Data Privacy
Privacy statement for the website msw-fertigungstechnik.de and its subpages
1. Name and address of the person responsible
Responsible is within the meaning of the General Data Protection Regulation and all other relevant data privacy acts and data protection provisions:
Marco Woitschek
Bürgermeister-Hubaleck-Straße 5
7
56575 Weißenthurm
Telefon: +49 2637/2073
Telefax: +49 2637/2074
info@msw-fertigungstechnik.de
2. General remarks on data processing
2.1 Extent of processing personal data
In principle, we do only process personal data of our users as far as required for providing a functional website and our contents and services. Processing of personal data of our users is only carried out with prior consent of the user. An exception applies in cases where it is not possible to obtain prior consent and processing the data is allowed by statutory provisions.
2.2 Legal basis for processing personal data
Legal basis for processing personal data is Article 6 (1) of the EU General Data Protection Regulation (GDPR). This does also apply for processing data for executing pre-contractual measures, or for complying with a legal commitment, or for respecting a legitimate interest on our par, provided that the interests or rights of the person concerned are not prevailing.
2.3 Data deletion and storage time
Personal data of the persons concerned are deleted or blocked as soon as the reason for storage is reached. However, storage can take place beyond that if previewed and required by European or national regulations, laws or other provisions.
After expiry of the mandatory storage times, also these data are blocked or deleted, as far as not required for concluding a contract.
3. Provision of website and preparation of log files
3.1 Description and extent of data processing
When our website is accessed, the system automatically registers data and information of the computer system of the accessing computer The collected data are:
• IP address
• Browser type and version
• Used operating system
• Last visited website
• Host name of the accessing computer
• Date and time of the server request
The data are stored in the so-called log files of our system. The IP address is changed before storage such that it cannot be assigned to any user. There is no merging of data with other data sources.
3.2 Purpose, time and legal basis of storage
Storage of data is carried out for the purpose of error analysis, which is also our legitimate interest in data processing. These data are deleted after a period of 7 days. Legal basis for temporary storage of data is Article 6 (1) of the GDPR.
3.3 Option for objection and removal
Capture of data for provision of the website and storage of data in log files is mandatory for operating the website. Therefore, the user does not have any option to raise an objection.
4. E-mail contact, contact form
4.1. Description and extent of data processing
On our website there is a contact form for the user to enter in electronic contact with us. Furthermore, we link our e-mail address for communication.
As far as registered by the user, when contacting we store name, address, phone number, e-mail address and the text of the message.
When contacting via e-mail, the submitted personal data of the user are stored.
The data are never passed to third parties. The data are exclusively used for processing the conversation.
4.2. Purpose, time and legal basis of data storage
Processing of personal data from the contact form or e-mail is only used for handling the contact. This is also the legitimate interest in processing the data.
The collected data are only stored until no longer required for the purpose of their collection. As far as there is a retention requirement (§ 147 AO) by rules of law, the data are stored until it expires.
Legal basis for processing data also in this case is Article 6 (1) of the GDPR.
4.3. Option for objection and removal
At any time the user has the possibility to object to the storage of his personal data, by e-mail or by using the contact form again. In this case all data of the user are immediately deleted.
4.4 reCaptcha for newsletter subscription
We use the Google service reCaptcha for knowing if a person or a computer is making a specific entry in our contact or newsletter form. With the following data Google checks if you are a person or a computer: IP address of the used terminal, website you are visiting with us and where reCaptcha is integrated, the date and time of the visit, identification data of the used type of browser and operating system, Google account if you are registered with Google, mouse movements on the reCaptcha surfaces and tasks where you have to identify pictures. Legal basis for the described data processing is Article 6 (1) lit. f General Data Protection Regulation. We have a legitimate interest in this data processing for ensuring the security of our website, and protecting ourselves against automated entries (attacks).
4.5 Newsletter form
Per e-mail, our free newsletter offers regular information on new products and special offers. The data you enter here are only used for personalisation of the newsletter and are not passed to third parties. You can unsubscribe from this newsletter at any time, or by e-mail to newsletter@msw-fertigungstechnik.de withdraw your consent at any time. After terminating the receipt of the newsletter, your data are deleted within 1 month as far as deletion is not in conflict with retention requirements. By sending the data you entered you agree with the data processing and confirm our privacy statement.
5. Web fonts Google fonts
5.1. Description and extent of data processing
For unified view of fonts, so-called web fonts, this page uses provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (in the following: Google). When calling a page, your browser downloads the required web fonts into your browser cache for correct indication of texts and fonts. From this, the user connection links with the Google server, such that the IP address of the user is transmitted to Google.
In case your browser does not support web fonts, your computer uses a standard font.
Find further information regarding Google Fonts and use of data by Google Inc. under https://www.google.com/intl/de/policies/privacy/.
5.2. Purpose, time and legal basis of data processing
Purpose of data processing is the presentation of the contents on our website with uniform, attractive font for user-friendly display. This is also our legitimate interest.
Legal basis for data processing is Article 6 (1) lit. f GDPR.
In case you have already called up the page, by leaving the page you can avoid further transfers to Google.
5.3 Adequacy decision
As far as data are transmitted for using Google fonts data, basis for this is the adequacy decision of the European Commission dated12.07.2016 (C(2016) 4176) for regulations of the Privacy Shield Convention. Adobe has submitted to the regulations of the Privacy Shield.
6. Embedding of YouTube videos
6.1. Description and extent of data processing
We integrate videos of the platform YouTube, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (in the following: Google). You can find the privacy statement under https://www.google.com/policies/privacy/.
As third-party provider, Google can send the available contents to your browser only when using your IP address. For communication purposes Google sets cookies on your browser and uses your IP address.
6.2. Purpose, legal basis and time of data processing
Purpose of data processing is the provision of video contents from a third-party provider without using storage space on the server of our website for extending the offer on our website. This is also our legitimate interest.
Legal basis for data processing is Article 6 (1) lit. f GDPR.
When calling our website for the first time you can admit or deactivate cookies. By changing the settings in your internet browser you also can deactivate or reduce the transfer of cookies. Cookies already stored can be deleted at any time. This can also be carried out automatically. When deactivating cookies for our website, it might be that not all functions of the website can be used to its full extent.
If you do not deactivate the transfer of cookies or do not actively delete the cookies, those cookies stored by Google are deleted after eight months the latest.
6.3. Adequacy decision
As far as data are transmitted to the USA data for the use of YouTube, basis for this is the adequacy decision of the European Commission dated12.07.2016 (C(2016) 4176) for regulations of the Privacy Shield Convention. Google has submitted to the Privacy Shield regulations. Here you can find the certificate: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
7. Use of Google Analytics
7.1. Description and extent of data processing
On our website we use the Analyse Tracking Tool Google Analytics (GA), which is made available by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (in the following Google): Google Analytics collects data about the way you use our website. For example, if you click on a link, this action is stored in a cookie and sent to Google Analytics. With the reports we receive from Google Analytics we are able to better adjust our website and our service to your demands.
7.2. Purpose, legal basis and time of data processing
Purpose of data processing is the analysis of the user behaviour on our website, with the goal of continuously improving and expanding the range on our website. This is also our legitimate interest.
Legal basis for data processing is Article 6 (1) lit. f GDPR.
When calling our website for the first time you can admit or deactivate cookies. By changing the settings in your internet browser you also can deactivate or reduce the transfer of cookies. Cookies already stored can be deleted at any time. This can also be carried out automatically. When deactivating cookies for our website, it might be that not all functions of the website can be used to its full extent.
If you do not deactivate the transfer of cookies or do not actively delete the cookies, those cookies stored by Google are deleted after 26 months the latest.
7.3. Anonymisation of the IP address
On this website we have implemented the IP address anonymisation from Google Analytics. Anonymisation or masking of the IP takes place as soon as the IP addresses arrive at the Google Analytics data collection network and before storage or processing of the data is carried out.
Further Information regarding IP anonymisation can be found on https://support.google.com/analytics/answer/2763052?hl=de.
7.4. Adequacy decision
As far as data are transmitted by Google to the USA, basis for this is the adequacy decision of the European Commission dated12.07.2016 (C(2016) 4176) for regulations of the Privacy Shield Convention. Google has submitted to the Privacy Shield regulations of. Here you can find the certificate: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
8. Rights of the person concerned
In case your personal data are processed, according to GDPR you are a person concerned, and against the person responsible you have the rights detailed in the following.
8.1. Right to information
You are entitled to demand confirmation from the person responsible if we are processing your personal data.
In case of such processing you can demand the following information from the person responsible:
a) Purposes for which the personal data are being processed;
b) Categories of personal data which are being processed;
c) Recipients or categories of recipients your personal data were disclosed to or still will be disclosed;
d) Planned time of storage of your personal data, or the criteria for defining the storage time in case that specific information is not possible;
e) There is the right to rectification or erasure of your personal data, a right for limiting the processing by the person responsible, or a right to object to this processing;
f) The right to complain to regulatory authorities;
g) All available information on origin of the data, if the personal data are not gathered from the individual concerned;
h) Existence of an automated decision making including profiling according to Article 22 (1) and (4) GDPR, and at least, concerning these cases, meaningful information on involved logic as well as the consequences and the pursued effects of such processing for the individual concerned.
You are entitled to demand information if your personal data are transmitted to a third country or to an international organisation. In this context you are entitled to be informed on the appropriate warranties according to Art. 46 GDPR related to the transmission.
8.2. Right to rectification
Towards the responsible person you are entitled to rectification and/or completion as far as your processed personal data are inaccurate or incomplete. The responsible person has to make the rectification immediately.
8.3. Right to limitation of processing
Provided that the following conditions are met, you are entitled to demand limited processing of your personal data.
a) If you contest the correctness of your personal data for a time, which enables the responsible person to examine the correctness of your personal data;
b) If processing is illegal and you reject the deletion of your personal data, demanding instead limited use of your personal data;
c) If the responsible person does no longer need the personal data for processing purposes, but nevertheless you need these for assertion, exercise or defence of legal claims, or
d) If you have objected processing according to Article 21 ()1 GDPR, and it is not yet clear if the legitimate reasons of the person responsible outweigh your reasons.
If processing of your personal data has been limited, besides their storage, these data are only allowed to be processed with your consent or for assertion, exercise or defence of legal claims, or for protecting the rights of another natural or legal person, or for reasons of an important public interest of the Union or another member state.
Was processing restricted according to the above mentioned prerequisites, you will be informed by the responsible person before this restriction is removed.
8.4. Right of erasure
1) Obligation to erasure
From the person responsible you are entitled to demand immediate deletion of your personal data, and the person responsible is bound to delete these data immediately, as far as one of the following reasons apply:
a) Your personal data are no longer required for the purposes they were collected for or were processed any other way.
b) You revoke your consent the processing according to Article 6 (1) lit. a or Article 9 (2) lit. a GDPR was based upon, and any other legal basis for processing is missing.
c) According to Article 21 (1) GDPR you lodge an appeal against processing, and there are no other imperative legitimate reasons for processing, or you lodge an appeal against processing according to Article 21 (2) GDPR.
d) Your personal data have been processed unlawfully.
e) Erasure of your personal data is required for fulfilling a legal obligation, according to the Union legislation or the law of the Member States the responsible person is subjected to.
f) Your personal data were collected with reference to services offered by the information society according to Article. 8 (1) GDPR.
2) Information to third parties
If the responsible person has made your personal data public but is obliged to deletion according to Article 17 (1) GDPR, he will take adequate measures, also of technical nature, under consideration of the available technology and implementation costs to inform the responsible for data processing, who process the personal data that you as person concerned have demanded the deletion of all links to these personal data or of copies or replications of these personal data.
3) Exceptions
The right to erasure does not exist as far as processing is required
a) for exercising the right to freedom of expression and information;
b) for the purpose of fulfilling a legal obligation, which requires processing according to the legislation of the Union or of the Member States the responsible person is subjected to, or for performance of a task, which is in the public interest, or in the exercise of official authority being assigned to the person responsible;
c) for reasons of public interest in the field of public health according to Article 9 (2) lit. h and i and Article 9 (3) GDPR;
d) for archiving purposes subject to the public interest, scientific or historical research purposes, or for statistical reasons according to article 89 (1) GDPR, as far as the law mentioned in section a) presumably rules out or seriously affects the implementation of these objectives, or
e) for assertion, exercise or defence of legal claims.
8.5. Right to information
If you have asserted the right to rectification, deletion or limitation of processing towards the responsible person, he is obliged to inform all recipients, to whom your personal data was disclosed, about this rectification or deletion of the data or limitation of processing, unless this proves to be impossible or involves a disproportionate effort.
Towards the responsible you are entitled to become informed about these recipients.
8.6. Right to data portability
You are entitled to obtain your personal data you have made available to the responsible person in a structured, common and machine readable format. Furthermore, you are entitled to transfer these data to another responsible person without hindrance of the responsible to whom your personal data was made available, provided that
a) processing is based on a consent according to Article 6 (1) lit. a GDPR or Article 9 (2) lit. a GDPR or on a contract according to Article 6 (1) lit. b GDPR, and
b) processing is carried out by means of automated procedures.
By exercising this right you are also entitled to ensure that your personal data are directly transmitted from one responsible person to another responsible person, as far as this is technically feasible. This must not affect freedoms and rights of other persons.
The right to data portability does not only apply for processing personal data required for performance of a task, which is in the public interest, or in the exercise of official authority being assigned to the person responsible.
8.7. Right of objection
For reasons resulting from your particular situation, you are entitled to lodge at any time an objection against the processing of your personal data, resulting from Article 6 (1) lit. e or f GDPR, this also applies to a profiling on the base of these provisions.
The responsible person no longer processes your personal data, unless he can prove compelling protection-worthy reasons for processing, which prevail your interests, rights and freedoms, or processing is used for assertion, exercise or defence of legal claims
In case your personal data are processed for direct marketing, you are entitled to lodge at any time an objection against the processing of your personal data for purposes of such marketing; this also applies to profiling as far as it is related to such direct marketing.
Your personal data are no longer processed for these purposes in case you object processing for purposes of direct marketing.
In connection with the utilisation of services of the information society, you have the option – irrespective of Directive 2002/58/EC – to exercise your right to objection by means of automated processes in which technical specifications are used.
8.8. Right to withdraw from the declaration of consent under data protection law
As far as you have provided a declaration of consent under data protection law, you are entitled to revoke your consent at any time. By revocation of consent, the lawfulness of the processing carried out because of consent is not affected until revocation.
8.9. Automated decision on a case-by-case basis including profiling
You have the right not to be subjected to a decision – including profiling – based on an exclusively automated processing, producing legal effects for you, or which considerably affects you in a similar way. This is not applicable, if the decision
a) is required for termination or fulfilment of an agreement between you and the responsible person,
b) is admissible because of statutory provisions of the Union or the Member States the responsible is subjected to, and these statutory provision include appropriate measures for protecting your rights and freedoms and your legitimate interests, or
c) is made with your express consent.
However, these decisions must not be based on special categories of personal data according to Article 9 (1) GDPR, as far as Article 9 (2) lit. a or g GDPR does not apply, and appropriate measures were taken for protecting rights and freedoms as well as your legitimate interests.
Regarding the cases mentioned in a) and c), the responsible person takes appropriate measures for protecting rights and freedoms as well as your legitimate interests, which at least includes the right to obtain the intervention of a person on the part of the responsible person for presentation of an own point of view and for challenging the decision.
8.10. Right of complaint to a regulatory authority
Without prejudice of any other administrative or legal remedy, you are entitled to complain to a regulatory authority, particularly in the Member State of your abode, your workplace or the location of the alleged infringement if your believe that processing of your personal data are in violation against the GDPR.
The regulatory authority where the complaint was lodged informs the complainant on state and results of the complaint, including the option of a legal remedy according to Article 78 GDPR.
Competent regulatory authority on data protection issues for our company is the state data protection supervisor of Rhineland-Palatinate. The contact is https://www.datenschutz.rlp.de.
Privacy statement
for the online shop range on msw-fertigungstechnik.de and its subpages
1. Online shop & Payment
1.1 Description and extent of data processing
We use your personal data for processing your online purchase (your orders and returns are handled by our Online Services) and for sending information regarding the delivery state or messages in case of delivery problems of your items.
Additionally, we use your personal data for handling your payments and for processing complaints and product warranty claims.
In addition, your personal data are used for proving your identity, to ensure that your have reached the legal minimum age for online purchase, and for comparing your address with external partners.
Because we offer several methods of payment and carry out analysis for learning about the payment options you have available, including your payment history and credit assessment.
1.2 Purpose, time and legal basis of storage
We use your personal data for processing your online purchase (your orders and returns are handled by our Online Services) and for sending information regarding the delivery state or messages in case of delivery problems of your items.
Additionally, we use your personal data for handling your payments and for processing complaints and product warranty claims.
In addition, your personal data are used for proving your identity, to ensure that your have reached the legal minimum age for online purchase, and for comparing your address with external partners.
Because we offer several methods of payment and carry out analysis for learning about the payment options you have available, including your payment history and credit assessment.
Legal basis for processing data is also in this case Article 6 (1) of the GDPR.
The collected data are only stored until no longer required for the purpose of their collection. As far as there is a retention requirement (Par. 147 AO) by rules of law, the data are stored until it expires.
1.3 Payment via PayPal
In line with the ordering process we offer the option to pay your invoice via PayPal (Europe) S.à.r.l. & Cie. S.C.A. (In the following PayPal).
The personal data transmitted to PayPal is mostly first name, name, address, IP address, e-mail address, or other data required for order processing, as well as data associated with the service, such as type of service, identity of the recipient, invoice amount and taxes in per cent, invoice information and so on.
This transmission is required for execution of the service with the method of payment you have selected, specifically for confirming your identity, for managing your payment, and customer relation.
The online payment provider can also forward personal data to the service provider, to subcontractors or other affiliated companies, as far as this is required for fulfilment of the contractual obligations from your order, or the personal data shall be processed in the order.
Find further information regarding data handling at PayPal under: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
1.4 Other data transfer to third parties
Depending on the selected method of payment e.g. invoice or direct debit, we reserve the right to transfer the received personal data if necessary to SCHUFA (German credit rating company). This transfer is used for identity and credit assessment regarding your order.
The collected data in this case are only stored until no longer required for achieving the purpose of their collection. As there is a retention requirement (§ 147 AO) by rules of law, the data are stored until it expires.
Further information on how SCHUFA deals with data can be found under https://www.schufa.de/ueber-uns/daten-scoring/ds-gvo-ueberblick/ds-gvo-ueberblick.jsp