- Data protection – Overview
Data collection on our website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the website operator’s contact details in the Legal Notice section of this website.
How do we collect your data?
Firstly, we collect your data when you submit it to us. This may be, for example, data that you enter in a contact form.
Other data is collected automatically by our IT systems when you visit our website. This is mainly technical data (e.g., concerning your internet browser, operating system or the time of the page view). This data is collected automatically as soon as you enter our website.
For what purpose do we use your data?
Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data, free of charge and at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address provided in the Legal Notice for more information about this or with any other queries on the subject of data protection. Furthermore, you have the right of appeal to the competent supervisory authority.
Analysis tools and tools from third-party providers
- General notes and mandatory information
We would like to point out that data transmission on the internet (e.g., communication by e-mail) may not be secure. Complete protection of the data against access by third parties is not possible.
Information about the data controller
The data controller for the processing of data on this website is:
Karl SPÄH GmbH & Co. KG
Phone: +49 7572 602-0
The data controller is the natural person or legal entity who/which alone or jointly with others determines the purposes and means of the processing of personal data (e.g., last names, e-mail addresses, etc.).
Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. You may withdraw any consent you have previously granted at any time. To do so, you can simply send us an informal message by e-mail. The withdrawal of your consent shall not affect the lawfulness of the previously completed data processing operations.
Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection under Art. 21 (2) GDPR).
Right of appeal to the competent supervisory authority
In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. Said right of appeal is without prejudice to other administrative or judicial remedies.
Right of data portability
You have the right to have data that we process automatically on the basis of your consent or to fulfill a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another data controller, this will only be done insofar as it is technically feasible.
SSL and TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser address bar changes from “http://” to “https://” and by the appearance of the padlock symbol in your browser bar.
If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.
Information, blocking, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, the purpose of the data processing and, if applicable, the right to have this data corrected, blocked or deleted. For this purpose, and if you have any other queries on the subject of personal data, you can contact us at any time at the address provided in the Legal Notice.
Right to restrict processing
You have the right to request that we restrict the processing of your personal data. To do so, you can contact us at any time at the address provided in the Legal Notice. The right to restrict processing exists in the following cases:
- If you dispute the accuracy of your personal data that is stored by us, we will usually need time to verify this. For the duration of the review, you have the right to request that we restrict the processing of your personal data.
- If the processing of your personal data was/is unlawful, you may request a restriction of its processing instead of its deletion.
- If we no longer need your personal data, but you need it to exercise or enforce – or defend against – legal claims, you have the right to request the restriction of the processing of your personal data instead of its deletion.
- If you have lodged an appeal pursuant to Art. 21 (1) GDPR, your interests must be weighed against ours accordingly. Until such time as it is determined whose interests shall prevail, you shall have the right to request that we restrict the processing of your personal data.
If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or to assert or exercise – or defend against – legal claims or for the protection of the rights of another natural person or legal entity or for reasons of substantial public interest in the European Union or a Member State.
Objection to advertising e-mails
Any use of the contact information published within the scope of our obligation to provide publication details under German law (“Impressumspflicht”) for the transmission of unsolicited advertising and/or information materials is hereby prohibited. The website operators expressly reserve the right to take legal action upon receipt of unsolicited advertising information, such as spam e-mails.
- Data protection officer
Legally mandated data protection officer
We have appointed a data protection officer for our company.
Phone: 0151 176 409 68
- Data collection on our website
Some of our web pages contain “cookies”. Cookies do not harm your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are downloaded onto your computer and stored by your browser.
Most of the cookies we use are “session cookies”. They are automatically deleted after the end of your visit. Other cookies will remain stored on your end device until you delete them. These cookies allow us to recognize your browser during your next visit.
You can configure your browser to alert you before storing cookies, and to only allow cookies in individual cases. You can also refuse to accept cookies, either in specific cases or generally, and enable the automatic deletion of cookies when you close the browser. If cookies are disabled, the functionality of this website may be limited.
Server log files
The website provider automatically collects and stores information in “server log files”, which your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
The collection of this data is based on Art. 6 (1) f) GDPR. The website operator has a legitimate interest in ensuring the error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.
If you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact data you enter there, will be stored by us for the purpose of processing your inquiry and in case of follow-up questions. We will not disclose this data to third parties without your consent.
The processing of the data entered in the contact form is therefore based exclusively on your consent (Art. 6 (1) a) GDPR). You may withdraw this consent at any time. To do so, you can simply send us an informal message by e-mail. The withdrawal of your consent shall not affect the lawfulness of the previously completed data processing operations.
The data you enter in the contact form will be stored by us until such time as you ask us to delete it, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g., after we have completed processing your request). Any mandatory legal provisions – in particular, statutory retention periods – shall remain unaffected.
Inquiries by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not disclose this data to third parties without your consent.
We will process this data on the basis of Art. 6 (1) b) GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your permission (Art. 6 (1) a) GDPR) and/or on our legitimate interests (Art. 6 (1) f) GDPR), since we have a legitimate interest in ensuring the efficient processing of inquiries addressed to us.
The data you send to us via your contact requests will remain with us until such time as you ask us to delete it, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g., after we have completed processing your request). Any mandatory legal provisions – in particular, statutory retention periods – shall remain unaffected.
Registering on this Website
You can register on our website in order to use additional features of the site. We use the data you submit for this purpose solely for the purpose of facilitating your use of the respective offers or services for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
For important changes, for example with regard to the scope of the service or necessary technical changes, we will use the e-mail address you provided during registration to inform you accordingly.
We process the data submitted by you during registration on the basis of your consent (Art. 6 (1) a) GDPR). You may withdraw any consent you have previously granted at any time. To do so, you can simply send us an informal message by e-mail. The lawfulness of the data processing operations carried out prior to the withdrawal of your consent shall remain unaffected.
We will store the data we collected when you registered until such time as you are no longer registered on our website, whereupon we will delete it. Any statutory retention periods shall remain unaffected.
- Analysis tools and advertising
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. Google Tag Manager does not directly create user profiles, store cookies or perform any independent analyses. It is only used to manage and provide the associated integrated tools. However, Google Tag Manager collects your IP address, which may also be transferred to Google’s parent company in the United States. The use of Google Tag Manager is based on Art. 6 (1) f) GDPR. The website operator has a legitimate interest in ensuring the fast and uncomplicated integration and management of various tools on its website. If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) a) GDPR and § 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g., device fingerprinting) as defined in the TTDSG. This consent can be withdrawn at any time.
This website uses functions of the Google Analytics web analysis service. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses “cookies”. These are text files that are stored on your computer and make it possible to analyze your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 (1) f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising measures.
We have enabled IP anonymization on this website. As a result, your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the website operator. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other data by Google.
Objection to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be stored that prevents the collection of your data during future visits to this website: Disable Google Analytics.
Contract data processing
We have concluded a contract with Google for the processing of orders, whereby we ensure strict compliance with the requirements set forth by the German data protection authorities when using Google Analytics.
Demographics feature of Google Analytics
This website uses the “Demographics” feature of Google Analytics. This allows reports to be generated that contain information about the age, gender and interests of visitors to the website. This data originates from interest-based advertising served by Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can disable this feature at any time via the ad settings in your Google account, or generally prohibit the collection of your data by Google Analytics as shown under “Opt out of data collection".
This website uses Google AdSense, a service for embedding ads provided by Google Inc. (“Google”). The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google AdSense uses “cookies”, which are text files stored on your computer that make it possible to analyze how visitors interact with the website. Google AdSense also uses “web beacons” (invisible graphics). These web beacons allow specific information to be analyzed, such as visitor traffic on these web pages.
The information generated by cookies and web beacons about the use of this website (including your IP address) and the delivery of advertising formats is transmitted to a Google server in the USA and stored there. This information may be additionally shared by Google with its contractual partners. However, Google will not merge your IP address with other data stored by you.
The storage of AdSense cookies is based on Art. 6 (1) f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising measures.
You can prevent the installation of cookies by selecting the appropriate settings on your browser. However please note that if you do so you may not be able to use all features of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Google Analytics Remarketing
Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functionality of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This makes it possible to link the advertising target groups created with Google Analytics Remarketing to the cross-device functionality of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have already been tailored to you on the basis of your previous usage and surfing behavior on one end device (e.g., your cell phone) can also be displayed on another of your end devices (e.g., your tablet or PC).
If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on every device via which you log in with your Google account.
To support this feature, Google Analytics collects google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target groups for cross-device advertising.
You can permanently opt out of cross-device remarketing/targeting by deactivating personalized advertising in your Google account. To do so, follow this link: https://www.google.com/settings/ads/onweb/.
The aggregation of the collected data in your Google account is based solely on your consent, which you can give or withdraw vis-a-vis Google (Art. 6 (1) a) GDPR). For data collection processes that are not aggregated in your Google account (e.g., because you do not have a Google account or have blocked such aggregation), the data collection is based on Art. 6 (1) f) GDPR. In this case, the legitimate interest arises from the fact that the website operator has an interest in an anonymized analysis of the website’s visitors for advertising purposes.
Google AdWords and Google Conversion Tracking
This Website uses Google AdWords. AdWords is an online advertising program provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
Within the scope of Google AdWords, we use “conversion tracking”. If you click on an ad placed by Google, a cookie is stored to enable conversion tracking. Cookies are small text files stored via the internet browser on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to the relevant page.
Each Google AdWords customer receives a different cookie. The cookies cannot be tracked through AdWords customers’ websites. The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have opted to use conversion tracking. The customer can thus see the total number of users who clicked on their ad and were redirected to a page containing a conversion tracking tag. However, they do not receive any information that allows users to be personally identified. If you do not wish to participate in the aforementioned tracking process, you can opt out by simply blocking the Google conversion tracking cookie via your internet browser’s user settings. You will subsequently not be included in the conversion tracking statistics.
The storage of “conversion cookies” and the use of this tracking tool are based on Art. 6 (1) f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising measures.
You can configure your browser so that you will be notified about the storage of cookies and can choose to allow cookies only in individual cases, block cookies in certain cases or generally, and enable the automatic deletion of cookies when you close the browser. If you disable cookies, the functionality of this website may be limited.
If you would like to receive the newsletter offered on our website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the provided e-mail address and that you agree to receive the newsletter. Additional data is not collected unless provided on a voluntary basis. We use this data exclusively to send you the requested information and do not share it with third parties.
The processing of the data you enter in our newsletter registration form is based exclusively on your consent (Art. 6 (1) a) GDPR). You can withdraw your consent to the storage of your data and your e-mail address, as well as our use of the latter to send you our newsletter at any time, for example via the “unsubscribe” link in the newsletter. The withdrawal of your consent shall not affect the lawfulness of the previously completed data processing operations.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. This does not apply to data stored by us for other purposes.
This website uses CleverReach for the purpose of sending newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service that can be used to organize and analyze newsletter distribution. The data you enter for the purpose of receiving newsletters (e.g., your e-mail address) is stored on CleverReach’s servers in Germany or Ireland.
Our newsletters sent via CleverReach allow us to analyze the behavior of newsletter recipients. Among other things, we can thus analyze how many recipients have opened the newsletter message and how often each link in the newsletter was clicked. With the help of “conversion tracking”, it is also possible to determine whether a predefined action (e.g., the purchase of a product on our website) has taken place as a result of the reader clicking the corresponding link in the newsletter. For additional information on data analysis through CleverReach newsletters, please visit: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
The data processing is based on your consent (Art. 6 (1) a) GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The withdrawal of your consent shall not affect the lawfulness of the previously completed data processing operations.
If you wish to opt out of data analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter. Furthermore, you can also unsubscribe from the newsletter directly on our website.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter. This shall not apply to data stored by us for other purposes.
Conclusion of a contract for data processing
We have concluded a contract with CleverReach for data processing. We ensure full compliance with the strict requirements set forth by the German data protection authorities when using CleverReach.
You can use a chat function on some of our websites. This is not a chatbot – the chat function is operated by our employees. For this reason, the chat function is only available during normal working hours.
For the chat function itself we use a solution from the company Webschuppen. We have concluded a data processing contract with the company Webschuppen in accordance with the GDPR.
Your data is processed exclusively on servers located in Germany.
Since the chat function requires cookies, which require your consent, you have the option to give this consent via our consent banner when you visit our web page. If you do not provide this consent, the chat window will not be displayed. You can then send us your questions by e-mail.
The legal basis for the processing of your personal data is Art. 6 (1) b) GDPR (fulfillment of a contract) when it comes to the processing of chat content.
For the technical integration of the chat function and the processing of your data for this purpose, we will request your consent. The legal basis in this case is Art. 6 (1) a) GDPR.
- Plugins and tools
YouTube with enhanced privacy features
Our website uses plugins from the website YouTube. The website operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
We use YouTube in “enhanced privacy mode”. According to YouTube, this mode causes YouTube not to store information about visitors to this website before they watch the video. The transfer of data to YouTube’s partners, on the other hand, is not necessarily ruled out in enhanced privacy mode. Thus, YouTube – regardless of whether or not you watch a video – connects to the Google DoubleClick network.
As soon as you start a YouTube video on our website, a connection to YouTube’s servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, this enables YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube may store various cookies on your end device after a video is started. These cookies allow YouTube to obtain information about visitors to our website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud. The cookies will remain on your end device until you delete them.
If necessary, additional data processing operations may be triggered after the start of a YouTube video, over which we have no control.
We use services from YouTube in the interest of ensuring an appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 (1) f) GDPR.
Google Web Fonts
This website uses “web fonts” provided by Google to ensure that fonts are uniformly displayed. The Google Fonts are installed locally. A connection to Google servers does not take place.
This site uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the features of Google Maps, it is necessary for Google to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this website has no control over this data transmission. If Google Maps is enabled, Google may use Google Web Fonts for the purpose of displaying fonts in a uniform manner. When you access Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
We use Google Maps based on our interest in ensuring an appealing presentation of our online service and to make it easy to find the places mentioned on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) f) GDPR. If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) a) GDPR and § 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g., device fingerprinting) as defined in the TTDSG. This consent may be withdrawn at any time.
Data transfers to the USA are based on the standard contractual clauses of the EU Commission. You can find these here: <a href="https://privacy.google.com/businesses/gdprcontrollerterms/">https://privacy.google.com/businesses/gdprcontrollerterms/</a> and <a href="https://privacy.google.com/businesses/gdprcontrollerterms/sccs/">https://privacy.google.com/businesses/gdprcontrollerterms/sccs/</a>.
- General information requirements in accordance with Art. 13 GDPR
What data concerning you will we process? And for what purpose?
If we have received data from you, we will generally only process this data for the purposes for which we received or collected it.
Data processing for other purposes shall only be considered if the respective legal requirements pursuant to Art. 6 (4) GDPR are met. We will, of course, comply with any information obligations pursuant to Art. 13 (3) GDPR and Art. 14 (4) GDPR in such cases.
What is the legal basis for this?
In principle, the legal basis for the processing of personal data – insofar as there are no other specific legal provisions – is Art. 6 GDPR. The following considerations in particular may apply:
- Consent (Art. 6 ( 1) a) GDPR)
- Data processing for the performance of contracts (Art. 6 (1) b) GDPR
- Data processing on the basis of a weighing of interests (Art. 6 (1) f) GDPR)
- Data processing for the fulfillment of a legal obligation (Art. 6 (1) c) GDPR)
If personal data is processed on the basis of your consent, you have the right to withdraw your consent at any time with effect for the future.
If we process data on the basis of a weighing of interests, as the data subject you have the right to object to the processing of your personal data, taking into account the requirements of Art. 21 GDPR.
For how long will your data be stored?
We will process your data for as long as necessary for the respective purposes.
Insofar as statutory retention obligations exist – e.g., under commercial law or tax law – the personal data concerned will be stored in accordance with such retention obligations. Upon expiration of our retention obligation, we will verify whether or not continued processing of the data is necessary. If the data is no longer required, it will be deleted.
We always review data at the end of the calendar year to determine whether its continued processing is necessary. Due to the volume of data, this review is based on specific types of data or the purposes of the respective processing operations.
To which recipients will the data be forwarded?
Your personal data will only be passed on to third parties if this is necessary for the performance of the contract with you, if the transfer is permissible on the basis of a weighing of interests as defined in Art. 6 (1) f) GDPR, if we are legally obliged to forward this data, or if you have given your consent for us to do so.
Where is the data processed?
Your data will be processed exclusively in the Federal Republic of Germany.
What are your rights as a data subject?
Your rights as a data subject are explained in section 2
- Information requirements for applicants
What data concerning you will we process? And for what purpose?
We will process the data that you send us in the context of your application in order to assess your suitability for the position (or another vacant position in our company) and to carry out our application process.
What is the legal basis for this?
The legal basis for the processing of your personal data as part of our application process is primarily Section 26 of the German Data Protection Act (BDSG) in the applicable version dated May 25, 2018. Accordingly, the processing of data that is needed to reach a decision on the establishment of an employment relationship is permissible.
If the data is necessary for the purposes of prosecution after the application process has been completed, the data may be processed based on the requirements set forth in Art. 6 GDPR, in particular for the purpose of pursuing our legitimate interests in accordance with Art. 6 (1) f) GDPR. In such cases, our interest lies in the assertion of or defense against claims.
For how long will the data be stored?
Applicants’ data will be deleted after six months in case of rejection.
If you are accepted for a position during the application process, the data obtained via your application documents will be transferred to our HR information system.
To which recipients will this data be forwarded?
Your data will only be processed by us internally and will not be forwarded to third parties.
Your applicant data will be viewed by our HR department after receipt of your application. Suitable applications will be transferred internally to the head of the department seeking to fill the vacant position. Subsequently, the next steps will be discussed and agreed. Within our company, only staff members who require your data to ensure the proper functioning of our application process will be given access to your data.
What are your rights as a data subject?
Your rights as a data subject are explained in section 2