deen
deen

Privacy Policy

Privacy

Data protection and data security

Privacy policy

Thank you for visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point about which of your personal data we collect when you visit our website, and for what purposes it is used.

This data protection declaration applies to the Ferdinand Kreuzer website, which can be accessed under the domain www.sabamuehle.de and the various subdomains (“our website”).

Who is responsible and how do I contact them?

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

Ferdinand Kreutzer Sabamühle GmbH
Geschäftsführung Dipl. Kfm. Fabian Frank und Christine Sparvoli-Frank M.A., MEB
Burgbernheimer Str. 11
90431 Nürnberg
Phone: 0911-324720
E-Mail: info@saba.de


Data protection officer

Datenschutz Pöllinger GmbH
Dresdner Str. 38
92318 Neumarkt
Tel.: 09181-2705770
E-Mail: datenschutz@datenschutz-poellinger.de


You can find our information obligation in accordance with Articles 13 and 14 GDPR here:

Video Surveillance
Applicants
Customers / Prospective Customers
Suppliers
Social media


What is it about?

This data protection declaration meets the legal requirements for transparency in the processing of personal data. This means any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your date of birth, your email address, your IP address or user behavior when visiting a website. Information through which we cannot (or only with disproportionate effort) establish a connection to you personally, e.g. through anonymization, is not personal data. The processing of personal data (e.g. collection, query, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no lawful reasons for further retention of the data. We will inform you about the specific storage periods and criteria for storage in the individual processing operations. Regardless of this, we store your personal data in individual cases to assert, exercise or defend legal claims and if there are statutory retention obligations.


Who receives my data?

We only pass on your personal data that we process on our website to third parties if this is necessary to fulfill legitimate purposes and each individual case is covered by the legal basis (e.g. consent or protection of legitimate interests). In addition, in individual cases we pass on personal data to third parties if this serves to assert, exercise or defend legal claims. Possible recipients can then be, for example, law enforcement authorities, lawyers, auditors, courts, etc.

To the extent that we use service providers to operate our website who process personal data on our behalf as part of order processing in accordance with Art. 28 GDPR, these may be recipients of your personal data. Further information on the use of processors and web services can be found in the overview of the individual processing operations.


Do you use Cookies?

Cookies are small text files that we send to the browser of your device and are stored there when you visit our website. As an alternative to using cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, however, enable us to carry out various analyses, so that we can, for example, recognize the browser you are using when you visit our website again and transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our Internet offering more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your device. They cannot run programs and do not contain viruses.

We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information about the cookies used can be found in the cookie settings or in the Consent Manager of this website.

What rights do I have?

Under the conditions of the legal provisions of the General Data Protection Regulation (GDPR), you as a data subject have the following rights:

  • Information (in accordance with Art. 15 GDPR) about the data stored about you in the form of meaningful information on the details of the processing as well as a copy of your data.
  • Correction (in accordance with Art. 16 GDPR) of incorrect or incomplete data stored by us.
  • Deletion (in accordance with Art. 17 GDPR) of the data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
  • Restriction of processing (in accordance with Art. 18 GDPR) if the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you refuse its deletion because you need it to assert, exercise or defend legal claims or you have raised an objection to the processing in accordance with Article 21 of the GDPR.
  • Data portability (in accordance with Article 20 of the GDPR), as long as you provide us with personal data within the scope of your consent in accordance with Article 6 Paragraph 1 Letter a of the GDPR and Section 25 Paragraph 1 of the TDDDG or on the basis of a contract in accordance with Article 6 Paragraph 1 b) GDPR and these were processed by us using automated procedures. You will receive your data in a structured, common and machine-readable format or we will transmit the data directly to another person responsible, as long as this is technically feasible.
  • Objection (in accordance with Art. 21 GDPR) against the processing of your personal data, provided that this is based on Art. 6 Par. 1 e) or f) of the GDPR and there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. The right to object does not exist if there are predominantly compelling and legitimate reasons for the processing or if the processing is carried out to assert, exercise or defend legal claims. If there is no right to object to individual processing operations, this is stated there.
  • Revocation of your consent (in accordance with Article 7 Paragraph 3 of the GDPR) with effect for the future.
  • Complaint (in accordance with Art. 77 GDPR) to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority at your usual place of residence, your place of work or our company headquarters.

How is my data processed, in detail?

Following we will inform you about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.


Provision of the Website

Type and extent of processing

When you access and use our website, we collect personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Our website is not hosted by us, but by a service provider who processes data on our behalf for the above purposes in accordance with Art. 28 GDPR.


Purpose and Legal Basis

The processing is carried out to protect our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Article 6 (f) GDPR. The collection of data and storage in log files is absolutely necessary for the operation of the website. There is no right to object to processing due to the exception under Article 21 (1) GDPR. To the extent that further storage of log files is required by law, processing is carried out on the basis of Art. 6 Para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, although accessing our website is technically not possible without providing the data.


Storage Period

The aforementioned data will be stored for the duration of the website display and, for technical reasons, for a maximum of 7 days.



Contact form

Type and Extent of Processing

On our website we offer you the opportunity to contact us using the form provided. The information collected via mandatory fields is required to process the request. In addition, you can voluntarily provide additional information that you believe is necessary to process the contact request. When you use the contact form, your personal data will not be passed on to third parties.


Purpose and Legal Basis

The processing of your data by using our contact form is carried out for the purpose of communicating and processing your request based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TDDDG. If your request relates to an existing contractual relationship with us, the processing will be carried out for the purpose of fulfilling the contract on the basis of Article 6 (1) (b) GDPR. There is no legal or contractual obligation to provide your data, but processing your request is not possible without providing the information in the mandatory fields. If you do not wish to provide this information, please contact us by other means.


Storage Period

If you use the contact form, based on your consent we will store the data collected for each request for a period of three years, starting with the completion of your request or until you revoke your consent. If you use the contact form as part of a contractual relationship, we will store the data collected for each inquiry for a period of three years from the end of the contractual relationship.


Contact Form for Applicants

Type and Extent of Processing

We collect and process the personal data of applicants. Corresponding data processing can also take place electronically, for example when applicants submit application documents to us by email or via a web form on our website. On our website we offer you the opportunity to send us applications for advertised job vacancies by email. Your data will only be stored in an applicant database beyond the current application process if you have given us your specific consent to do so.


Purpose and Legal Basis

Your data will be processed in connection with your application for the purpose of processing your application and deciding on the establishment of an employment relationship on the basis of Section 26 BDSG. If your application documents are passed on to third parties, in particular to companies affiliated with us, or if your data is stored beyond the current application process, your data will be processed on the basis of Article 6 Paragraph 1 Sentence 1 Letter a GDPR. There is no legal or contractual obligation to provide your data, but processing your application is not possible without providing the information.

Storage Period

We store the data collected for a period of six months from the date the position was filled.


Presence on Social Media Platforms

We maintain so-called fan pages or accounts or channels on the following networks, in order to provide you with information and offers within social media and to offer you other ways to contact us and find out about our offers. Below we will inform you about which of your data we or the respective social network process in connection with the access and use of our fan pages/accounts.


Data that We Process About You

If you would like to contact us via messenger or direct message via the respective social network, we will usually process your user name, which you use to contact us, and may store other data you have provided to the extent necessary to process/answer your request is. The legal basis is Article 6 Paragraph 1 Sentence 1 f) GDPR (processing is necessary to protect the legitimate interests of the person responsible).

(Static) User Data that We Receive from Social Networks

We receive automated statistics regarding our accounts via Insights functionalities. The statistics include, among other things, the total number of page views, “likes” information, information about page activity and post interactions, reach, video views/views and information about the proportion of men/women among our fans/followers. The statistics only contain aggregated data that cannot be related to individual people. You cannot be identified by us in this way.


Data the Social Networks Process About You

In order to view the contents of our fan pages or accounts, you do not have to be a member of the respective social network and a user account for the respective social network is not required. Please note, however, that when you access the respective social network, the social networks also collect and store data from website visitors without a user account (e.g. technical data in order to be able to show you the website) and use cookies and similar technologies, over which we have no influence. For details, please refer to the privacy policy of the respective social network (see the relevant links above).

If you want to interact with the content on our fan pages/accounts, e.g. comment on, share or like our postings/contributions and/or want to contact us via messenger functions, you must first register with the respective social network and the Providing personal data required. We have no influence on the data processing by the social networks when you use them. To the best of our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of usage behavior (using cookies, pixels/web beacons and similar technologies) on the basis of which advertising based on your interests is produced is played out both within and outside of the respective social network. It cannot be ruled out that your data will also be stored by social networks outside the EU/EEA and passed on to third parties.

Information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies as part of the registration and use of the social networks can be found in the data protection regulations/cookie guidelines of the social networks. There you will also find information about your rights and objection options.


Google Analytics

Type and Extent of Processing

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of times our online offering is accessed, sub-pages visited and the length of time visitors stay. Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users. This information is used, among other things, to compile reports on website activity.

Purpose and Legal Basis The use of Google Analytics is based on your consent in accordance with Art. 6 Para. 1 lit. a. GDPR and Section 25 Paragraph 1 TDDDG. We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA takes place in accordance with Article 45 Para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are registered under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) certified. In cases where there is no adequacy decision from the European Commission (including US companies that are not certified according to the EU-U.S. DPF), we have agreed other appropriate guarantees with the recipients of the data within the meaning of Art. 44 ff. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can download a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE. In addition, before such a third country transfer, we obtain your consent in accordance with Article 49 Paragraph 1 Sentence 1 Letter a. GDPR, which you give via consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that there are unknown risks in third country transfers (e.g. data processing by security authorities in the third country, the exact extent of which and the consequences for you we do not know, over which we have no influence and of which you may not become aware) can exist.

Storage Period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the data protection declaration for Google Analytics: https://policies.google.com/privacy.


Google CDN

Type and Extent of Processing

We use Google CDN to properly provide the content of our website. Google CDN is a service provided by Google Ireland Limited, which acts as a content delivery network (CDN) on our website. A CDN helps to provide the content of our online offering, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. By accessing this content, you connect to servers at Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google CDN.


Purpose and Legal Basis

The use of the content delivery network is based on our legitimate interests, i.e. interest in secure and efficient provision as well as the optimization of our online offering in accordance with Art. 6 Para. 1 lit. f. GDPR.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA takes place in accordance with Article 45 Para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are registered under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) certified.

In cases where there is no adequacy decision from the European Commission (including US companies that are not certified according to the EU-U.S. DPF), we have agreed other appropriate guarantees with the recipients of the data within the meaning of Art. 44 ff. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can download a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/ DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE. In addition, before such a third country transfer, we obtain your consent in accordance with Article 49 Paragraph 1 Sentence 1 Letter a. GDPR, which you give via consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that there are unknown risks in third country transfers (e.g. data processing by security authorities in the third country, the exact extent of which and the consequences for you we do not know, over which we have no influence and of which you may not become aware) can exist.


Storage Period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google CDN: https://policies.google.com/privacy.


Google Tag Manager

Type and Extent of Processing

We use the Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through one interface and allows us to control the precise integration of services on our website. This allows us to flexibly integrate additional services to evaluate user access to our website.


Purpose and Legal Basis

The use of Google Tag Manager is based on your consent in accordance with Article 6 Paragraph 1 Letter a. GDPR and Section 25 Paragraph 1 TDDDG. We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA takes place in accordance with Article 45 Para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are registered under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) certified.

In cases where there is no adequacy decision from the European Commission (including US companies that are not certified according to the EU-U.S. DPF), we have agreed other appropriate guarantees with the recipients of the data within the meaning of Art. 44 ff. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can download a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/ DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE. In addition, before such a third country transfer, we obtain your consent in accordance with Article 49 Paragraph 1 Sentence 1 Letter a. GDPR, which you give via consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that there are unknown risks in third country transfers (e.g. data processing by security authorities in the third country, the exact extent of which and the consequences for you we do not know, over which we have no influence and of which you may not become aware) can exist.


Storage Period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the data protection declaration for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.


Google reCAPTCHA

Type and Extent of Processing

We have integrated Google reCAPTCHA components on our website. Google reCAPTCHA is a service provided by Google Ireland Limited and allows us to distinguish whether a contact request comes from a natural person or is done automatically using a program. When you access this content, you connect to servers at Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user’s dwell time and mouse movements in order to distinguish automated requests from human ones. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google reCAPTCHA.


Purpose and Legal Basis

The use of Google reCAPTCHA is based on your consent in accordance with Art. 6 Para. 1 lit. a. GDPR and Section 25 Paragraph 1 TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA takes place in accordance with Article 45 Para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are registered under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) certified.

In cases where there is no adequacy decision from the European Commission (including US companies that are not certified according to the EU-U.S. DPF), we have agreed other appropriate guarantees with the recipients of the data within the meaning of Art. 44 ff. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can download a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE. In addition, before such a third country transfer, we obtain your consent in accordance with Article 49 Paragraph 1 Sentence 1 Letter a. GDPR, which you give via consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that there are unknown risks in third country transfers (e.g. data processing by security authorities in the third country, the exact extent of which and the consequences for you we do not know, over which we have no influence and of which you may not become aware) can exist.


Storage Period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.