DE
EN
privacy statement
Jetzt Anfragen
PRIVACY STATEMENT
Privacy policy

Privacy information for business partners
Data protection information for applicants 
Privacy information regarding our use of O365

With the following data protection declaration, we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or jointly with others on the purposes and means of the processing. In addition, we inform you below about the third-party components we use for optimisation purposes and to increase the quality of use, insofar as third parties process data under their own responsibility.

Our privacy policy is structured as follows:

I. Information about us as the responsible partyII.
Rights of users and data subjectsIII. Information on data processing
I. Information about us as the responsible partyThe responsible provider of this website in terms of data protection law is:

Johannes Steiner GmbH & Co KG
Carl-Benz-Straße 4
78564 Wehingen
Germany
Phone: +49 (0) 7426 - 525 - 0
Fax: +49 (0) 7426 - 525 - 50
E-mail: info@johsteiner.de

Data protection officer of the responsible:
vimopro GmbH
Warenburgstrasse 8
78050 Villingen-Schwenningen
Germany
E-mail: datenschutz@vimopro.de

II. Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right to• to confirmation as to whether data concerning them are being processed, to information about the data being processed, to further information about the data processing and to copies of the data (cf. also Art. 15 GDPR);• to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);

•to the immediate erasure of the data relating to them (cf. also Art. 17 of the GDPR), or, alternatively, insofar as further processing is necessary pursuant to Art. 17(3) of the GDPR, to restriction of processing in accordance with Art. 18 of the GDPR;
•to receive the data concerning them and provided by them and to transfer this data to other providers/controllers (cf. also Art. 20 GDPR);

•to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection provisions (cf. also Art. 77 of the GDPR).In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider about any correction or deletion of data or restriction of processing that takes place based on Articles 16, 17 (1), 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Notwithstanding the above, the user has a right to information about these recipients.
Users and data subjects also have the right to object to the future processing of data relating to them in accordance with Article 21 of the GDPR, provided that the data is processed by the provider in accordance with Article 6 (1) (f) of the GDPR. In particular, an objection to data processing for the purpose of direct advertising is permitted.

III. Information on data processing
Your data processed when using our website will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information is provided below on individual processing procedures.

1.Server dataFor technical reasons, in particular to ensure a secure and stable internet presence, data is transmitted by your internet browser to us or to our web space provider. These so-called server log files are used to collect, among other things, the type and version of your internet browser, the operating system, the website from which you accessed our website (referrer URL), the website(s) of our website that you visit, the date and time of the respective access as well as the IP address of the internet connection from which the use of our website takes place.
The data collected in this way is temporarily stored, but not together with other data about you.
This storage takes place on the legal basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.
The data will be deleted again after seven days at the latest, unless further storage for evidence purposes is required. Otherwise, the data is exempt from deletion in whole or in part until the final clarification of an incident.

2.External hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website.
The hoster is used for the purpose of contract fulfilment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

Our hoster will only process your data to the extent that this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.
We use the following hoster:

STRATO AG
Otto-Ostrowski-Strasse 7
10249 Berlin

Conclusion of a contract on commissioned processing
In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

3. Cookie consent
Our website uses cookie consent technology from Cookie-Script to obtain your consent to the storage of certain cookies on your end device and to document this in accordance with data protection regulations. The provider of this technology is 
Objectis Ltd.
Žalgirio st. 88LT-09303 VilniusLithuania

Website: https://cookie-script.com (hereinafter "cookie script").

When you enter our website, a connection is established to the servers of Cookie-Script in order to obtain your consent and other declarations regarding the use of cookies. Your IP address transmitted with this request is anonymised directly on the Cookie-Script servers so that there is no longer any personal reference. Cookie-Script then stores a cookie in your browser in order to be able to allocate the consent given or its revocation to you. The data collected in this way is stored until you request us to delete it, delete the Cookie-Script cookie yourself or at the latest after 30 days. Mandatory legal storage obligations remain unaffected.
Cookie script is used to obtain the legally required consent for the use of cookies and to inform you about the processing of your data when visiting our website. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR.

4. Webflow Framework
Our website is based on a framework from the US provider Webflow.
The provider is the Webflow, Inc. 398 11th Street, 2nd FloorSan Francisco, CA 94103

a) Amazon CloudFront The Webflow Framework uses technologies that are important for the smooth functioning of the website and cannot be technically prevented. This includes the use of the Content Delivery Network (CDN) CloudFront of the provider Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg. A CDN is a network of regionally distributed servers connected via the internet that can be used to deliver content such as websites more quickly. Scaling storage and delivery capacities are made available in order to ensure optimal data throughput even during large load peaks. Depending on the load on local servers, the website may also be displayed to you via a server in a third country for which there is no adequacy decision by the EU Commission. As a result, your IP address may be transmitted as personal data to a third country such as the USA and processed in log files by AWS.You can find further information on objection and removal options vis-à-vis AWS at:

https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf

AWS has implemented compliance measures for international data transfers. These apply to all global activities where AWS processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit:

https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Contract on order processingWe have concluded an order processing contract with AWS. This is a contract required by data protection law, which ensures that AWS only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

5. Linking social media via graphic or text linkWe also promote presences on the social networks listed below on our website. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents a connection from being automatically established to the respective server of the social network when a website with a social media advertisement is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic is the user redirected to the service of the respective social network.
After the user has been forwarded, information about the user is collected by the respective network. It cannot be ruled out that the data collected in this way will be processed in the USA.
This is initially data such as IP address, date, time and page visited. If the user is logged into his or her user account of the respective network during this time, the network operator may be able to assign the collected information of the user's specific visit to the user's personal account. If the user interacts via a "Share" button of the respective network, this information can be stored in the user's personal user account and possibly published. If the user wants to prevent the collected information from being directly assigned to his/her user account, he/she must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.
The following social networks are integrated into our site by linking:

a) YouTubeGoogle Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USAPrivacy policy:

https://policies.google.com/privacy

b) Google MapsOn our website, we link to Google Maps to show our location and to create directions.
This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".
If you call up the Google Maps component integrated into our website, the service opens in a new tab. The resulting processing of your data is the responsibility of Google. The connection to Google established in this way enables Google to determine which website your request was sent from and to which IP address the directions should be sent.If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your internet browser. Details on this can be found above under the item "Cookies".In addition, the use of Google Maps and the information obtained via Google Maps is subject to the Google Terms of Use

https://policies.google.com/terms?gl=DE&hl=de and the Terms and Conditions for Google Maps

https://www.google.com/intl/de_de/help/terms_maps.html.
In addition,

Google offers
https://adssettings.google.com/authenticated
https://policies.google.com/privacy

for further information.