Privacy policy
A.General provisions concerning data processing on our website
1. Scope of this privacy policy
We, Pekrun Getriebebau GmbH (hereinafter ‘PEKRUN’), welcome your interest in our internet presence and the services provided on our website.
The protection of your personal data is an important matter that Pekrun Getriebebau GmbH takes very seriously. Accordingly, we have created this privacy policy document, which gives you full details of the types of data collected when you visit our internet presence and how this data is then processed or utilised. In addition, we also inform you about the accompanying protective mechanisms that we have put in place, from both a technical and an organisational perspective.
The processing of personal data – such as the name, address, email address or phone number of a data subject – is carried out at all times in accordance with applicable data protection regulations. We are providing you with this privacy policy to inform you about the nature, scope and purpose of the personal data that we collect, use and process, and to provide you with the information that you need to know as a data subject.
While we have taken appropriate technical and organisational steps as the data controller responsible for the processing of personal data, internet-based data transmission may involve inherent vulnerabilities that make it impossible to provide complete protection against relevant risks. We would ask you to remember this when using the website.
2. Definitions
This privacy policy uses certain terms that have been defined in the relevant legislation, known as the EU General Data Protection Regulation (hereinafter ‘GDPR’). You can use the following link to access the text of the GDPR:
http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&from=DE
Our privacy policy aims to provide you with a clear and straightforward description of how your personal data is processed by our website.
3. Name and address of the data controller
The controller in the sense defined by the GDPR is:
Pekrun Getriebebau GmbH
Köbbingser Mühle 14
58640 Iserlohn
Phone: +49 2371 945-0
Fax: +49 2371 945-299
Email: info@pekrun.de
4. Contact details for our Data Protection Officer
Pekrun Getriebebau GmbH
– Data Protection Officer –
Köbbingser Mühle 14
58640 Iserlohn
Phone: +49 2371 945-201
Email: datenschutzbeauftragter@pekrun.de
5. Routine erasure and restriction of personal data
We process and store personal data from data subjects only for the period of time that is required to achieve the purpose for which storage was performed or for the period that is permitted or necessary according to applicable law. If the storage purpose is no longer applicable or a legally prescribed retention period has expired, personal data is routinely restricted or erased in accordance with the provisions of the law.
6. Rights of the data subject
6.1. Right of confirmation
Every data subject is granted the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed. If a data subject wishes to exercise this right of confirmation, he or she may contact us for this purpose at any time.
6.2. Right of access
A data subject whose personal data is processed is granted the right, which may be exercised at any time and at no cost to the data subject, to obtain information from us about the personal data concerning him or her that is stored, and to obtain a copy of this information. Moreover, the data subject is granted the right of access to information about
– the purposes of the processing;
– the categories of personal data concerned;
– the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
– where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
– the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
– the right to lodge a complaint with a supervisory authority;
– where personal data have not been obtained from the data subject: Any available information as to the source of the data
– the existence of automated decision-making, including profiling, referred to in Articles 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Moreover, the data subject has the right to be informed of whether personal data has been transferred to a third country or an international organisation. If this is the case, the data subject also has the right to be informed of the appropriate safeguards relating to that transfer.
If a data subject wishes to exercise this right of access, he or she may contact us or our Data Protection Officer for this purpose at any time.
6.3. Right to rectification
A data subject whose personal data is processed is granted the right to obtain the rectification of inaccurate personal data concerning him or her without undue delay. Moreover, and taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, by means of providing a supplementary statement. If a data subject wishes to exercise this right of rectification, he or she may contact us or our Data Protection Officer for this purpose at any time.
6.4. Right to erasure
A data subject whose personal data is processed is granted the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, if one of the following grounds applies and where processing is not necessary:
– The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
– The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
– The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
– The personal data has been unlawfully processed.
– The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
– The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
– If one of the abovementioned reasons is applicable and a data subject wishes to exercise this right to the erasure of personal data that PEKRUN has stored, he or she may contact our Data Protection Officer or another employee for this purpose at any time. We will then arrange for this erasure request to be honoured without undue delay.
If PEKRUN has made the personal data public and our company is obliged as the controller pursuant to Article 17(1) of the GDPR to erase the personal data, and processing of the personal data is not necessary, then we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers who are processing the published personal data that the data subject has requested the erasure by such other controllers of any links to, or copy or replication of, this personal data. We will make the necessary arrangements on a case-by-case basis.
6.5 Right to restriction of processing
A data subject whose personal data is processed is granted the right to obtain from the controller restriction of processing where one of the following conditions applies:
– The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
– The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
– The controller no longer needs the personal data for the purposes of the processing, but the data is required by the data subject for the establishment, exercise or defence of legal claims.
– The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.
If one of the above cases applies and a data subject wishes to exercise this right to the restriction of personal data that PEKRUN has stored, he or she may contact us or our Data Protection Officer for this purpose at any time. We will then make arrangements to enforce the restriction of processing.
6.6 Right to data portability
A data subject whose personal data is processed is granted the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. Moreover, this data subject also has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where: (a) the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and (b) the processing is carried out by automated means. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Moreover, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible, and where exercising this right of data portability does not adversely affect the rights and freedoms of others. If a data subject wishes to exercise this right to data portability, he or she may contact us or our Data Protection Officer for this purpose at any time.
6.7 Right to object
A data subject whose personal data is processed is granted the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.
In the event of such an objection, PEKRUN will no longer process the personal data unless we are able to demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or which are required for the establishment, exercise or defence of legal claims.
Where PEKRUN processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to our processing for direct marketing purposes, we will no longer process the personal data for such purposes.
Where we process personal data for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, the data subject, on grounds relating to his or her particular situation, also has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise this right to object, the data subject can contact us directly at any time. Moreover, the data subject may, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, exercise his or her right to object by automated means using technical specifications.
6.8 Automated individual decision-making, including profiling
According to the law of the European Union, a data subject whose personal data is processed is granted the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This provision does not apply if this decision
– is necessary for entering into, or performance of, a contract between the data subject and a data controller;
– is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests; or
– is based on the data subject’s explicit consent.
If the decision is
– necessary for entering into, or performance of, a contract between the data subject and a data controller; or
– is based on the data subject’s explicit consent, PEKRUN will implement suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to exercise rights related to automated decision-making, he or she may contact us or our Data Protection Officer for this purpose at any time.
6.9 Right to withdraw consent given under data protection law
A data subject whose personal data is processed is granted the right to withdraw consent he or she has given for the processing of personal data at any time. If the data subject wishes to exercise this right to withdraw consent, he or she may contact us for this purpose at any time. Any data subject may contact us directly at any time with any questions or feedback in relation to data protection.
6.10 Right to lodge a complaint with a supervisory authority
A data subject whose personal data is processed is granted the right to lodge a complaint with a supervisory authority concerning our processing of their personal data.
7. Legal basis for the processing of personal data
In cases involving data processing where we do not refer to the applicable legal framework explicitly, the following applies:
Point (a) of Article 6(1) of the GDPR serves PEKRUN as the legal basis for processing operations where our company must seek consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, the legal basis for this processing is considered to be point (b) of Art. 6(1) of the GDPR. The same applies to the kinds of processing operations required in order to take steps prior to entering into a contract, such as enquiries concerning our products or services. If PEKRUN must process personal data in order to remain compliant with a legal obligation to which it is subject, the legal basis for this processing is considered to be point (c) of Art. 6(1) of the GDPR. In rare cases, processing of personal data may be necessary in order to protect the vital interests of the data subject or of another natural person. In this case, the legal basis for processing is point (d) of Art. 6(1) of the GDPR. Lastly, point (f) Art. 6(1) of the GDPR may also offer a legal basis for processing operations. This legal basis applies to processing operations that are not covered by any of the aforementioned legal bases, and where processing is necessary to protect the legitimate interests of PEKRUN or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are permitted in particular to carry out these kinds of processing operations, because they are mentioned specifically in EU law (cf. Recital 47(2) of the GDPR).
8. Accounting for legitimate interests
If the processing of personal data is based on point (f) of Art. 6(1) of the GDPR, the legitimate interest of PEKRUN in this case is the pursuit of our business interests, assuming that no other reason is stated for the processing of personal data in question.
9. Retention periods for personal data
In the absence of another statement concerning retention periods for personal data made in relation to a specific case of data processing, the following provisions apply.
The applicable statutory retention period is definitive in terms of the duration of the storage of personal data for the purpose of asserting claims arising from a contract. After this period expires, the corresponding data will be routinely erased unless the data continues to be required for the fulfilment or initiation of a contract.
Other than this, we process personal data only for the purpose either communicated to or clearly identifiable by the data subject – such as to reply to a question submitted to us by our contact form. We will delete the data collected in this way once we no longer need to store it for the fulfilment of this purpose.
10. Data protection for applications and the application procedure
We collect and process personal data from applicants for the purposes of completing the application procedure. Processing may also involve electronic channels – such as when an applicant sends us the corresponding application documents via some electronic means, such as by email or via the contact form on our website. If we conclude an employment contract with an applicant, the data transferred for the purposes of establishing this employment relationship will be stored in accordance with the provisions of the law. If the controller does not conclude an employment contract with the applicant, the application documents will be deleted two months after announcing the decision to reject the candidate, unless the controller has other legitimate interests that would oppose this deletion. In this context, a ‘legitimate interest’ could be constituted by the need to provide evidence in a process based on the German General Equal Treatment Act (AGG), for example.
11. Changes to this privacy policy
PEKRUN reserves the right to make changes to this privacy policy at any time with future effect. The latest version is always available on our website. Please visit our website at regular intervals to inform yourself of the provisions in our current privacy policy.
B. Special provisions concerning data processing on our website
1. Collection of personal data when visiting our website
(1) When simply using our website to obtain information – i.e. if you are not registering for an account or otherwise providing us with any other information – we collect only the personal data that your browser sends to our server. When you view our website, we collect the following data that is technically required in order to display our website to you, and to ensure its stability and security (the legal basis here is provided by point (f) of GDPR art. 6(1)):
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (actual page)
– Access status/HTTP status code
– Data volume transferred
– Website from which the request was made
– Browser
– Operating system and its interface
– Browser software language and version
(2) In addition to the data mentioned above, the use of our website also involves the storing of cookies on your computer. These ‘cookies’ are small text files that are saved to your hard disk and associated with the web browser you are using, and which allow the site setting the cookie (here: our website) to store certain items of information for later use. Cookies are not able to execute programs or transfer viruses to your computer. They are used to make the website generally more user-friendly and efficient.
(3) Use of cookies:
- a) This website uses the following types of cookies, whose scope and basic working principles are explained below:
– Transient cookies (see b)
– Persistent cookies (see c)
- b) Transient cookies are deleted automatically when you close your browser. One kind of transient cookie is especially important: session cookies. These save a session ID, which can be used to assign various requests made by your browser to a common session. This enables your computer to be recognised if you revisit our website. Session cookies are deleted if you log out or close your browser.
- c) Persistent cookies are deleted automatically after a predefined period of time, which may differ, depending on the cookie. You can delete these cookies at any time by using the security settings in your web browser.
- d) You can configure your browser settings according to your requirements. This can include refusing to accept third-party cookies – or all cookies, for example. If you do so, please be advised that this may prevent you from using all of the features offered by this website.
12. Google Analytics
On the basis of our legitimate interest in the analysis, optimisation and cost-effective operation of our online presence, in the sense defined by point (f) of Art. 6(1) of the GDPR, we utilise Google Analytics, a web analysis service from Google Inc. (‘Google’) (Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA).
Google uses cookies. The information generated by the cookie about the use of the online presence by the user is usually transferred to a Google server in the US and stored there.
Google is certified under the Privacy Shield agreement and therefore offers a guarantee to comply with European data protection law:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google uses this information on our behalf to analyse the use of our online presence by the user, to compile reports about the activities completed within this online presence, and to provide us with other services associated with the use of this online presence and the internet in general. This can result in the creation of pseudonymous user profiles from the data so processed.
We deploy Google Analytics in order to display adverts posted by means of advertising services provided by Google and its partners only to those users who have shown an interest in our online presence or who exhibit certain characteristics (such as an interest in certain topics or products that can be determined by the websites visited) that we communicate to Google (also known as remarketing and involving Google Analytics ‘audiences’). With the aid of these remarketing audiences, we also wish to ensure that our adverts meet the potential interest of our users and are not annoying or burdensome.
Our use of Google Analytics includes the functions provided by Universal Analytics. Universal Analytics permits us to analyse the activities on our sites across different device formats (e.g. for accesses made with a laptop and then using a tablet). This is made possible by assigning a pseudonymous user ID to a user. This kind of assignment is made when you register for a user account, for example, or when you log in to your user account. Please note that no personal data is transferred to Google, however. While Universal Analytics involves more functionality being added to Google Analytics, this does not mean that it also brings in limitations to measures taken to protect data, such as IP masking or the browser add-on.
We use Google Analytics only with activated IP address anonymisation. This means that the user’s IP address will be shortened by Google within member states of the European Union or another state party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and truncated there.
The IP address provided by the user’s browser is not aggregated by Google with other data. Users can prevent the storage of the cookie by configuring an appropriate setting in their browser software; users can also prevent the recording and transmission of data generated by the cookie in relation to their use of the online presence to Google and the processing of this data by Google by downloading and installing the browser plugin available from the following link:
http://tools.google.com/dlpage/gaoptout?hl=de
For more information about data usage by Google, as well as options for configuring or withdrawing consent for such usage, please visit:
https://www.google.com/intl/de/policies/privacy/partners
https://policies.google.com/technologies/ads
https://adssettings.google.com
13. Sharing of your personal data/recipients and categories of recipients
We do not share your personal data with third parties except in cases where you have agreed to this sharing of data or where the provisions of the law and/or administrative orders or court orders entitle or require us to share data in this way. Such cases may involve, in particular, providing information for the purposes of criminal prosecution, to avert a danger or to enforce intellectual property rights.
If we share your data with a data processor, e.g. for the purpose of sending out an information pack as requested, we select these processors very carefully and have them sign contracts that oblige them to implement the necessary technical and organisational measures to ensure the security of such processing according to Art. 32 of the GDPR.