you about the way in which your personal data is processed by us.
Our data protection notices have a modular structure. It consists of a general part for any processing of personal data and processing situations that come into play every time a website is called up (A. General) and a special part, the content of which relates only to the processing situation specified there with the designation of the respective offer or product refers, in particular the visits to websites and social media presences (B. Visits to websites and social media presences), which are described in more detail here.
A. General
(1) Definitions
Based on the model of Art. 4 GDPR, this data protection notice is based on the following definitions:
– “Personal data” (Art. 4 No. 1 GDPR) means all information relating to an identified or identifiable natural person (“data subject”). An individual is identifiable if he or she can be identified, directly or indirectly, in particular reference to an identifier such as a name, an identification number, an online identifier, location data or using information by means of information relating to his physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photos, video or audio recordings can also contain personal data).
– “Processing” (Art. 4 No. 2 GDPR) is any operation that involves the handling of personal data whether with or without the help of automated (technology-based) procedures. This includes, in particular, the collection (i.e., acquisition), recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data as well as the change of a purpose or intended use on which a data processing was originally based.
– “Responsible person” (Art. 4 No. 7 GDPR) is the natural or legal person, authority, institution or other entity that decides alone or jointly with others the purposes and means of processing of personal data.
– “Third party” (Art. 4 No. 10 GDPR) is any natural or legal person, authority, agency or other body except the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor; this also includes other group-affiliated legal entities.
– “Processor” (Art. 4 No. 8 GDPR) is a natural or legal person, authority, agency or other body that processes personal data on behalf of the person responsible, in particular in accordance with their instructions (e.g. IT service provider). In terms of data protection law,
a processor is in particular not a third party.
– “Consent” (Art. 4 No. 11 GDPR) of the data subject means any voluntary, informed and unequivocal expression of will in the specific case in the form of a declaration or other clear affirmative action with which the data subject indicates that you consent to the processing of your personal data.
(2) Name and address of the person responsible for processing
We are responsible for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR:
AVANTEC Zerspantechnik GmbH
Wilhelmstrasse 123
Phone +49 (0) 70 42 82 22 0
Fax +49 (0) 70 42 82 22 33
info@avantec.de
For further information about our company, please refer to the imprint information on our website https://www.avantec.de/impressum/.
(3) Contact details of the data protection officer
Our company data protection officer is available to you at any time for all questions and as a contact person on the subject of data protection. His contact details are:
Michael Nachtigall
c/o DS Compliance GmbH
Carlsplatz 24
40214 Dusseldorf
Phone +49 211 976 35 913
datenschutz@avantec.de
(4) Legal bases of data processing
By law, in principle, any processing of personal data is prohibited and only permitted if the data processing falls under one of the following justifications:
– Art. 6 (1) p. 1 lit. a DSGVO (“consent”): If the data subject has voluntarily, in an informed manner and unambiguously indicated by a statement or other unambiguous affirmative act that he or she consents to the processing of personal data relating to him or her for one or more specific purposes;
– Art. 6 (1) sentence 1 lit. b GDPR: If the processing is necessary to fulfill a contract to which the data subject is a party or for the performance of pre-contractual measures at the request of the data subject;
– Art. 6 (1) sentence 1 lit. c GDPR: If the processing is necessary to fulfill a legal obligation to which the person responsible is subject (e.g. a legal obligation to keep records);
– Art. 6 (1) sentence 1 lit. d GDPR: if the processing is necessary to protect the vital interests of the data subject or another natural person;
– Article 6 paragraph 1 sentence 1 lit. e GDPR: If the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible or
– Article 6 (1) sentence 1 lit. f GDPR (“legitimate interests”): If the processing is necessary to protect legitimate (in particular legal or economic) interests of the person responsible or a third party, unless the conflicting interests or rights of the affected prevail (in particular if the data subject is a minor).
For the processing operations carried out by us, we indicate below the applicable legal basis in each case. A processing operation may also be based on several legal bases.
(5) Data Erasure and Storage Duration
For the processing operations we carried out by us, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. If no explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. In principle, your data will only be stored on our servers in Germany, subject to any transfer
according to the regulations in A.(7) and A.(8).
However, storage may take place beyond the specified time in case of imminent litigation with you or other legal proceedings or if storage is provided for by statutory provisions to which we are subject as the responsible party (e.g. Section 257 HGB, Section 147 AO). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted, unless further storage by us is necessary and there is a legal basis for this.
(6) Data Security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
We will be happy to provide you with more detailed information on request. Please contact our data protection officer (see under A.(3)).
(7) Cooperation with processors
As with any larger company, we also use external domestic and foreign service providers to process our business transactions (e.g. for IT, logistics, telecommunications, sales and marketing). They will only act on our instructions and have been contractually obligated to comply with the data provisions of data protection law Art. 28 DSGVO.
If personal data from you is passed on by us to our subsidiaries or by our subsidiaries to us (e.g. for advertising purposes), this is done on the basis of existing order processing relationships.
(8) Requirements for the transfer of personal data to third countries
Within the scope of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer in the following at the relevant points.
The European Commission certifies that some third countries have a level of data protection comparable to the EEA standard by means of so-called adequacy decisions
(a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/ international-transfers/adequacy/index_en.html).
However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please contact our data protection officer (see under A.(3)) if you would like more information on this.
(9) No Automated Decision Making
We do not intend to use any personal data collected from you for any automated decision-making process (including profiling).
(10) No obligation to provide personal data
We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, there is basically also no legal or contractual obligation to provide us with your personal data.
However, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products we offer presented below, you will be informed of this separately.
(11) Legal obligation to transmit certain data
We may be subject to a specific statutory or legal obligation to provide lawfully processed personal data to third parties, in particular public bodies (Art. 6 Para. 1 S. 1 lit. c GDPR).
(12) Your rights
You may assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided at the beginning of A.(2) above. As a data subject, you have the right:
– to request information about your data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
– in accordance with Art. 16 GDPR, to immediately request the correction of incorrect data or the completion of your data stored by us;
– according to Art. 17 GDPR, to request the deletion of your data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
– to request the restriction of the processing of your data in accordance with Art. 18 GDPR if you dispute the accuracy of the data or the processing is unlawful;
– in accordance with Art. 20 GDPR, to receive your data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible (“data portability”);
– to object to the processing in accordance with Article 21 GDPR if the processing is based on Article 6 (1) sentence 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct advertising, we ask that you explain the reasons why we should not process your data as we have done when exercising such an objection. In the event of your justified objection we will examine the situation and will either stop or adjust the data processing or show you our compelling legitimate reasons for continuing the processing;
– in accordance with Art. 7 Para. 3 GDPR, your consent once given (even before the GDPR came into force, i.e. before May 25th, 2018) – i.e. your voluntary, informed manner and unequivocally understandable by means of a declaration or other clear confirmatory action made will that you consent to the processing of the personal data concerned for one or more specific purposes – to be revoked at any time to us if you have given such consent. As a result, we are no longer allowed to continue the data processing based on this consent for the future and
– according to Art. 77 GDPR to complain to a data protection supervisory authority about the processing of your personal data in our company, for example to the data protection supervisory authority responsible for us:
The state commissioner for data protection and freedom of information in Baden-Württemberg
PO Box 10 29 32
70025 Stuttgart
Phone: 0711 61 55 41 0
Fax: 0711 61 55 41 15
E-Mail: poststelle@lfdi.bwl.de
(13) Changes to Privacy Policy
As part of the further development of data protection law and technological or organizational changes, our data protection information is regularly checked for any need for adjustment or supplementation. You will be informed about changes in particular on our German website at https://www.avantec.de/datenschutz/. This data protection notice is dated April 2022.
B. Visiting websites
(1) Explanation of the function
Information about our company and the services we offer can be found in particular at https://www.avantec.de including the associated sub-pages (hereinafter collectively: “websites”). When visiting our website, your personal data may be processed.
(2) Processed personal data
When using the website for informational purposes we collect, store and process the following categories of personal data:
“Log data”: When you visit our website, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:
- the page from which the page was requested (so-called referrer URL)
- the name and URL of the requested page
- the date and time of the call
- the description of the type, language and version of the web browser used
- the IP address of the requesting computer which is shortened in such a way that a
personal reference can no longer be established - the amount of data transferred
- the operating system
- the message whether the call was successful (access status/Http status code)
- the GMT time zone difference
“Contact form data”: When using contact forms, the data transmitted are processed
(e.g. gender, surname and first name, address, company, e-mail address and the time of transmission).
In addition to the purely informational use of our website, we offer subscriptions to our newsletter, with which we inform you about current developments and events. If you register for our newsletter, the following “newsletter data” will be collected, stored and processed by us:
- the page from which the page was requested (so-called referrer URL)
- the date and time of the call
- the description of the type of web browser used
- the IP address of the requesting computer, which is shortened in such a way that a
personal reference can no longer be established - the e-Mail address
- the date and time of registration and confirmation
We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation the e-mails sent contain so-called web beacons or tracking pixels which represent one-pixel image files that are stored on our website. For the evaluations we link the data mentioned above and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also contain this ID. The data is only collected in a pseudonymized form, i.e. the IDs are not linked to your other personal data and direct personal reference is therefore excluded.
(3) Purpose and legal basis of data processing
We process the personal data specified above in accordance with the provisions of the GDPR, the other relevant data protection regulations and only to the necessary extent. As far as the processing of personal data is based on Article 6 Paragraph 1 Clause 1 Letter f GDPR, the stated purposes also represent our legitimate interests.
The processing of the log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 Para. 1 S. 1 lit. f DSGVO).
Contact form data is processed to process customer inquiries (legal basis is Art. 6 Para. 1 S. 1 lit. b or lit. f GDPR).
The newsletter data is processed for the purpose of sending the newsletter. When registering for our newsletter, you consent to the processing of your personal data (legal basis is Art. 6 Para. 1 lit. a GDPR). We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an e-mail to the
e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to be able to prove your registration and, if necessary, to be able to clarify any possible misuse of your personal data. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by e-mail to info@avantec.de or by sending a message to the contact details given in the imprint.
(4) Duration of data processing
Your data will only be processed for as long as is necessary to achieve the processing purposes set out above; the legal bases specified in the context of the processing purposes apply accordingly. With regard to the use and storage period of cookies, please note point A.(5) and the cookie policy at https://www.avantec.de/datenschutz/.
Third parties used by us will store your data on their system for as long as is necessary in connection with the provision of services for us in accordance with the respective order.
You can find more information about the storage period under A.(5) and the Cookie Policy https://www.avantec.de/datenschutz/.
(5) Transfer of personal data to third parties; basis of justification
The following categories of recipients, which are usually processors (see A. (7)), may have access to your personal data:
– Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. b or lit. f GDPR, insofar as they are not order processors;
– State bodies/authorities, as far as this is necessary to fulfill a legal obligation. The legal basis for the transfer is Art. 6 para 1 p. 1 Letter c GDPR;
– Persons used to conduct our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, those involved in company acquisitions or the establishment of joint ventures). The legal basis for the transfer is then Article 6 para 1 p. 1 Letter b or Letter f GDPR.
For the guarantees of an adequate level of data protection in the event of a transfer of data to third countries, see A.(8). In addition, we will only share your personal data with third parties if you have given your express consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.
(6) Use of cookies, plugins and other services on our website
a) Cookies
We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive with a characteristic character string and through which certain information flows to the place that sets the cookie. Cookies cannot run programs or transmit viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer more user-friendly and effective overall, i.e. more pleasant for you.
Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to individuals. However, cookies cannot directly identify a user.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:
– Technical cookies: These are mandatory to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they remember which websites you have visited;
– Performance cookies: These collect information about how you use our website, which pages you visit and e.g. whether errors occur when using the website; they do not collect any information that could identify you – all information collected is anonymous and is only used to improve our website and find out what interests our users;
– Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.
Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we will only share your personal data processed through cookies with third parties if you have given your express consent to do so pursuant to Art. 6 (1) p. 1 lit. a GDPR.
b) Cookie Policy
For more information about which cookies we use and how to manage your cookie settings and disable certain types of tracking, see our Cookie Policy https://www.avantec.de/datenschutz/. There you will also find details on the cookies that are used for analysis/marketing purposes with more details on the relevant legal bases.
c) YouTube
Avantec uses a YouTube channel owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. We would like to point out that you use the YouTube channel offered here and its functions at your own risk. Information about which data is processed by Google and for what purposes can be found in Google’s data protection declaration:
https://policies.google.com/privacy?hl=de&gl=de#infocollect
Avantec has no influence whatsoever on the type and scope of the data processed by Google, the type of processing and use of this data. The transfer of this data to third parties cannot be traced either. In this respect, there is no effective control option.
With the use of Google, your personal data will be collected, transferred, stored, disclosed and used by Google. It doesn’t matter where you live. The data is transferred, stored and processed in the United States, Ireland and any other country where Google does business. A transmission to companies affiliated with Google takes place. Google processes your voluntarily entered data such as name, username, e-mail address and telephone number.
The content that you create, upload or receive from others when using the services will be processed by Google. This includes, for example, photos and videos that you save. Furthermore, documents and spreadsheets that you create and comments that you write about YouTube videos.
In addition, Google evaluates the content you share to determine which topics you are interested in. Your confidential messages, which you will send directly to other users, are stored and processed. Your location may be determined using GPS data, wireless network information or your IP address. This can be used to send you advertising or other content. Google may use analysis tools such as Google Analytics for evaluation.
Google also receives information when you view content, for example, even if you have not created an account. This so-called “log data” can be the IP address, the browser type, the operating system, information about the previously accessed website and the pages you accessed, your location, your mobile phone provider, the end device you are using (including device ID and application ID), the search terms you use and cookie information. You have options for restricting the processing of your data in the general settings of your Google account.
In addition to these tools, Google also offers specific privacy settings for YouTube. You can read more about this in Google’s guide to data protection in Google products:
https://policies.google.com/technologies/product-privacy?hl=de&gl=de
Further information on these points can be found in Google’s data protection declaration under the term “data protection settings”:
https://policies.google.com/privacy?hl=de&gl=de#infochoices
You also have the option of requesting information via the Google data protection form:
https://support.google.com/policies/troubleshooter/7575787?visit_id=6370545323842 99914-2421490167&hl=de&rd=2
C. Social Media Presences
We maintain publicly accessible profiles on various social networks. Your visit to these profiles initiates a large number of data processing operations. Below we give you an overview of which of your personal data we collect, use and store when you visit our profiles. Personal data is information that can be assigned to you as a specific person (e.g. name, age, address, photos, e-mail addresses, possibly also IP addresses). We will also inform you about the rights you have with regard to the processing of your personal data. You are not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our profiles in social networks. These functionalities are not available to you or only to a limited extent if you do not provide us with your personal data.
When you visit our profiles, your personal data is not only collected, used and stored by us, but also by the operators of the respective social network. This also happens if you do not have a profile in the respective social network yourself. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily comprehensible for us. Details about the collection and storage of your personal data as well as the type, scope and purpose of their use by the operator of the respective social network can be found in the data protection declarations of the respective operator:
– The data protection declaration for the social network Facebook, which is operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, can be found at https://www.facebook.com/about/privacy see /update?ref=old_policy;
– You can view the privacy policy for the Instagram social network operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA at https://help.instagram.com/155833707900388;
– The data protection declaration for the social network YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be found at https://www.gstatic.com/policies/privacy/pdf/20190122/ see f3294e95/google_privacy_policy_de_eu.pdf;
– You can view the data protection declaration for the LinkedIn social network operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland at https://de.linkedin.com/legal/privacy-policy;
– You can view the data protection declaration for the social network Xing, which is operated by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany, at https://privacy.xing.com/de/datenschutzerklaerung.
As the operator of a Facebook fan page, we can only view the information stored in your public Facebook profile, and only if you have such a profile and are logged into it while visiting our fan page. In addition, Facebook provides us with anonymous usage statistics that we use to improve the user experience when visiting our fan page. We do not have access to the usage data that Facebook collects to create these statistics. Facebook has committed to us to take primary responsibility for the processing of this data under the GDPR, to fulfill all obligations under the GDPR with respect to this data and to provide data subjects with the substance of this commitment. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our fan page in in line with the target group. The legal basis for data processing is thus Article 6 Paragraph 1 Letter f) GDPR. Facebook also uses so-called cookies, which are stored on your end device when you visit our fan page even if you do not have your own Facebook profile or are not logged into it when you visit our fan page. These cookies allow Facebook to create user profiles based on your preferences and interests and to show you advertising (inside and outside of Facebook) that is tailored to these preferences and interests. Cookies remain on your end device until you delete them. For details, please refer to Facebook’s privacy policy.
Data deletion and storage period
If you use our profiles in social networks to contact us (e.g. by creating your own posts, responding to one of our posts or by sending us private messages), the data you provide us with will be processed by us solely for the purpose of contacting you. The legal basis for data collection is Article 6 Paragraph 1 lit. a) and b) GDPR. We delete stored data after two weeks as soon as their storage is no longer necessary or you request us to delete them; in the case of statutory retention, we restrict the processing of the stored data accordingly.