I. Name and address of the responsible party
The responsible partying regard to the General Data Protection Regulation of the EU and other national data protection laws of the member states as well as other data protection regulations is:
SMR Sondermaschinen GmbH
Executives: Karl Mack, Thomas Mack, Christian Wüst
Am Schunkenhofe 2
Telephone: +49 36921 206 0
Fax: +49 36921 206 50
II. General information about data processing
1. Scope of processing personal data
We process personal information from our users only when it is required to provide a functional website, content and services. The processing of personal data takes place after the user’s consent has been given. An exception applies to those cases where prior consent is not possible due to practical reasons and data processing is allowed in accordance with regulations.
2. Legal basis for processing personal data
Insofar as we obtain consent from a person for processing personal data, Article 6, Paragraph 1 of the EU General Data Protection Regulation (GDPR) is the legal basis.
For processing personal data necessary to fulfill a contract of which the data subject is a party, Article 6, Paragraph 1 of the GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing personal data is required, our company is subject to Article 6, Paragraph 1 of the GDPR, which also is the legal basis.
In the event that vital interests of the data subject or another natural person require processing personal data, Article 6, Paragraph 1 of the GDPR is the legal basis.
If processing is necessary to protect the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Article 6, Paragraph 1 of the GDPR is the legal basis for processing.
3. Data deletion and storage duration
The personal data of the person in question will be deleted or become inaccessible as soon as the purpose for storage is fulfilled. In addition, such storage may be required by European or national regulators in accordance with EU regulations, laws or other rules to which we are subject. Blocking or deleting data also takes place when the storage period prescribed by the previously mentioned regulations expires, unless there is further need of the data to conclude or fulfill a contract.
III. Website access and creation of log files
1. Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the requesting computer system.
The following data are collected at this time:
- Information about the browser type and version
- The operating system of the user
- The Internet service provider of the user
- The IP address of the user
- Date and time of access
- Websites from which the system of the user accessed our website
- Websites that are accessed by the user's system through our website
The data are also stored as log files of our system. Storage of these data together with other personal data of the user does not occur.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6, Paragraph 1 of the GDPR.
3. Purpose of data processing
It is necessary for the system to temporarily store the user’s IP address to provide the website to the computer of the user. For this purpose, the user's IP address must be kept for the duration of the session.
To ensure the functionality of the website, the data are stored in log files. Additionally, the data serve to optimize the website and ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, our legitimate interest in processing data is in accordance with Article 6, Paragraph 1 of the GDPR.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of collecting data to access the website, the data are deleted when the respective session is completed.
If the data are stored in log files, deletion occurs after no more than seven days. Longer storage is possible. In this case, the IP address of the user is deleted or distorted, so that an identification of the requesting client is no longer possible.
5. Possibility of declining
The collection of data for website access and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to decline.
IV. E-mail contact
1. Description and scope of data processing
Contact using the provided e-mail address possible. In this case, the user's personal data transmitted by e-mail will be stored.
No data is disclosed to third parties during this process. The data is used exclusively for processing the e-mail.
2. Legal basis for data processing
The legal basis for processing data is user consent in accordance with Article 6, Paragraph 1 of the GDPR.
The legal basis for processing data transmitted during the course of sending an e-mail is Article 6, Paragraph 1 of the GDPR. If the e-mail’s aims purpose is to fulfill a contract, then an additional legal basis for the processing is Article 6, Paragraph 1 of the GDPR.
3. Purpose of data processing
The processing of personal data from the input mask serves only to process the request. In the case of e-mail contact, this also includes the required legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent via e-mail, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the relevant facts have been clarified in a conclusive manner.
Additional personal data collected during the sending process will be deleted at the latest after seven days.
5. Declining and revoking possibilities
The user has the possibility at any time to revoke their consent for processing personal data. If the user contacts us by e-mail, they may object to the storage of their personal data at any time. In such a case, the conversation cannot continue. All personal data stored in the course of contacting will be deleted in this case.
All personal data stored during the course of contact will be deleted in this case.
V. Rights of the data subject
The following list includes the rights of data subjects according to the GDPR. Rights that have no relevance to the website do not need to be mentioned. In that regard, the listing may be shortened.
People whose personal data are processed have the following rights according to the GDPR:
1. Right to disclosure of personal data
Users may ask the data controller to confirm if personal data concerning them has been processed.
If such data are available, users can request information from the controller about the following:
- The purposes for which the personal data are processed.
- The categories of personal data that are processed.
- The recipients or categories of recipients to whom the personal data relating to the user have been disclosed or are still being disclosed.
- The planned duration of storage of personal data or, if specific information is not available, criteria for determining the duration of storage.
- The existence of the right to rectification or deletion of personal data, the right to restriction of processing by the controller or the right to object to such processing.
- The existence of the right of appeal to a supervisory authority.
- All available information on the source of the data if the personal data were not collected from the data subject.
- The existence of automated decision-making including profiling under Article 22, Paragraphs 1 and 4 of the GDPR and, at least in these cases, meaningful information about the logic involved, the scope and intended impact of such processing on the data subject.
Users have the right to request information about whether their personal information was shared with a third country or an international organization. In this context, users can request to be informed of the appropriate guarantees in accordance with Article 46 of the GDPR in connection with the transmission.
2. Right to rectification
Users have the right to rectification and / or completion, if the personal data is incorrect or incomplete. The controller must make the correction without delay.
3. Right to restriction of processing
Users may request restriction of processing personal data under the following conditions:
(1) If the user contests the accuracy of personal information for a period of time that enables the controller to verify the accuracy of the personal information.
(2) The processing is unlawful and the user refuses the deletion of the personal data and instead requests the restriction of the use of the personal data.
(3) The controller no longer requires personal data for the processing purposes, but the user needs them to assert, exercise or defend legal claims.
(4) If the user objected to the processing pursuant to Article 21, Paragraph 1 of the GDPR and it has not yet been determined whether the legitimate reasons of the person responsible prevail over the user’s reasons.
If the processing of personal data concerning a user has been restricted, this data may only be used—apart from storage—with the user’s consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.
If processing has been restricted due to the aforementioned conditions, the controller will inform the user before the restriction is lifted.
4. Right to deletion
a) Deletion liability
The user may require the controller to delete their personal information without delay, and the controller is required to delete that information immediately if one of the following is true:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- The user revokes their consent to the processing according to Article 6, Paragraph 1 of the GDPR and there is no other legal basis for the processing.
- In accordance with Article 21, Paragraph 1 of the GDPR, the user objects to the processing and there are no other justifiable reasons for the processing, or the user objects to the processing according to Article 21, Paragraph 2 of the GDPR.
- The user’s personal data have been processed unlawfully.
- The deletion of personal data concerning the user is required to fulfill a legal obligation under EU law or the law of a member state to which the controller is subject.
- The personal data concerning the user were collected in relation to information society services according to Article 8, Paragraph 1 of the GDPR.
b) Information to third parties
If the controller has made the user’s personal data public and is required to delete it in accordance with Article 17, Paragraph 1 of the GDPR, the controller must take appropriate measures—taking into account available technology and implementation costs, including technical means—to inform data controllers, who process the personal data that have been identified as being affected, to delete all links to such personal data or copies or replications of such personal.
The right to deletion does not exist if the processing is necessary:
- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation required by the law of the EU or of a member state to which the controller is subject, or to carry out a task of public interest or to exercise official authority delegated to the controller;
- for reasons of public interest in regards to public health pursuant to Article 9, Paragraph 2 (h and i) and Paragraph 3 of the GDPR;
- for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89, Paragraph 1 of the GDPR, to the extent that the law referred to in Subparagraph (a) is likely to render impossible or seriously affect the objectives of the processing, or
- to assert, exercise or defend legal claims.
5. Right to inform
If the user has asserted their right of rectification, deletion or restriction of processing to the controller, the controller is obliged to notify all recipients to whom the personal data have been disclosed of the correction or deletion of the data or restriction of processing, unless it proves to be impossible or involves a disproportionate effort.
The user has the right to be informed by the controller about these recipients.
6. Right to data transfer
The user has the right to receive personal information they provided to the controller in a structured, common and machine-readable format. In addition, they have the right to transfer this data to a third party without hindrance by the controller who received the personal data, provided that
- the processing is based on consent according to Article 6, Paragraph 1 (a) or Article 9 Paragraph 2 (a) of the GDPR or based on a contract pursuant Article 6, Paragraph 1 (b) and
- the processing takes place using automated procedures.
In exercising this right, the user can have their personal data transferred directly from the controller to another party, insofar as this is technically feasible. Freedoms and rights of other people must not be affected.
The right to data transfer does not apply to processing personal data necessary for performing a task in the interest of the public or in the exercise of official authority delegated to the controller.
7. Right to object
The user has the right at any time, for reasons that arise from their particular situation, to object to the processing of their personal data in accordance with Article 6, Paragraph 1 (e or f) of the GDPR; this also applies to profiling based on these regulations.
The controller will no longer process the user’s personal data unless the controller can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the user, or the processing is for the purpose of asserting, exercising or defending legal claims.
If the user’s personal data are processed for direct advertising purposes, the user has the right to object at any time to the processing of their personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If the user objects to processing for direct advertising purposes, their personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, the user has the option to object through automated procedures that use technical specifications in the context of the usage of information society services.
8. Right to revoke the data-protection consent
The user has the right to revoke their data-protection consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until its revocation. Please send the revocation in writing to:
SMR Sondermaschinen GmbH
Am Schunkenhofe 2
9. Automated decision on individual basis, including profiling
The user has the right to not be subjected to a decision based solely on automated processing—including profiling—that will have legal effect or similarly affect the user in such a manner. This does not apply if the decision:
- is required to conclude or fulfill a contract between the user and controller,
- is permissible on the basis of EU or member State regulations to which the controller is subject, and that the regulations contain adequate measures to safeguard the rights and freedoms as well as legitimate interests of the user or
- is with the expressed consent of the user.
However, these decisions must not be based on special categories of personal data according to Article 9, Paragraph 1 of the GDPR, unless Article 9, Paragraph 2 (a or g) applies and reasonable measures have been taken to protect the rights and freedoms as well as legitimate interests of the user.
With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to uphold the rights and freedoms and legitimate interests of the user, to which at least the right to obtain intervention of a person by the controller to express the user’s position and objection to the decision.
10. Right to complain to a supervisory authority
Regardless of any other administrative or judicial remedy, the user has the right to complain to a supervisory authority, in particular in the member state of their residence, place of work or place of alleged infringement, if the user believes that the processing of their personal data violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 of the GDPR.