Duty to provide information when collecting personal data pursuant to Art. 13 and 14 GDPR
Details of the data controller (the company)
Johannes Steiner GmbH & Co. KG
Carl-Benz-Straße 4
78564 Wehingen
Phone: +49 7426 - 525 - 0
Fax: +49 7426 - 525 - 50
Email:
info@johsteiner.de
Data Protection OfficerIf you have any questions regarding data protection, please contact our data protection officer at datenschutz@vimopro.de or at the following postal address:
vimopro GmbH
Benedictine Ring 10
78050 Villingen-Schwenningen
Germany
Phone: +49 7721 6981151
Processing your personal data - purposes and legal basis
Data processing on the company's website
Log files
When our website is accessed, log files are set and remain stored for 7 days. Such log files are automatically transmitted by your browser to us or the service provider of the website. These are the following data:
• Browser type and version
• Referrer URL (from which website you came to us)
• Host name of the accessing computer
• Operating system used
• Time of the server request
• IP address
This data serves to ensure a technically flawless website and is therefore collected on the basis of Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the error-free presentation of our online presence and the resulting optimisation of the website, if necessary.
Website hosting
The personal data collected on this website is stored on the servers of an external service provider (hoster). Possible data includes IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other generated data. The use of the hoster serves the performance of a contract and the secure and efficient provision of the online offer. The legal basis is Art. 6 para. 1 lit. f GDPR to ensure the trouble-free operation of our internet presence. The hoster processes the data only in accordance with our instructions and only to the extent necessary to fulfil its service obligations. We have concluded an order processing contract with the hoster to ensure data protection-compliant processing.
Our hoster is STRATO AG, based in Berlin.
Our website is maintained by Bubori GmbH, which has access to the server log files.
Webflow Framework
Our website is based on a framework from the US provider Webflow. The provider is the
Webflow, Inc.398 11th Street,
2nd Floor San Francisco, CA 94103
This website uses external services.
The Webflow Framework uses technologies that are indispensable for the proper functioning of the website and cannot be technically prevented by us. One of these is the use of the Content Delivery Network (CDN)
CloudFront from Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg.
Legal basis: Art. 6 para. 1 lit. f
Our legitimate interest lies in the economic operation of our internet presence and the fast connection setup of the pages.
A CDN consists of regionally distributed servers that are connected via the internet and help to deliver website content faster. The CDN provides scalable storage and delivery capacities to ensure optimal data throughput even during large load peaks. Depending on the load on local servers, the website may also be displayed via a server in a third country for which there is no adequacy decision by the EU Commission. In this case, your IP address may be transmitted as personal data to a third country such as the US and processed in log files by AWS. AWS has implemented compliance measures for international data transfers based on EU standard contractual clauses. We have entered into a contract for processing with AWS to ensure that AWS only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR. For information on how to object to and opt-out of AWS, please visit: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf. For more information, please visit: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.
Consent Management
In order to inform you directly about the data processing of third parties on our website, we use the consent management tool Cookie-Script.
The provider of this technology is
Objectis Ltd.
Žalgirio st. 88
LT-09303 Vilnius
Lithuania
Website: https://cookie-script.com(hereinafter "cookie script").
When you access our website, a connection is established to the servers of Cookie-Script in order to obtain your consents and to provide explanations on the use of cookies. Your IP address is anonymised directly and Cookie-Script stores a cookie in your browser in order to be able to assign the consents given or their revocation. The stored data is kept until your erasure, the deletion of the Cookie-Script cookie or after 30 days at the latest. The use of cookie script is necessary to obtain the legally required consents for the use of cookies and to inform you about the processing of your data when visiting our website. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR.
We do not use any technically unnecessary cookies on our website that would require consent.
Links to social media and other third parties via graphics or text linksWe refer to our company presences in various social networks and platforms on our website. To prevent an automatic connection to the server of the respective social network, we use linked graphics. You will only be redirected to the service of the respective third-party provider after clicking on the graphic. After the forwarding, information about the user such as IP address, time and the page accessed can be collected by the target platform.
Please note that for some platforms, processing of the collected data in the USA cannot be ruled out.
If you have an account with the respective provider and are logged in to the respective network at the time of the visit, the network operator may be able to assign the collected information to this personal account. Any further interaction with the network, e.g. clicking on a "Share" or "Like" button, may result in this information being stored in your user account and possibly also published. To avoid the collected information being directly assigned to your user account, you can log out of your account before clicking on the graphic. You may also be able to make advanced configurations in the network settings to limit this.
The following platforms and services are integrated into our site through links:
FacebookWe are represented with a company presence on the social media platform Facebook. This enables us to get in touch with customers and interested parties and to present our company and our products.Facebook is a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025 (USA).We are jointly accountable with Meta Platforms Ireland Ltd. for the data processing that takes place on our corporate presence there and have therefore entered into a joint accountability agreement with Meta Platforms, which can be accessed here:
https://www.facebook.com/legal/terms/page_controller_addendum
We base the data processing on Art. 6 para. 1 lit f. Our legitimate interest lies in the promotion of our company on the widespread platform, the direct communication with interested parties. If you yourself have an account with the provider, you have agreed to Facebook's privacy policy. In this case, your consent (Art. 6 para. 1 lit. a) is the legal basis for the data processing that takes place.
We have no influence on the data processing carried out by Facebook and refer to the provider's data protection guidelines:
https://www.facebook.com/privacy/explanation
YouTube
We use YouTube to present our company and our services and products audiovisually. On our website you will therefore find links to our YouTube presence or videos of our company hosted there. The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in an appealing presentation of our company on the video platform used worldwide. YouTube is operated by Google Ireland Limited, a subsidiary of the US-based Google LLC. We are joint data controllers with Google on our YouTube company presence.
Due to Google's worldwide server locations and the company headquarters in the USA, user data may be processed outside the European Union, in particular in the USA. This may result in higher risks for users, especially with regard to the user rights set out in the GDPR, which cannot be fully exercised.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
(subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA)
As we have not directly integrated YouTube videos into our website, we refer to Google's data protection information with regard to the data processing that takes place when the videos are called up. We
Data protection information:
https://policies.google.com/privacy
Google Maps
On our website, we link to Google Maps to show our location and to create directions. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".
If you access the Google Maps link, the service will open in a new tab. The resulting processing of your data is the responsibility of Google.
The connection to Google established in this way enables Google to determine from which website your request was sent and to which IP address the directions are to be transmitted. We base the integration of the link on Art. 6 para. 1 lit. f: We have a legitimate interest in providing you with an easy way to find our geographical location and, if necessary, to provide directions.
The use of Google Maps and the information obtained via Google Maps is subject to the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=de
and the Terms and Conditions for Google Maps https://www.google.com/intl/de_de/help/terms_maps.html.
In addition, Google offers
https://adssettings.google.com/authenticated and
https://policies.google.com/privacy
for further information on your own handling of personal data collected.
Data processing in the company
We process personal data on the basis of data protection regulations of the General Data Protection Regulation (GDPR) as well as the Federal Data Protection Act (BDSG) and, if applicable, the data protection laws of the individual federal states. The data of the following groups of persons are processed by the respective responsible persons in the company for the fulfilment of tasks. Detailed information on the processing of personal data of these groups of persons can be obtained by clicking on the respective link in the upper part of this page.
In detail, this means:
Customer and prospective customer data are processed for the purpose of implementing and servicing the contractual relationship or the pre-contractual relationship as well as contact enquiries and communication on the basis of Art. 6 para. 1 sentence 1 letter b) GDPR and Art. 6 para. 1 sentence 1 letter c) GDPR.
personal data of our suppliers and service providers as well as their employees are processed for the initiation and implementation of our contractual relationships on the basis of Art. 6 para. 1 sentence 1 letter b) GDPR and Art. 6 para. 1 sentence 1 letter c) GDPR.
Employee data is stored for the purpose of establishing, implementing and terminating employment relationships (Art. 88 GDPR, § 26 BDSG).
Applicant data is stored for the purpose of carrying out the application procedure and deciding on the establishment of an employment relationship (Art. 88 GDPR, § 26 BDSG). Records of unsuccessful applicants are deleted a maximum of six months after the end of the application process.
Storage period
The personal data stored by us will be deleted in accordance with legal requirements. We delete the data as soon as it is no longer required for the purpose of processing, a given consent is revoked or other permissions cease to apply.Data that must still be stored, e.g. for reasons of commercial or tax law, or whose storage is still required for the assertion, exercise or defence of legal claims, will be deleted as soon as this is no longer the case.
Data subject rights
When we process personal data about you, you have the following data subject rights:
a right of access to the data processed and a right to obtain a copy,
a right of rectification if we process incorrect data about you,
a right to erasure, unless exceptions apply as to why we are still storing the data, e.g. retention obligations or limitation periodsa right to restriction of processing,
a right to withdraw consent to data processing at any time,
a right to object to processing in the public or legitimate interest,
a right to data portability,
a right of appeal to a data protection supervisor authority if you find that we are not processing your data properly. The State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg is responsible for our company. However, if you are in another federal state or not in Germany, you can also contact the data protection authority there.