Privacy Statement
1. Data protection is important to us
Name and contact details of the data controller in accordance with Art. 4 para. 7 GDPR
M+M Turbinen-Technik GmbH
Röntgenstraße 30
32107 Bad Salzuflen, Germany
Phone: +49 5221 12236 – 0
Fax: +49 5221 12236 – 99
E-mail: info@turbinen-technik.de
Responsible for data protection:
M+M Turbinen-Technik GmbH
Röntgenstraße 30
32107 Bad Salzuflen, Germany
Phone: +49 5221 12236 – 0
Fax: +49 5221 12236 – 99
E-mail: datenschutz@turbinen-technik.de
2. Security and protection of your personal data
We consider it our primary task to maintain the confidentiality of the personal data you provide and to protect them from unauthorised access. That is why we take the utmost care and apply the latest security standards to ensure maximum protection of your personal data.
As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the provisions of the German Federal Data Protection Act (BDSG). We have adopted technical and organisational measures to ensure that data protection regulations are observed both by us and by our external service providers.
3. Definitions
The legislator requires that personal data be processed in a lawful manner, in good faith and in a manner that is comprehensible to the data subject (“lawfulness, processing in good faith, transparency”). In order to ensure this, we provide you with information about the specific legal definitions that are also used in this privacy policy:
Personal data
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Processing
“Processing” is any process carried out, with or without the aid of automated processes, or any such series of processes in connection with personal data, such as collecting, recording, organising, ordering, storing, adapting or changing, reading out, retrieval, use, disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.
Restriction of processing
“Restriction of processing” is the marking of stored personal data with the aim of restricting their future processing.
Profiling
“Profiling” is any type of automated processing of personal data consisting of using these personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning said natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation
“Pseudonymisation” is the processing of personal data in such a way that they can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data cannot be attributed to an identified or identifiable natural person.
File system
A “file system” is any structured collection of personal data that is accessible according to certain criteria, whether that collection is centralised, decentralised, or organised according to functional or geographical considerations.
Data controller
The “data controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data processors
A “data processor” is a natural or legal person, public authority, institution or other body who/which processes personal data on behalf of the data controller.
Recipient
The “recipient” is a natural or legal person, public authority, institution or other body to whom or to which personal data are disclosed, whether or not they are third parties. Authorities which may receive personal data under Union or national law in connection with a particular investigation mandate are not considered to be recipients; the processing of such data by said authorities shall be in accordance with the applicable data protection rules in accordance with the purposes of the processing.
Third parties
A “third party” is a natural or legal person, public authority, institution or other body other than the data subject, the data controller, the data processor and the persons authorised to process the personal data under the direct responsibility of the data controller or data processor.
Consent
“Consent” of the data subject means any freely given, specific, informed and unambiguous declaration of intent made by the data subject for the specific case, in which the data subject indicates that they agree to the processing of their personal data.
4. Lawfulness of processing
The processing of personal data is only lawful if there is a legal basis for the processing. In accordance with Art. 6 para. 1 lit. a - f GDPR, the legal bases for data processing can specifically include:
- The data subject has given consent to the processing of their personal data for one or more specific purposes;
- The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures that are taken at the request of the data subject;
- The processing is necessary for compliance with a legal obligation to which the data controller is subject;
- The processing is necessary to protect the vital interests of the data subject or another natural person;
- The processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been delegated to the data controller;
- The processing is necessary to safeguard the legitimate interests of the data controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.
5. Lawfulness of processing
- In the following, we provide information on the collection of personal data when using our website. “Personal data” include any data that personally relate to you, e.g. name, address, email addresses, user behaviour.
- When you contact us via email or by means of a contact form, the information you provide (your email address, your name and telephone number if applicable) shall be stored by us in order to answer your questions. We shall delete the data collected in this context after their storage is no longer required, or otherwise limit their further processing insofar as legal storage requirements exist.
Collection of personal data when visiting our website
If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data which your browser transmits to our server. If you wish to view our website, we collect the following data which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 para. 1 sent. 1 lit. f GDPR):
- IP address
- Date and time of request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Request status/HTTP status code
- Amount of data transmitted
- Website making the request
- Browser
- Operating system and device
- Language and version of the browser software.
Use of cookies
- In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in association with the browser you are using and by which the body which sets the cookie receives certain information. Cookies cannot run programmes or transmit viruses to your computer. They serve to make our website more user-friendly and effective.
- This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (see a.)
- Persistent cookies (see b.).
- Transient cookies are automatically deleted when you close the browser. In particular, these include session cookies. These store a so-called session ID with which various requests from your browser can be assigned to the common session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
- Persistent cookies are automatically deleted after a specified period which may differ depending on the cookie. You can delete the cookies stored on your computer at any time by means of the security settings of your browser.
- You can configure your browser settings according to your wishes and,
for example, reject the acceptance of third-party cookies or all cookies. So-called ”third-party cookies” are cookies set by a third party, and therefore not by the actual website you are currently on. Please note that by deactivating cookies you may not be able to use all functions of this website.
6. Additional features and offers of our website
- In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you must provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.
- In some cases, we will use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly audited.
- Furthermore, we may disclose your personal data to third parties if we offer promotions, competitions, contracts or similar services in collaboration with partners. For more information, please provide your personal data or see the description of the offer below.
- If our service providers or partners are located in a country outside the European Economic Area (EEA), we shall inform you of the consequences of this circumstance in the description of the offer.
7. Children
Our offer is fundamentally aimed at adults. Persons under 18 years of age should not send us any personal data without the consent of their parents or legal guardians.
8. Rights of the data subject
(1) Revocation of consent
Insofar as the processing of your personal data is based on your consent, you have the right to revoke your consent at any time. Revocation of consent does not affect the legality of processing carried out on the basis of the consent up to the point of revocation.
You can contact us at any time to exercise your right of revocation.
(2) Right to confirmation
You have the right to request confirmation from the data controller as to whether we are processing personal data relating to you. You can request confirmation at any time using the aforementioned contact details.
(3) Right to information
If your personal data are being processed, you can request information about these personal data and the following points at any time:
- The purposes for which the data are being processed;
- The categories of personal data being processed;
- The recipients or categories of recipients to whom the personal data have been or are being disclosed, in particular, recipients in third countries or international organisations;
- If possible, the planned duration for which the personal data shall be stored, or, if this is not possible, the criteria for determining this duration;
- The existence of your right to have personal data corrected or deleted, or to restrict the extent to which they can be processed by the data controller, or to object to their processing;
- The existence of your right to lodge a complaint with the relevant supervisory authority;
- If the personal data are not collected from the data subject, all available information about the origin of the data;
- The existence of automated decision-making including profiling in accordance with Art. 22 paras. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
If personal data are transferred to a third country or to an international organisation, in accordance with Art. 46 GDPR you have the right to be informed of the appropriate guarantees in relation to the transfer. We provide a copy of the personal data that are subject to processing. For any additional copies you request, we may charge a reasonable fee based on administrative costs. If you submit the application electronically, the information must be made available in a common electronic format, unless otherwise specified. The right to receive a copy in accordance with para. 3 shall not affect the rights and freedoms of any other person.
(4) Right to rectification
You have the right to request us to rectify any incorrect personal data concerning you without delay. Taking into account the purposes of the data processing, you also have the right to demand the completion of your incomplete personal data – also by means of a supplementary statement.
(5) Right to deletion (“Right to be forgotten”)
You have the right to request that the data controller delete personal data concerning you immediately, and we are obliged to delete personal data immediately if one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- The data subject revokes their consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
- The data subject objects to the processing in accordance with Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Art. 21. para. 2 GDPR.
- The personal data have been unlawfully processed.
- Deletion of the personal data is necessary to fulfil a legal obligation under Union or Member State law to which the data controller is subject.
- The personal data were collected in relation to services provided by the Information Society in accordance with Art. 8 para. 1 GDPR.
In the event that the data controller has made personal data public and is obliged to delete such personal data in accordance with Art. 1 para. 1 GDPR, then the data controller will take the appropriate measures to inform other data processors involved in processing the disclosed personal data that a request has been made to delete all links to the personal data, as well as to delete all copies or replications of the personal data. Such measures include measures of a technical nature, taking into account the available technology and the implementation costs.
The right to deletion (“right to be forgotten”) does not exist if the data processing is necessary:
- To exercise the right to freedom of expression and information;
- To fulfil a legal obligation requiring the data to be processed under the law of the Union or the Member States to which the data controller is subject, or to perform a task in the public interest, or in the exercise of official authority delegated to the controller;
- For reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
- For archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the law referred to in para. 1 is likely to render impossible or seriously prejudice the achievement of the objectives of such processing, or
- To assert, exercise or defend legal claims;
(6) Right to restriction of processing
You have the right to request us to restrict processing if one of the following conditions is met:
- The data subject disputes the correctness of the personal data and the data controller is granted sufficient time to verify whether the data are correct or not;
- The processing is unlawful and the data subject refuses to have the personal data deleted and instead requests that their use be restricted;
- The data controller no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims, or
- The data subject has lodged an objection to the processing in accordance with Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate grounds of the data controller override those of the data subject.
If the processing of personal data has been restricted in accordance with the above conditions, such data, with the exception of storage, may only be processed with the consent of the data subject or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
In order to assert the right to restrict processing, the data subject can contact us at any time using the contact details provided above.
(7) Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, current and machine-readable format, and you have the right to transmit these data to another data controller without our interference, provided that:
- The processing is based on consent granted in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a or on a contract in accordance with Art. 6 para. 1 lit. b GDPR and
- The processing is carried out using automated methods.
Furthermore, when exercising your right to data portability, according to Paragraph 1, you have the right to have the personal data transmitted directly from one data controller to another, where technically feasible. Exercising your right to data portability does not affect your right to deletion (“right to be forgotten”). This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority that has been delegated to the data controller.
(8) Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. The data controller shall no longer process personal data unless they can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling in so far as it is related to direct marketing of this type. If you object to the processing of your personal data for direct marketing purposes, we shall no longer process your personal data for these purposes.
In relation to the use of services provided by the Information Society and notwithstanding Directive 2002/58/EC, you also have the opportunity to exercise your right to object by means of automated procedures using technical specifications.
You have the right, for reasons arising from your particular situation, to object to the processing of your personal data for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless the processing is necessary to fulfil a task in the public interest. You can exercise your right to object at any time by contacting the data controller.
(9) Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which has legal effect on you or significantly affects you in a similar manner. This does not apply if the decision:
- Is necessary for the conclusion or performance of a contract between the data subject and the data controller,
- Is permitted on the basis of legal provisions of the Union or the Member States to which the data controller is subject and these legal provisions contain appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject or
- Is carried out with the express consent of the data subject.
The data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express a point of view and to contest the decision.
The data subject can exercise this right to object at any time by contacting the data controller.
(10) Right to lodge a complaint with a supervisory authority
As the data subject you also have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of your personal data infringes this regulation.
(11) Right to an effective judicial remedy
You have the right to an effective judicial remedy, without prejudice to any available administrative or extrajudicial remedy, including the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR, if you believe that the rights to which you are entitled under this regulation have been infringed as a result of the processing of your personal data not being in accordance with this regulation.