Privacy Policy

This privacy policy (“policy”) sets out the basis on which any information that we collect from you or that you provide to us, will be processed by us through our online presence, connected websites, functions and contents, as well as on any of our external online services like social media profiles (“online offers”). Regarding the use of the terminology, e.g. „processing“ or „controller“, we refer you to the definition of Art. 4 of the General Data Protection Regulation (“GDPR”).

Controller
SBS Kühltechnik GmbH
Betonstraße 5
D-49324 Melle
Tel.+49 (0) 5422 701-201
Fax: +49 (0) 5422 701-250
Email: info(at)sbs-kt.de

Data Protection Officer
Dirk Menkhaus
IT'S Me GmbH & Co. KG
Dorfstraße 29
D-49124 Georgsmarienhütte
Tel.: 0 54 01/8 80 87 — 1
Email: dsb.menkhaus(at)it-s-me.com

Personal Data collected:

  • Basic data (e.g. name, address).
  • Contact data (e.g. Email, Telephone number).
  • Content data (e.g. text, photographs, videos).
  • User data (e.g. visited websites, interest in content, access time).
  • Meta-/data communication (e.g. device information, IP-address).

Categories of Affected Persons
Visitors and users of the online offers (“users“).

Processing Purpose

  • Providing online offer, its features and content.
  • Answering any contact requests and communicate with users.
  • Security of processing.
  • Measurement of reach / marketing

Used Terms
„personal data“ means any information relating to an identified or identifiable natural person („data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“data”).

„processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, which personal data includes but is not limited to any and all handling of data.

„pseudonymisation“ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

„profiling“ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

„controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

„processor“ means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;

Legal basis of processing
We inform you about the legal basis of our data processing in accordance with Art. 13 GDPR, whereby the following applies: Processing shall be lawful in accordance with Art. 6.1(a) GDPR and Art. 7 GDPR, when the data subject has given consent, when processing is necessary for the performance of a contract to which the data subject is party to (Art. 6.1(b) GDPR), for processing in order to fulfil our legal obligations (Art. 6.1 (c) GDPR) and for the processing in order to safeguard our legitimate interests (Art. 6.1 (f) GDPR).

Safety measures
In accordance with Art. 32 GDPR we take into account the state of the art technology, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor and implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.

Measures include but are not limited to ensuring the confidentiality, integrity and availability of data by controlling physical access to the personal data as well as their access, input, disclosure, availability of data and its separation. In addition, we have established procedures that ensure the enjoyment of data subject rights, data erasure and data vulnerability. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures, according to the principle of data protection by technology design and by privacy-friendly default settings taken into account (Art. 25 GDPR).

Collaboration between processor and third parties
If in the context of our processing we disclose personal data to other persons and companies (processors or third parties), transmit that personal data to them or otherwise grant access to the personal data, this will only be done on the basis of a legal permission (e.g. if a transmission of personal data to third parties, as required by payment service providers, pursuant to Art. 6.1. (b) GDPR to fulfil the contract), you have consented to a legal obligation or based on our legitimate interests (e.g. the use of agents, webhosts, etc.).

If we commission third parties to process personal data on the basis of a so-called „order processing contract“, this is done based on Art. 28 GDPR.

Transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the content of the use of third party services or disclosure or transmission of personal data to third parties, this will only be done to fulfil our (pre-)contractual obligations on the basis of your consent, a legal obligation or of our legitimate interests. Subject to legal or contractual permission, we process or have personal data processed in a third country only based on the special condition of Art. 44 ff. GDPR, e.g. based on specific guarantees, such as the officially recognised level of data protection (e.g. in the US through the privacy shield) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

Rights of data subjects
You have the right to ask for confirmation as to whether the personal data in question is being processed, which personal data is being held and do obtain a copy of the personal data pursuant to Art. 15 GDPR. 

Based on Art. 16 GDPR, you have the right to demand the completion or correction of your personal data.

In accordance with Art. 17 GDPR, you have the right to demand deletion of your personal data without delay or, alternatively, to require a restriction of the processing of personal data in accordance with Art. 18 GDPR.

You have the right to demand the personal data we hold on you is provided to you in accordance with Art. 20 GDPR and you can demand that it be transferred to another controller.

In accordance with Art. 77 GDPR you have the right to file a complaint with a regulatory authority.

Withdrawal
If the processing of personal data is based on consent, you have the right to withdrawal such consent granted in accordance with Art. 7.3. GDPR with effect for the future. The revocation of consent does not affect the legality of the processing of such personal data carried out based on the given consent until the date of revocation. Please address your withdrawal request to the controller.

Right to Cancel
You can object at any time to the future processing of your personal data in accordance with Art. 21 GDPR. The objection may be made against the processing of personal data regarding any direct marketing. Please direct your objection to the controller.

Cookies and right to object in direct advertising
„Cookies“ are small files that are stored on a user‘s computer, whereby different information can be stored within a cookie. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit to our online offer. Temporary cookies, or “session cookies“ or “transient cookies“ are cookies that are deleted after a user leaves our online service and closes the browser. Such a cookie can for example store the contents of a shopping cart in an online store or login details. The term “permanent” or “persistent” refers to cookies that remain stored even after the browser has been closed. This way, for example, login details will be saved and when a user visits the online offer after several days. In addition, such cookies can store the user’s interests, which are used for audience measurement or marketing purposes. A “third-party cookie” refers to cookies that are offered by providers other than the controller, who manages the online offer (otherwise, if it is only their cookies, this is called “first-party cookies”). We can use temporary and permanent cookies and inform you of this in this Policy.

If users do not want cookies to be stored on their computer, the user will be asked to disable the option in their own browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of the online offer.

A general objection to the use of cookies used for online marketing purposes can be declared in a variety of services, especially in case of tracking, through the US website www.aboutads.info/choices/ or through the EU website www.youronlinechoices.com. Furthermore, the storage of cookies can be achieved by switching them off in your browser settings. Please note that not all features of this online offer may then be used.

Deletion of personal data
Any personal data processed by us are either deleted or restricted in accordance with Art. 17 and Art. 18 GDPR. Unless explicitly stated in this Policy, personal data stored by us is deleted as soon as it is no longer required for its purpose and its deletion does not conflict with any statutory storage requirements. Where personal data is not deleted because of any legal statutory requirements, its processing will be restricted. This means that such personal data is being blocked and not processed for any other purposes, e.g. data that must be kept for commercial or tax reasons.

According to German legal requirements, the storage takes place for 10 years according to §§ 147.1 AO, §§ 257.1(1) and (4) HGB and §§ 257.4 HGB (books, records, management reports, accounting documents, trading books, relevant for taxation documents, etc.) and 6 years in accordance with § 257 (1) Nr. 2 and 3, Abs. 4 HGB (commercial letters).

Business-related processing
In addition we process

  • Contract data (e.g. objective, term, customer category)
  • Payment details (e.g. bank account details, payment history)

from our customers, prospective customers and business partners for the purpose of providing contractual services, customer care, marketing, advertising and market research.

Hosting
The hosting services we use to operate our online services are for the purpose of providing the following services: infrastructural- and platform services, computing capacity, storage and database services, security and technical maintenance.

We or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer based on our legitimate interests in an efficient and secure provision of this online offer (Art. 6.1(f) GDPR (conclusion of order-processing contract)).

Collection of access data and log files
We or our hosting provider, collect personal data on every access to the server on which the service is located (so-called server log files) based on our legitimate interests within the meaning of Art. 6.1(f) GDPR. The access data includes name of the accessed webpage, file name, date and time of access, amount of data transferred, message of successful retrieval, type of browser and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

For security purposes (e.g. to investigate abusive or fraudulent activities), such logfile information is stored for a maximum of 7 days and is then deleted. Where retention of such data is required for a longer period due to evidential purposes, such data shall be exempted from the cancellation until final clarification of the incident.

Administration, Accounting, Office Organisation, Contact Management
We process personal data in relation to administrative tasks and by way of organising our business, accounting department and compliance with any legal obligations, such as, for example, archiving. In doing this, we process the same data that we process in the course of rendering our contractual services. The processing principles are Art. 6.1(c) GDPR, Art. 6.1(f) GDPR. The process affects customers, prospective customers, business partners and website visitors. The purpose and our interest in processing the data lies in administration, accounting, office organisation, data archiving, i.e. tasks that serve to maintain our business, perform our duties and provide our services. The deletion of data with regard to contractual services and contractual communication takes place according to the legal retention periods. Please refer to the part „Deletion of personal data“.

We disclose or transmit data to the financial administration, consultants such as lawyers, accountants or auditors, and other fee agents and payment service providers.

Furthermore, based on our business interests, we store information about suppliers, promoters and other business partners, e.g. for contacting them at a later stage. We generally store this kind of company-related data permanently.

Privacy policy in the application process
Applicants can send us their applications by way of email. However, we’d like to point out that emails are generally not sent encrypted so that applicants themselves must provide encryption. Therefore, we cannot take any responsibility for the application’s transmission between the sender and receipt on our server. We process the applicant’s data only for the purpose and in the context of the application process in accordance with the legal requirements. The processing of the applicant’s data takes place in order to establish an employment relationship in accordance with Art. 6.a (b) GDPR, Art. 88 GDPR, § 26 BDSG and Art. 6.1(f) GDPR subject to such processing of data becomes legally necessary.

The application process requires applicants to provide us with the applicant’s data. We receive such necessary applicant’s data by way of email. Otherwise, data is derived from the job description, which include personal details, postal details and contact details and any application documents, such as cover letter, CV and certificates or references. Any additional information provided by the applicant is done on a voluntary basis. By submitting such additional information, the applicant agrees to its processing.

Insofar as special categories of personal data regarding the application process are requested from an applicant in accordance with Art. 9.1 GDPR, the processing is carried out on the basis of Art. 9.2(b) GDPR (e.g. health data, if this is necessary for this professional application). Insofar as special categories of personal data within the meaning of Art. 9.1 GDPR are voluntarily communicated within the application procedure, such processing is additionally carried out in accordance within Art. 9.2(a) GDPR (e.g. health data such as disability or ethnic origin). By submitting this additional information, the applicant agrees to its processing.

On a successful application, the applicant’s data provided may further be processed by us for employment purposes. Where the job application is unsuccessful, the applicant’s data will be deleted. Applicant’s data will also be deleted if an application is withdrawn, which an applicant is entitled to at any time.

Any such deletion, subject to a legitimate revocation by the applicant, will take place after a six months period, in order to answer any follow-up questions by the applicant and to meet our obligations under the General Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with the tax regulations.

Contact
When contacting us (e.g. by contact form, email, telephone or via social media), the user’s information is processed in accordance with Art. 6.1. (b) GDPR to deal with the contact request. User information can be stored in a customer relationship management system (“CRM system") or any comparable system.

We will delete the request, if it is no longer required. We check this requirement every two years, subject to any legal archiving obligations, which may apply.

etracker
We use the analysis service “etracker” of etracker GmbH, Erste Brunnenstraße 1 20459 Hamburg, based on our legitimate interest (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6.a(f) GDPR). The data collected is analysed on a pseudonymised basis only, stored solely on servers in Germany and such data is not combined with other data or passed on to any third parties.

When storing user data, in particular, the IP addresses, device and domain data of the users are only stored on a shortened basis or encrypted, so that identification of an individual user is not possible. The shortening of the IP address takes place automatically by default as early as possible. From the data processed by etracker, pseudonymous user profiles are created through the use of cookies. However, identifiers for recognising an app user, performing session and cross-device tracking and providing behavioural data for remarketing are certainly pseudonymised or encrypted. Furthermore, etracker confirms protection of the user’s processed data by concluding a contract processing agreement in accordance with Art. 28.3(a) GDPR.

You can object to the collection and storage of data at any time with effect for the future. In order to do so, you can obtain an opt-out cookie from etracker under the following link, which ensures that no visitor data from your browse will be collected and stored by etracker in the future: http://www.etracker.de/privacy?et=CbgxEg.

The opt-out sets an opt-out cookie with the name "cntcookie" by etracker. Please do not delete this cookie as long as you want to object to the collection and storage of such data.  

For more information, see the etracker privacy policy: https://www.etracker.com/datenschutz.

Integration of services and contents of third parties
Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6.a(f) GDPR), we make use of content or services offered by third-party providers in order to provide their content and services, like including videos and fonts (collectively referred to as “Content”).

This always presupposes that third-party providers of this content uses the IP address of the users, as such content without the use of this IP address can otherwise not be send to the user’s browser. Due to this the IP address is therefore required for such presentation of this content. We endeavour to use only such content, where respective providers only use the IP address for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons") for statistical or marketing purposes. Such "pixel-tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored as cookies on the user’s device and may include but is not limited to technical information about the browser and operating system, referring webpages, time of visit and other information regarding the use of our online offer.

Youtube
We embed videos from the YouTube-platform of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Maps
We embed maps from “Google Maps”, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The processed data may include users‘ IP addresses and location data, but these are not collected without your consent (usually through your settings of your mobile devices). The data can be processed in the USA: Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.