Privacy Statement | Wilhelm Julius Teufel GmbH

Responsible Party for this Website:
The party responsible for this website according to the General Data Protection Regulation (GDPR), the Federal Data Protection Act and other data protection regulations is:

Wilhelm Julius Teufel GmbH
Robert-Bosch-Straße 15
73117 Wangen
Germany

Phone: +49 7161 15684-0
Fax: +49 7161 15684-333

Email: info@teufel-international.com
Website: www.teufel-international.com

Name and Email-Address of the Data Security Official:

Oliver Schellbach
Email: datenschutz@teufel-international.com

Types of Processed Data

On this website we process:

Inventory data (e.g. names, addresses).
Contact details (e.g., email, phone numbers).
Content data (e.g., text entered, photographs, videos).
Usage data (e.g. webpages visited, interest in content, access times).
Metadata /communication data (e.g. device information, IP addresses).

Purpose and Legal Basis of Data Processing
If we seek the data subject’s consent for processing of personal data, the regulation under Art.6 (1) (a) GDPR is the legal basis.

If the processed data are required to fulfil a contract to which the data subject is party, the regulation under Art.6 (1) (b) GDPR is the legal basis. This is also the case for processing procedures in order to take steps at the request of the data subject prior to entering into a contract.

If it is necessary to process personal data for compliance with a legal obligation to which our company is subject, the regulation under Art.6 (1) (c) GDPR is the legal basis.

If the processing of personal data is required to protect vital interests of the data subject or another natural person, the regulation under Art.6 (1) (d) GDPR is the legal basis.

If the processing of personal data is required to protect a legitimate interest by our company or by a third party, and if the interests, rights and freedoms of the data subject do not override the former interest, the regulation under Art.6 (1) (f) GDPR is the legal basis for the processing.

Safety Measures, Encryption
Taking into account the technical state of the art, the costs of implementation, and the nature, scope, context and purposes of data processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

Especially to protect the transmission of confidential content, like e.g. the inquiries sent to us by you, this website uses secure socket layer encryption (SSL). You can recognize an encrypted connection by the address bar of your internet browser changing from „http://“ to “https://”, and by the lock symbol in the address bar.

We also already consider the protection of personal data during the development and/or selection of hardware, software and processes, according to the data protection principle by design and default (Art. 25 GDPR).

Collaboration with Processors and Third Parties
If we disclose, transmit, or give access to any of the personal data processed by us to other persons or companies (processors or third parties), this will only be done on the basis of legal authorization (e.g. if data transmission to a third party, like a payment service provider, is required to fulfill a contract, according to Art. 6 (1) (b) GDPR), if you have agreed to it, if a legal obligation demands it, or if the data are transmitted based on our legitimate interests (e.g. when working with authorized persons, web hosts, etc.).

If we engage a third party to process data based on an agreement for processing, the legal basis is the regulation defined under Art.28 GDPR.

Data Transmission to Third Countries
If we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this is done in the context of the utilization of the services of a third party, or the disclosure or transmission of data to a third party, this will only take place if the processing of data serves the fulfilment of (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or based on our legitimate interests. Except when authorized by law or by a contract, we will only process data in a third country under the exceptional conditions described in Art.44 et sqq. DSGVO.

This means that data processing is only done based e.g. on special guarantees, like the officially recognized verification of a data protection level complying with the EU, or if officially recognized special contractual obligations (so-called “EU Standard Contractual Clauses”) are met.

Data Deletion and Duration of Data Storage
Personal data will be erased or blocked as soon as the purpose of the original storage ceases to exist, and no legal obligation to preserve data prohibits the deletion. Data may be stored longer if this is required by European or national law in EU legislation, laws or other regulations, to which the responsible party is subject.

If data are required for other legal purposes they will not be deleted but their processing will be limited, i.e. they will be blocked and not be used for any other purposes.

According to the regulation under §§ 147 para.1 of the German Fiscal Code, 257 para.1 No.1 and 4, para.4 German Commercial Code, the statutory retention period is 10 years, and it is six years according to the regulation under § 257 para.1 No.2 and 3, para.4 German Commercial Code. According to the regulation under § 195 German Civil Code the regular limitation period of claim is three years and commences by the end of the year in which the claim arose and the obligee obtains knowledge of the circumstances giving rise to the claim and of the identity of the obligor, or would have obtained such knowledge if he had not shown gross negligence.

Data will also be blocked or deleted if the retention period defined by the norms given above ends, unless further retention of these data is required for the formation or fulfillment of a contract.

Availability of the Website/ Server Log Files

Description and Extent of Processed Data
Every time you access our website, information transmitted to us from the computer accessing our website will be automatically stored. These data are:

Browser type and browser version
Operating system used
The user’s internet service provider
The user’s shortened IP address
Date and time of server request
Websites from which the user’s system accesses our website
Websites which are accessed by the user’s system from our website
Directory protection user
Status code
Data volume
User agent
Host name of the accessing computer

These data are stored in the log files (access-logs) of our system. The data will not be stored with other individual-related data about the user.

Apart from this, data will be stored in error logs, which record incorrect page views, and will be deleted after seven days. Apart from the particular error message, these error logs store the accessing (shortened) IP address of the user and, depending on the error, the website that was accessed.

The IP addresses will always be anonymized. To anonymize the IP addresses, the last two digits of the IP address will be removed, i.e. e.g. 127.0.0.1 then becomes 127.0.0.*. IPv6 addresses will also be anonymized. Data concerning the directory protection user will be anonymized after one day.

Legal Basis for Data Processing
The legal basis for the temporary data and log file storage is Art.6 (1) (f) GDPR.

Purpose of Data Processing
The temporary storage of shortened IP addresses is necessary to ensure that this website can be accessed by the user’s computer. For this purpose, the IP-address of the user has to be stored for the duration of the session.

Log files are stored to ensure the proper functioning of the website. In addition, we use data to optimize the website and to ensure the safety of our information technology systems. No data are processed for marketing purposes in this context.

The above mentioned purposes are the basis of our legitimate interest to process data according to Art.6 (1) (f) GDPR.

Duration of Data Storage
Data is deleted as soon as they are no more required for the fulfilment of the purpose of the storage. Data which were stored to ensure the proper access and functioning of the website will be deleted at the end of the particular session.

Data stored in log files will be deleted after a maximum of two months. It is possible for data to be stored for more than two months. In this case, the IP addresses of the users will be deleted or anonymized, so the accessing client cannot be assigned to the IP address.

Objection or Disabling of Data Storage
The storage of data for proper website access and the storage of data in log files is obligatory for the proper functioning of the website. Users of our website cannot object to this.

Cookies
Cookies are small pieces of text that are transferred by a website to your computer’s hard drive. These can be either temporary session cookies, which are automatically deleted once you close your browser, or persistent or permanent cookies. A session cookie will e.g. store the content of a shopping cart. A permanent cookie will e.g. store the websites visited by you and their contents. These data then may be used for marketing purposes.

Third Party Cookies are cookies offered not by us, but by a third party. Some cookies (First Party Cookies) are cookies offered by us.

If you do not want any cookies to be stored on your device, you can configure your browser accordingly. Cookies that have already been stored can also be deleted in your browser settings. Disabling cookies may limit the functionality of our website.

You can object to the use of cookies by many online marketing tools, e.g. on the website www.youronlinechoices.eu. Please note that disabling cookies may limit the functionality of our website.

First Party Cookies
Our content management system sets a session cookie to your device once our website is accessed. This cookie is used to identify related requests from one user, and to assign them to one session.

In addition to this, the cookie „wordfence_verifiedHuman“ is used. This cookie is required to protect our website.

Third Party Cookies
We only use third party cookies by the web analytics tool Google Analytics. Further information on this can be found in the section on Google Analytics below.

Web Analytics Tools, Tracking Tools

Google Analytics
This website uses Google Analytics, a system for web analytics, from Google LCC (“Google”). Google uses cookies. Information about the use of our website produced by cookies is sent to a Google server in the USA and is stored there. Google is certified under the Privacy Shield Framework and hereby guarantees to meet the requirements of EU data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).Google uses information on our behalf to analyze the use of our website by visitors, to compile reports on the activities on our website, and to provide further services for us in connection with the use of our website. To do so, pseudonymous user profiles may be created from the processed data. We only use Google Analytics with activated IP-anonymization. That means that IP addresses of users inside the European Union or other States party to the Agreement on the European Economic Area are shortened by Google. Only in exceptional cases the full IP address is sent to a Google server in the US and is shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

You can prevent the use of Google Analytics cookies by selecting the according settings in your browser. Users may also prevent the storage and processing of data generated by the cookie and related to their use of online services and by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. For more information on data processing by Google, settings and objection options, read Google’s privacy protection information (https://policies.google.com/technologies/ads) and Google’s Ads Settings (https://adssettings.google.com/authenticated).

Apart from using the Browser Plug-In you can also click this link to disable the storage and processing of your data by Google Analytics for this website. An opt-out cookie will be set to prevent your data from being collected on future visits to this site. If you delete all your cookies you will have to click the above link again.

We use Google Analytics based on our legitimate interest in analyzing user behavior to optimize both our website and its economic use according to Art.6 (1) (f) GDPR. Due to the anonymization of IP addresses, the interests or basic rights and fundamental freedoms which require the protection of personal data also do not outweigh our legitimate interest.

The personal data of users will be deleted or anonymized after 14 months.

Videos on YouTube
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Further information about Google’s use of user data can be found in YouTube’s privacy protection information at https://www.google.de/intl/de/policies/privacy.

See https://adssettings.google.com/authenticated for further information on opting out of data processing through YouTube.

Google Maps
On the „Contact Us“ page of our website we use the Google Maps map service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use Google Maps, it may be necessary to save your IP address and location data. This data cannot be stored without your consent (usually through the according settings on your device).

Generally, this information may be transmitted to a Google server in the USA and stored there. Further information about handling user data, can be found in Google’s privacy protection information at https://www.google.de/intl/de/policies/privacy/.

See https://adssettings.google.com/authenticated. for information on opting out of data processing by Google Maps.

Social Media Plugins
We do not use any social media plug-ins for this website.

Contact via Email

Description and Extent of Data Processing

We show email addresses on several of our sites, so users can contract us.

Before sending any data we advise you of the regulations stated in this privacy protection statement. Alternatively, you can contact us via the email addresses given on our website. If you contact us via email, the personal data entered is used for processing your enquiry. In this context, we will not pass you data on to any third party. Your data will only be used to process your message.

Purpose of Data Processing
The personal data received through the input mask of our contact form will only be used to process you message. If you contact us via email, this also forms the basis of our legitimate interest in data processing. Other data processed during transmission are required to prevent any abuse of the contact form and to guarantee the safety of our IT systems.

The legal basis for data processing is Art.6 (1) (f) GDPR. If the user contacts us via email for measures preliminary to a contract, the basis for data processing is Art.6 (1) (b) GDPR.

“Jobs & Karriere”
On our page „Jobs & Karriere“, you can apply to job openings at Teufel. To do so, we ask you send your application documents to us, either by mail, or by email to the email addresses given on the website. Among the information we require from you are data such as your name, your contact data (physical address and/or email address) as well as a cover letter, your CV, and credentials. You can also send us more information on a voluntary basis.

If you send us your application via email, please note that emails are generally not encrypted, and data transmitted via the internet may be subject to security breaches. We cannot guarantee complete protection of your data from third-party access during transmission (from the sender to our mail server). Please encrypt you data adequately, or send your application documents by mail. We will only process the data sent to us for purposes of the application process.

By sending us your application, you allow us to use the data supplied by you for purposes of the application process, according to the extent specified in this privacy protection information.

The basis for processing application data is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract, as well as Art.6 (1) (f) GDPR and the regulations of § 26 BDSG, e.g. for legal disputes regarding the application.

If you voluntarily send us any special categories of personal data according to Art. 9 (1) GDPR during the application process, (e.g. data concerning your health, e.g. information on possible status of severe disability, or your ethnic background), we will process these data according to Art.9 (2) (b) GDPR.

If we ask for any special categories of personal data according to Art.9 (1) GDPR during the application process (e.g. data concerning your health, if these are required for the occupation), we will process these data according to Art.9 (2) (a) GDPR.

In case your application is successful, the data you sent us may be processed for purposes of your employment. If your application is not successful, we will delete your data. Your data will also be deleted if you withdraw your application, which you are authorized to do at any time.

Legitimate revocations reserved, the data will be deleted after a period of twelve months, so we will be able to answer possible follow-up questions concerning the application, and to meet the obligations to provide proof according to the equality act. Bills for possible travel expenses will be stored according to fiscal law.

Rights of the Data Subject
If your personal data is processed by us, you have the following rights according to the GDPR and the Federal Data Protection Act with respect to us as the party responsible for this website.

Right of access
You may request a statement from us on whether we process any personal data concerning you. If we do process such data, you have the right to request the following information from us:

(1) the purpose for which the personal data is processed,

(2) the categories of personal data that are processed

(3) the recipients or categories of recipients to whom your personal data have been or will be disclosed,

(4) the envisaged duration for which your personal data will be stored or, if this specific information cannot be given, criteria used for determining the duration of storage

(5) the existence of the right to rectification or erasure of your personal data, the right to restriction of the processing of your data by the responsible party, or to object to the processing of your data

(6) the existence of the right to lodge a complaint with a supervisory authority;

(7) all available information on the source of the data if the personal data are not collected from you as the data subject;

(8) the existence of an automated decision, including profiling, according to Art.22 (1) and (4) GDPR and, at least in those cases, significant information about the involved logic and the range and intended effects of such data processing for the data subject.

You have the right to request information about whether your personal data has been given to a third country or international organization. In this context you may request to be informed of the appropriate guarantees concerning the data transfer according to Art.46 GDPR.

Right to rectification
You have the right to rectification and/or completion if the processed personal data concerning you are incorrect or incomplete. We are obligated to rectify your data without undue delay.

Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:

(1) if you object to the accuracy of your personal data for a period of time that enables us to verify the accuracy of your personal data,

(2) if the processing is unlawful and you object to the deletion of the personal data and instead demand the restriction of the use of your personal data,

(3) we no longer need the personal data for the purposes of processing, but you need the data to establish, exercise or defend legal claims, or

(4) if you object to the processing and it is not yet clear whether the legitimate grounds of the responsible party override the reasons of the data subject.

If the processing of your personal data has been restricted, these data, apart from storing, may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the EU, or a member state.

If the restriction of the processing is in accordance with the conditions described above, you will be informed by the responsible party prior to the lifting of the restriction.

Right to erasure (“right to be forgotten”)
a) Obligation to Delete Data
You may demand from us that your personal data get deleted with immediate effect and we are required to delete these data immediately if any of the following reasons apply:

(1) Your personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(2) You revoke your consent upon which the processing was based according to Art.6 (1) (a) or Art.9 (2) (a) GDPR, and there is no other legal basis for the processing.

(3) You object to the data processing according to Art.21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the data processing according to Art.21 (2) GDPR.

(4) Your personal data were processed unlawfully.

(5) The deletion of your personal data is required to fulfil a legal obligation according to EU law, or the law of its member states, to which the responsible party is subject.

(6) Your personal data were collected for services offered by the information society according to the regulations of Art.8 (1) GDPR.

b) Information to Third Parties
If we have made your personal data public and we are obliged to delete these data according to Art.17 (1) GDPR we shall take technologically and economically appropriate measures, including technical measures, to inform the data controllers who are responsible for processing personal data that you as the data subject have demanded the deletion of all links to said personal data or the deletion of copies and replications of said personal data.
c) Exceptions
The right of deletion does not exist if the data processing is required:

(1) in order to exercise the right to freedom of expression and information;

(2) to fulfil a legal obligation according to EU law or its member states to which we are subject, or to perform a task in the public interest, or to perform public authority assigned to the responsible party;

(3) for reasons of public interest regarding public health according to Art.9 (2) (h) and Art.9 (3) GDPR

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes according to the regulations of Art.89 (1) GDPR, in so far as the right referred to under (a) is likely to render or seriously impair the achievement of the objectives of that processing, or

(5) for the establishment, exercise or defence of legal claims.

Right to information
You have the right to rectify, delete or restrict the processing of personal data, and we are obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing unless this proves to be impossible or involves an unreasonable amount of effort.

You have the right to be informed by us about the recipients of your personal data.

Right to data portability
You have the right to receive personal data that you have provided the responsible party with in a structured, commonly used and machine-readable format. In addition, you have the right to transmit these data to another responsible party without hindrance by us if:

(1) the processing is based on consent pursuant to Art.6 (1) (a) GDPR or Art.9 (2) (a) GDPR or a contract in accordance with Art.6 (1) (b) GDPR, and

(2) the processing is carried out by automated means.

By exercising this right, you also have the right to have your personal data directly transmitted from us to another responsible party if technically feasible. Freedoms and rights of other persons may not be affected by this.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest, or in the exercise of official authority that has been delegated to us.

Right to object
At any time you have the right to object to the processing of your personal data on grounds to your particular situation according to Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions

We shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or if the processing is required for the establishment, exercise or defence of legal claims.

If the personal data are used for direct marketing purposes, you have the right to object to the use of your personal data for such advertising purposes at any time, including profiling to the extent that is related to such direct marketing.

If you object to the use of your personal data for direct marketing purposes, your data will no longer be processed be used for such purposes.

Concerning services of the information society you may exercise your right to object by automated means using technical specifications, notwithstanding Directive 2002/58/EC.

Right to revoke data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of that consent until the time of revocation.

You can send the revocation by email to datenschutz@teufel-international.com or by sending a letter to Wilhelm Julius Teufel GmbH, Robert-Bosch-Straße 15, 73117 Wangen, Germany.

Automated indvidual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or will affect you in a similar manner in an significant way. This is not the case if the decision

(1) is necessary for entering into, or performance of a contract between you and the responsible party,

(2) is legal according to regulations of the EU or its member states, to which the responsible party is subject, and if these regulations comprise adequate measures for the protection of your rights and freedoms as well as your legitimate interests, or

(3) is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in Art.9 (1) GDPR, unless Art.9 (2) (a) or (g) applies and suitable measures for the protection of your rights and freedoms as well as your legitimate interests have been taken.

Regarding the cases mentioned in (1) and (3) the responsible party shall implement suitable measures to protect your rights and freedoms as well as your legitimate interests, which includes at least the right to to obtain human intervention from the responsible party, the right to express your point of view, and the right to contest the decision.

Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work or place of alleged infringement, if you believe that the processing of your personal data violates GDPR regulations.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art.78 GDPR.

The data protection supervisory authority responsible for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit, Königstrasse 10 a, 70173 Stuttgart.

Status: 05/2018