Data protection declaration

1. General

The purpose of this privacy policy is to set out how we, as the data controller, handle and process personal data. For purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in the member states of the European Union and other data protection provisions, the data controller is:

OTRA Umformtechnik GmbH

represented by the managing director Phillip Ostermann von Roth

Burrenstr. 11

73084 Salach, Germany

Tel.: 07162/96000

email: hotline@otra-salach.de

We would like to take this opportunity to inform you about the nature, scope and purpose of the collection, use and processing of personal data and your rights in this regard.

The privacy policy applies to our online (e.g. websites, apps, social media) as well as offline activities (e.g. service provision, communication, documentation).

In principle, you can use our website without disclosing any personal data. Personal data means all information relating to an identified or identifiable individual.

The processing of personal data may be required where visitors wish to use specific services offered by our company through the website.

Processing means any operation which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, onsultation, use, erasure or destruction or otherwise making available.

If there is no legal basis for processing, we will, in principle, seek the consent of the data subject.

Consent means any freely given indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to you.

We process personal data, e.g. the name, address, email address or telephone number, strictly in accordance with the General Data Protection Regulation and any applicable national data protection provisions.

Our company, as the data controller, has implemented a range of technical and organisational measures to ensure that the personal data processed via this website are protected to the fullest extent possible.
Nevertheless, it should be noted that transfer of data over the internet can pose a security risk and cannot be fully protected against third-party access.

You may, therefore, consider using alternative means, e.g. telephone to communicate personal data to us.

2. Cookies

We use cookies on our website. Cookies are text files that are placed and stored on a computer system by a browser.

Many cookies contain a so-called cookie ID, i.e. a unique identifier of the cookie, which is a string of characters that websites and servers associate with the browser on which the cookie is stored. This allows websites and servers to distinguish the browser from other browsers that store different cookies, and to recognise each browser by its unique cookie ID.

We primarily use cookies to improve your experience when you visit our website. For example, users of websites that use cookies will not have to sign in every time they visit because the websites use cookies stored on the computer system of the user to recognise them.

We use so-called session cookies to remember which pages of our website you have already visited. These will be deleted automatically after you leave our website.

In addition, we also use temporary cookies that are stored on your device for a specified period of time to make our website more user friendly. When your return to our website, these cookies help us to recognise automatically that you have visited us before and remember your entries and settings so that you do not have to enter them again.

The data processed by cookies is necessary for the aforementioned purposes of pursuing our and third-party legitimate interests in accordance with Article 6 (1) (f) GDPR.

Most browsers accept cookies by default. You can prevent cookies from being stored on your computer by configuring your browser
not to accept cookies or to notify you before websites try to set cookies.

Website users can prevent cookies from being installed by our website by changing the settings of their browser to block the acceptance of cookies. Furthermore, users can delete cookies already stored on their computers through their browser or other software. While all popular browsers offer this option, if used, some features of this website may no longer function properly.

3. Collection of general and personal data

Our website collects a series of general data and information when you or an automated system accesses the website. This information is temporarily stored in a so-called log file.

The following information is recorded and stored until it is automatically deleted:

  • used browser types and versions,
  • operating system of the accessing system and the name of the access provider,
  • website from which you accessed our website (so-called referrer URL),
  • the sub-websites, which are accessed via an accessing system on our website,
  • date and time of access to the website,
  • internet protocol address (IP address) of the accessing computer,
  • internet service provider of the accessing system and
  • other similar data and information that may be used in the event an attack on our IT systems.

This data and information will not, under any circumstances, be used to identify any particular person. Instead, this information is needed to

  • ensure a smooth connection to the website and convenient use of the website
  • optimise the content of our website as well as related advertising,
  • evaluate system security and system stability
  • provide law enforcement with the necessary information for prosecution in the event of a cyberattack
  • achieve other administrative purposes.

The legal basis for data processing is Article 6 (1) (f) GDPR. Our legitimate interest ensues from the abovementioned purposes for data collection. We will not, under any circumstances, use the data collected
to identify you.

The anonymously collected data and information are used for statistical purposes and with the objective to increase data protection and data security in our company. This is to ensure an optimal level of protection for the personal data we process.

The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

4. Use of the contact form available on our website

If you have any questions, you can use the form provided on our website to contact us. This form offers a quick and direct means of communication with our company. To use the contact form, you will have to provide a valid email address. If you use the contact form to communicate with us, the transmitted personal data will be automatically stored.

We process the data you provide in the contact form based on your consent to the processing of personal data in accordance with Article 6 (1) (a) GDPR.

The personal data transmitted to us on a voluntary basis will be automatically stored for the purpose of processing or establishing contact. We do not pass on personal data to third parties.

The personal data we collect when you use the contact form will be automatically deleted after we have responded to your query.

5. Integration of services and content from third parties

Our website may contain content and services from other providers. This includes, for example, maps, videos, graphics and images from other websites. The transmission of the IP address is necessary to retrieve and display this data in your browser. These providers will thus be able to see your IP address.

Although we make every effort to exclusively use third-party providers who only need the IP address to deliver content, we have no influence on whether the IP address may be stored. In this case, this process is used i.a. for statistical purposes.

If we become aware of a provider storing your IP address we will notify you.

6. SSL encryption

In order to provide the best level of protection for your transmitted data, the website uses SSL encryption. You can recognise encrypted connections by the prefix “https://” in the page link in your browser’s address bar. Unencrypted pages are identified by “http://”.

Thanks to SSL encryption, none of the data that you submit to this website – such as enquiries – can be read by third parties.

7. Routine erasure and blocking of personal data

We process and store your personal data only for the period necessary to achieve the purpose of the storage or as provided by the European directives and regulations or other laws or regulations to which we are subject.

If the data is no longer required for the purpose for which it was originally stored or if the storage period prescribed by the European directives and regulations or any other relevant laws expires, the personal data will be routinely deleted or blocked in accordance with the statutory provisions.

8. Rights of affected persons

Based on the fact that we may collect your personal data when you visit our website, you have as a data subject the following rights:

a)
Right to obtain confirmation

Every data subject shall have the right under the European laws and regulations to obtain confirmation from the controller as to whether or not personal data concerning him or her are being processed. If you wish to make use of this right, you can contact an employee responsible for data processing at any time.

b)
Right of access under Article 15 GDPR

As a data subject you have the right under European laws and regulations to obtain from the controller free information about your personal data that is being stored or processed at any time and to receive a copy of this information. You can, in particular, request the following information:

  • the purposes of the processing
  • the categories of personal data concerned
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • the right to lodge a complaint with a supervisory authority
  • where the personal data are not collected from the data subject, any available information as to their source
  • the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the details

Where personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards relating to the transfer.
If you wish to make use of this right of access, you can contact one of our employees responsible for data processing.

c) Right to rectification of, personal data under Article 16 GDPR

 

As a data subject you have the right under European laws and regulations to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the  rocessing, you also have the right to have incomplete personal data completed.
If you wish to make use of this right to rectification, you can contact one of our employees responsible for data processing.

d)
Right to erasure of personal data under Article 17 GDPR

As
a data subject you have the right under European laws and regulations to obtain from us erasure of personal data concerning you without undue delay where one of the following grounds applies, provided that the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
  • the data subject withdraws consent on which the processing is based according to Article 6 (1) (a), or Article 9 (2) (a) GDPR,
    and where there is no other legal ground for the processing.
  • the data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR.
  • the personal data have been unlawfully processed.
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

If one of the above-mentioned grounds applies to you and you wish to have the personal data we store on you erased, you can contact one of our employees responsible for data processing at any time, who will then erase your personal data without undue delay.

Where we have made the personal data public and we are obliged under Article 17 (1) GDPR to erase the personal data, we shall, taking account of available technology and if technically feasible, take reasonable steps to inform controllers, which are processing the published personal data of the request and to have the personal data erased to the extent processing is not necessary. The employee responsible for data
processing of personal data will arrange the necessary steps on a case-by-case basis.

e) Right to restriction of processing under Article 18 GDPR

As a data subject you have the right under European laws and regulations to obtain from us restriction of processing where one of the following applies:

  • you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
  • the processing is unlawful and you oppose the erasure of the personal data, you request the restriction of their use instead and you no longer need your data
  • we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
  • you have objected to processing pursuant to Article 21 (1) pending the verification whether we have legitimate grounds to override your grounds

If one of the above conditions is met and you wish to request the restriction of personal data we store, you can contact an employee responsible for data processing at any time, who will then take steps to restrict the processing of your data.

f) Right to data portability

As a data subject you have the right under European laws and regulations to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller where the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

In exercising your right to data portability pursuant to Article 20 (1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others.
If you wish to exercise your right to data portability, you can contact a person responsible for data processing at any time.

g) Right to object under Article 21 GDPR

As a data subject you have the right to object under European laws and regulations, on grounds relating to your particular situation or processing for direct marketing purposes, at any time to processing of personal data concerning you which is based on legitimate interests as laid down in point (e) or (f) of Article 6 (1) GDPR.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise  r defence of legal claims or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, we will no longer process personal data for such purposes.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

If you wish to exercise your right to object, you can contact a person responsible for data processing at any time. It is sufficient to object by email to the email address provided on our website.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

h) Automated individual decision-making, including profiling

As a data subject you have the right under European laws and regulations not to be subject to a decision based solely on automated processing (including profiling), which produces legal effects concerning you or similarly significantly affects you, unless the decision

  • is necessary for entering into, or performance of, a contract between us and you, or
  • is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
  •  is based on your explicit consent.

Where the decision is necessary for entering into, or performance of, a contract between you and us, or it is based on your explicit consent, we will take suitable measures to safeguard your rights and freedoms and legitimate interests.

If you wish to exercise your rights relating to automated decisions, you can contact one of our employees responsible for data processing at any time.

i) Withdrawal of consent to data processing in accordance with Article 7 (3) GDPR

As a data subject you have the right under European laws and regulations to withdraw your consent to processing of personal data at any time. As a result, we will no longer be allowed to process data based on this consent going forward.
If you wish to make use of this right to withdraw your consent, you can contact an employee responsible for data processing at any time.

9. Legal basis for processing

The legal basis for processing where you have given our company consent to process your data for a specific purpose is Article 6 (1) (a) GDPR. Where the processing is necessary for the performance of a contract to which you are party (e.g. provision of services or delivery), the legal basis is Article 6 (1) (b) GDPR. The same applies to processing necessary for the implementation of pre-contractual measures, e.g. queries regarding services.

Where processing is necessary for compliance with a legal obligation (e.g. tax obligations) to which we are subject, the basis of processing is Article 6 (1) (c) GDPR.

In exceptional cases, the processing may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if you were injured in our company
and contact details or other vital information would have to be passed on to a doctor, hospital or other third party. In this case, the legal basis for processing would be Article 6 (1) (d) GDPR.

Lastly, processing operations may also be based on Article 6 1 (f) GDPR if processing operations are not covered by any of the above legal bases and the processing is necessary for the purposes of the
legitimate interests pursued by our company or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. We are permitted under European laws and regulations to carry out such processing because it has been specifically mentioned in the GDPR. Under GDPR, a legitimate interest could exist, for example, where you are our contractual partner (Recital 47, clause 2 GDPR).

10. Legitimate interests in the processing pursued by us or a third party

Where the processing of personal data is based on Article 6 (1) (f) GDPR, our legitimate interest is to carry out our business to the well-being of all our employees and shareholders.

11. Length of storage of personal data

The length of storage of personal data is based on the respective statutory retention period. At the end of this retention period, data no longer required for the performance of the contract will be routinely
deleted.

12. Statutory or contractual provisions for the provision of personal data; requirement for the conclusion of the contract; obligation of the data subject to provide personal data;
consequences of failure to provide personal data

We hereby inform you that the provision of personal data is either required by law (e.g. tax regulations) or may also arise from contractual provisions (e.g. information about the party to the contract). For
example, to conclude a contract, it may be necessary for you to provide us with personal data that we will be subsequently required to process. You may, for example, be required to provide us with personal data when you enter into a contract with our company, as otherwise the contract cannot be concluded.

At your request, an employee responsible for data processing, will inform you on a case-by-case basis whether the provision of personal data is a statutory or contractual requirement, or a requirement
necessary to enter into a contract, as well as whether there is an obligation to provide the personal data and of the possible consequences of failure to provide such data.