Privacy Policy

Design Award Logo

We thank you for visiting our homepage. The secure handling of your data is especially important to us. Therefore, we would like to inform you in detail about the use of your data when you visit our website.

1. DEFINITIONS

This privacy policy is based on the terminology used by the European legislator when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable both for the public and for our customers and business partners. To ensure this, we first want to explain the terms used.

In this privacy policy, we use the following terms, among others:

  • Personal data: Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Data subject: Data subject means any identified or identifiable natural person whose personal data is processed by the controller.
  • Processing: Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • Restriction of processing: Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
  • Profiling: Profiling means any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  • Pseudonymization: Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  • Controller or responsible party: Controller or responsible party means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. If the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processor: Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Recipient: Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry shall not be regarded as recipients.
  • Third party: Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  • Consent: Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. DATA COLLECTION

Our website collects a series of general data and information with each access by a data subject or automated system. This general data and information is stored in the server log files. The data collected can include:

  • The browser types and versions used
  • The operating system used by the accessing system
  • The website from which an accessing system reached our website (so-called referrer)
  • The subpages which are accessed via an accessing system on our website
  • The date and time of access to the website
  • Name and URL of the retrieved file
  • An Internet Protocol address (IP address)
  • Date and time of access
  • The Internet service provider of the accessing system
  • Other similar data and information which serve to avert risks in case of attacks on our information technology systems.

When using this general data and information, we do not draw conclusions about the data subject. Rather, this information is needed to:

  • Deliver the content of our website correctly
  • Ensure a smooth connection to our website
  • Optimize the content of our website as well as the advertising for it
  • Ensure the permanent functionality and evaluate the security and stability of our IT systems and website technology
  • Provide law enforcement authorities with the necessary information for prosecution in the event of a cyberattack.

These anonymized data and information are therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company, so as to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest results from the above-mentioned purposes of data collection. Under no circumstances do we collect the data to draw conclusions about your person.

3. DATA DISCLOSURE

A transfer of your personal data to third parties for purposes other than those listed below will only take place if:

  • You have given your explicit consent pursuant to Article 6(1)(a) GDPR,
  • The disclosure pursuant to Article 6(1)(f) GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in non-disclosure of your data,
  • In the event that a legal obligation exists for the disclosure pursuant to Article 6(1)(c) GDPR, as well as
  • This is legally permissible and pursuant to Article 6(1)(b) GDPR necessary for the processing of contractual relationships with you.

4. LEGAL OR CONTRACTUAL REQUIREMENTS TO PROVIDE PERSONAL DATA; NECESSITY FOR CONTRACT CONCLUSION; OBLIGATION OF THE DATA SUBJECT TO PROVIDE PERSONAL DATA; POSSIBLE CONSEQUENCES OF NON-PROVISION

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual agreements (e.g. information about the contracting party). Sometimes it may be necessary for a data subject to provide us with personal data to conclude a contract, which must then be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide personal data would result in the contract with the data subject not being concluded.

Before providing personal data, the data subject must contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of personal data is legally or contractually required or necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what consequences the failure to provide personal data would have.

5. DATA USE FOR EMAIL NEWSLETTER REGISTRATION

On our website, we may offer users the opportunity to subscribe to a newsletter of our company, subject to the following:

We use your email address to send a newsletter only if you have explicitly consented pursuant to Article 6(1)(a) GDPR.

The personal data transmitted to the controller when ordering the newsletter results from the input mask used for this purpose.

We regularly inform our customers and business partners by means of a newsletter about offers of the company. The newsletter can generally only be received by the data subject if:

  • The data subject has a valid email address, and
  • The data subject registers for the newsletter dispatch.

For legal reasons, a confirmation email will be sent to the email address entered by the data subject for the first time for newsletter dispatch in a double opt-in procedure. This confirmation email serves to verify whether the owner of the email address as the data subject has authorized the receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by the Internet service provider (ISP) of the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to be able to trace (possible) misuse of the email address of a data subject at a later point in time and therefore serves the legal protection of the controller.

The personal data collected in the context of newsletter registration will only be used to send our newsletter. Furthermore, subscribers to the newsletter may be informed by email if this is necessary for the operation of the newsletter service or registration, e.g. in the case of changes to the newsletter offer or technical changes. There is no transfer of the personal data collected in the newsletter service to third parties.

The newsletter subscription can be terminated by the data subject at any time. The consent to the storage of personal data given by the data subject for sending the newsletter can be revoked at any time. For the purpose of revoking consent, each newsletter contains a corresponding link. Furthermore, it is possible to unsubscribe from the newsletter dispatch at any time directly on the website of the controller or to notify the controller in another way.

6. HOSTING

We created this website using Webflow. Webflow is a product of Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103.

Webflow functions as a SaaS application, enabling designers to create responsive websites using browser-based visual editing software. Webflow automatically generates HTML, CSS, and JavaScript. Using Webflow offers both website creators a powerful tool for precise and visually appealing web design, as well as website users a fast and pleasant browsing experience.

In the course of using Webflow, personal data of the website user is transmitted to and processed in the USA. On July 10, 2023, the EU Commission issued an adequacy decision pursuant to Art. 45(1) GDPR on the adequacy of the level of protection for personal data under the EU-US Data Privacy Framework. Based on this, controllers can transmit personal data to certified companies and organizations in the USA without having to take suitable safeguards and additional measures or rely on specific exceptions. The US Department of Commerce has published a list of US companies that have self-certified to the Department and committed to complying with the principles of the EU-US Data Privacy Framework. Webflow has accordingly certified itself and is listed on this list. Further information can be found at: https://www.dataprivacyframework.gov/s/.

To ensure data protection compliant processing, a data processing agreement has been concluded with Webflow on the basis of Art. 28 GDPR in conjunction with the EU standard contractual clauses.

The legal basis for processing personal data in the context of using Webflow is Art. 6(1)(f) GDPR.

More information about the purpose and scope of data collection and processing by Webflow can be found in the respective privacy policies of Webflow, available at: https://webflow.com/legal/privacy.

7. NEWSLETTER TRACKING

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format, allowing log file recording and analysis. This enables statistical evaluation of the success or failure of online marketing campaigns. Through the embedded tracking pixel, we can see if and when an email was opened by a data subject and which links in the email were clicked.

Such personal data collected via tracking pixels contained in newsletters are stored and evaluated by the controller to optimize newsletter dispatch and better tailor the content of future newsletters to the interests of the data subject. These personal data are not passed on to third parties.

Data subjects can revoke the related consent given via the double opt-in procedure at any time. After revocation, the controller deletes these personal data. Unsubscribing from the newsletter is automatically interpreted as a revocation.

8. CONTACT POSSIBILITY VIA THE WEBSITE

Our website contains information due to legal requirements that enable fast electronic contact with our company and immediate communication with us, including a general email address.

If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored. Such voluntarily transmitted personal data are stored for the purpose of processing or contacting the data subject. There is no transfer of these personal data to third parties.

9. USE OF COOKIES

To make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files stored on your device.

The data processed through cookies are necessary to safeguard our legitimate interests and those of third parties pursuant to Art. 6(1)(f) GDPR for the stated purposes.

Some of the cookies used by us are deleted after the end of the browser session (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser upon your next visit (persistent cookies). You can set your browser to inform you about the setting of cookies and to decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or generally. If you do not accept cookies, the functionality of our website may be restricted.

10. USE OF GOOGLE (UNIVERSAL) ANALYTICS FOR WEB ANALYSIS

This website uses Google (Universal) Analytics, a web analysis service of Google Inc. (www.google.de). Google (Universal) Analytics uses methods that allow an analysis of the use of the website by you, such as "cookies," text files that are stored on your computer.

The information generated about your use of this website is usually transferred to and stored on a Google server in the USA. By activating IP anonymization on this website, the IP address is shortened within member states of the European Union or other parties to the Agreement on the European Economic Area before transmission. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser to Google Analytics is not merged with other data from Google.

You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plug-in available at: http://wbs.is/rom89.

Alternatively, you can click this link to prevent future collection by Google Analytics on this website. This places an opt-out cookie on your device. If you delete your cookies, you will have to click the link again.

The user can set an opt-out cookie by clicking "this link" in the privacy policy. For the opt-out cookie, a script must always be inserted before the actual Google Analytics script in the source code. How to implement this can be found on the Google Analytics website: http://wbs.is/rom71.

11. USE OF FACEBOOK SOCIAL PLUG-INS WITH THE "2-CLICK SOLUTION"

Our website may use so-called social plug-ins ("plugins") from the social network Facebook. This service is offered by Facebook Inc. ("provider").

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). An overview of Facebook plugins and their appearance can be found here: http://wbs.is/rom90.

To increase the protection of your data when visiting our website, the plugins are integrated into the page using the so-called "2-click solution." This integration ensures that when a page of our website containing such plugins is called up, no connection to Facebook servers is established. Only when you activate the plugins and thus give your consent to the data transmission does your browser establish a direct connection to the Facebook servers. The content of the respective plugin is transmitted directly to your browser and integrated into the page. By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not logged in. This information (including your IP address) is transmitted directly by your browser to a Facebook server in the USA and stored there. If you interact with the plugins, e.g. by clicking the "Like" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and shown to your contacts there. For information on the purpose and scope of data collection and the further processing and use of the data by Facebook as well as your rights and setting options to protect your privacy, please refer to the Facebook privacy policy at http://wbs.is/rom91.

12. EMBEDDED VIDEOS AND IMAGES FROM EXTERNAL WEBSITES

Some of our pages may contain embedded content from YouTube or Instagram. When a page from our internet offer containing embedded videos or images from our YouTube and/or Instagram channel is accessed, no personal data except the IP address is transmitted. The IP address is transmitted to Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") in the case of YouTube and to Instagram Inc., 181 SouthPark Street Suite 2 San Francisco, California 94107, USA ("Instagram") in the case of Instagram.

13. ANNOUNCEMENT OF CHANGES

Changes in laws or changes in our internal processes may make an adjustment of this privacy policy necessary. In such a case, we will inform you no later than six weeks before the changes take effect. You generally have a right of withdrawal (No. 6) regarding your given consents.

Please note that (unless you make use of your right of withdrawal) the respective current version of the privacy policy is valid.

14. UPDATING/DELETION OF YOUR PERSONAL DATA

You have the right at any time to check, change or delete the personal data provided to us by sending an email to the email address provided at the end of this text. If you are a member with us, you can also exclude the receipt of further information for the future there.

You also have the right to revoke any consents once given with effect for the future at any time.

The deletion of stored personal data takes place if you revoke your consent to storage.

The controller processes and stores personal data of the data subject only for as long as necessary to achieve the storage purpose or as provided for by the European legislator or another competent legislator in laws or regulations to which the controller is subject.

If the storage purpose ceases to apply or a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or deleted in accordance with legal requirements.

15. RIGHTS OF DATA SUBJECTS

Every data subject has the right granted by the European legislator to request confirmation from the controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right to confirmation, they may contact our data protection officer or another employee of the controller at any time.

Every data subject who is affected by the processing of personal data has the right granted by the European legislator to receive free information at any time about the personal data stored concerning them and a copy of this information (Article 15 GDPR). Furthermore, the European legislator has granted the data subject the right to information about:

  • The purposes of processing
  • The categories of personal data processed
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organizations
  • If possible, the planned duration for which the personal data will be stored, or if not possible, the criteria used to determine that duration
  • The existence of a right to rectification or erasure of personal data or restriction of processing by the controller or objection to such processing
  • The existence of a right to lodge a complaint with a supervisory authority
  • If the personal data are not collected from the data subject, all available information about their source
  • The existence of automated decision-making, including profiling pursuant to Art. 22(1) and (4) GDPR and — at least in these cases — meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

Furthermore, the data subject has the right to know whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to be informed about the appropriate safeguards related to the transfer.

Every data subject has the right to request immediate correction of inaccurate personal data concerning them (Article 16 GDPR). Furthermore, they have the right to demand completion of incomplete personal data — including by means of a supplementary statement — considering the purposes of the processing.

If a data subject wishes to exercise this right to rectification, they may contact our data protection officer or another employee of the controller at any time.

Every data subject has the right to request that the controller erase personal data concerning them without delay (Article 17 GDPR), if one of the following grounds applies and processing is not necessary:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed
  • The data subject withdraws consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal ground for processing
  • The data subject objects to processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for processing, or the data subject objects pursuant to Article 21(2) GDPR
  • The personal data have been unlawfully processed
  • The deletion of personal data is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject
  • The personal data have been collected in relation to the offer of information society services pursuant to Article 8(1) GDPR

If one of the above reasons applies and a data subject wishes to request deletion of personal data stored with us, they may contact our data protection officer or another employee of the controller at any time. The data protection officer or another employee will arrange for the deletion request to be complied with immediately.

If the personal data have been made public by us and our company as the controller is obliged to delete personal data pursuant to Article 17(1) GDPR, we will take appropriate technical and organizational measures — taking into account available technology and implementation costs — to inform other controllers processing the published personal data that the data subject has requested deletion of all links to this personal data or copies or replications of this personal data, unless processing is required. Our data protection officer or another employee will arrange the necessary in individual cases.

Every data subject has the right to request restriction of processing (Article 18 GDPR) if one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy
  • The processing is unlawful and the data subject opposes deletion and requests restriction instead
  • The controller no longer needs the personal data for processing purposes, but the data subject requires them for the establishment, exercise or defense of legal claims
  • The data subject has objected to processing pursuant to Article 21(1) GDPR and it is not yet certain whether the legitimate grounds of the controller override those of the data subject

If one of the above applies and a data subject wishes to request restriction of personal data stored with us, they may contact our data protection officer or another employee of the controller at any time. The data protection officer or another employee will arrange restriction of processing.

Every data subject has the right to receive the personal data they have provided to a controller in a structured, commonly used and machine-readable format. They also have the right to transmit these data to another controller without hindrance from the controller to whom the personal data were provided, if the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means, provided the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, the data subject has the right, pursuant to Article 20(1) GDPR, to have the personal data transmitted directly from one controller to another, insofar as this is technically feasible and does not adversely affect the rights and freedoms of others.

To assert the right to data portability, the data subject may contact the data protection officer or another employee at any time.

Every data subject has the right to object at any time, for reasons arising from their particular situation, to processing of personal data concerning them based on Article 6(1)(e) or (f) GDPR, including profiling based on these provisions.

Every data subject has the right to object to processing of personal data for direct marketing purposes at any time. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, we will no longer process the personal data for these purposes.

The data subject also has the right to object, for reasons arising from their particular situation, to processing of personal data for scientific, historical research or statistical purposes pursuant to Article 89(1) GDPR, unless processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject may contact our data protection officer or another employee. They are also free to exercise their objection right through automated procedures using technical specifications, regardless of Directive 2002/58/EC.

Every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision

  • Is necessary for entering into, or performance of, a contract between the data subject and a data controller, or
  • Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or
  • Is based on the data subject's explicit consent.

If the decision

  • Is necessary for entering into or performance of a contract between the data subject and the controller, or
  • Is based on the data subject's explicit consent,

We take reasonable measures to safeguard the data subject's rights and freedoms, including at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

If a data subject wishes to assert rights relating to automated decisions, they may contact our data protection officer or another employee of the controller at any time.

Every data subject has the right to revoke their consent to processing of personal data at any time.

If a data subject wishes to assert their right to revoke consent, they may contact our data protection officer or another employee of the controller at any time.

16. LEGAL BASIS OF PROCESSING

Article 6(1)(a) GDPR serves our company as the legal basis for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, such as processing necessary for delivery of goods or services, the processing is based on Article 6(1)(b) GDPR. The same applies to processing necessary to take pre-contractual measures, e.g. inquiries about our products or services. If our company is subject to a legal obligation requiring processing of personal data, such as to fulfill tax obligations, processing is based on Article 6(1)(c) GDPR. In rare cases, processing may be necessary to protect vital interests of the data subject or another natural person, such as in the event of injury in our company, and the processing would then be based on Article 6(1)(d) GDPR. Ultimately, processing may be based on Article 6(1)(f) GDPR. This legal basis covers processing not covered by the other legal bases, where processing is necessary for the legitimate interests of our company or a third party, provided the interests, rights, and freedoms of the data subject do not override those interests. Such processing operations are permitted because the European legislator expressly mentioned them. It held the view that a legitimate interest might be assumed if the data subject is a customer of the controller (Recital 47 sentence 2 GDPR).

17. LEGITIMATE INTERESTS PURSUED BY THE CONTROLLER OR A THIRD PARTY

If processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is conducting our business in favor of the well-being of all our employees and shareholders.

18. CONTROLLER OR YOUR CONTACT PERSON

If you have questions about collecting, processing, or using your personal data, requests for information, correction, blocking or deletion of data, as well as revocation of consent or objection to certain data uses, please contact:

Firma Feldmann GmbH Metall & Schmiedekunst
Business Division CORNECT® Exhibition
Mühlsteig 25
90579 Langenzenn
Phone: 09101-49770
Fax: 09101-497710
Email: datenschutz@feldmann.de