Privacy statement

Dear Sir, or Madam,

With this privacy statement we would like to inform you about the processing of your personal data by GMN Paul Müller Industrie GmbH & Co. KG („GMN“) as well as the rights you are entitled to under data protection law. In doing so, we first want to provide you with information in the section “General information”, which applies to all data processed by GMN. In the following section “Internet content of GMN” you will then find more detailed information on selected data processing operations. The next section „Audio/Video conferences“ contains data protection notices to conference systems used by GMN.

 

Tools from a company in the USA are integrated on our website among other things (see 2.6). Your personal data can be transmitted to US servers of this and possibly to another company if the tools are activated. We would like to point out that the USA are not a safe third country in the sense of the EU data protection law. US companies are obliged to hand over personal data to security agencies without you can take legal action in this matter as affected person. It cannot ruled out that US authorities (e.g. secret services) process, evaluate and store permanently your data located on US servers for monitoring purposes. We have no influence on this processing activities.

1. General information

1.1 Name and contact details of the responsible

Responsible for the processing of your data is:

GMN Paul Müller Industrie GmbH & Co. KG
Äußere Bayreuther Straße 230
90411 Nürnberg

Phone: +49 911 5691-0
Fax: +49 911 5691-221
Mail: info@gmn.de
Internet: www.gmn.de

 

1.2 Name and contact details of the privacy officer

Privacy officer of the data controller is:

GMN Paul Müller Industrie GmbH & Co. KG
Mr. Rainer Förster
Äußere Bayreuther Straße 230
90411 Nürnberg

Phone: +49 911 5691-332
Mail: datenschutz@gmn.de

 

1.3 Processed data categories

The following data in particular belong to the categories of personal data processed:

  • Master data, e.g. first name, last name, function
  • Contact information, e.g. postal address, telephone number(s), mail address

Your personal data are always collected directly from you when you contact us. In some cases, we also collect personal data from publicly available sources (such as the internet, trade fair catalogues).

 

1.4 Processing purposes and legal grounds

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Data Protection Act and all other relevant laws.

The purpose of data processing is to serve customer support and to promote our products as well as to fill vacant positions in our company. These include in particular

  • responding to requests,
  • processing of orders,
  • sending of information material (e.g. flyer, catalogues),
  • contacting in any form, e.g. for consultation or appointment,
  • necessary measures in the course of a job interview, e.g. to send an invitation for a job interview.

Your personal data will be processed

  • if you have consented to processing on the basis of article 6 section 1 sentence 1 lit. a GDPR,
  • due to the implementation of pre-contractual measures (e.g. responding to requests, sending of information material) on the basis of article 6 section 1 sentence 1 lit. b GDPR,
  • due to protect the justified interests of GMN (e.g. running credit checks, inviting for a job interview on the basis of article 6 section 1 sentence 1 lit. f GDPR.

 

1.5 Duration of storage; retention periods

On principle, we store your data for as long as it takes for fulfilling the purposes and the associated measures and services or when we have a justified interest in further storage (e.g. after the fulfilment of a contract, we could still have a justified interest in postal trade fair invitations). In all other cases, we will delete your personal data with the exception of such data that we are obliged to retain for the fulfilment of legal obligations (e.g. as a result of fiscal and commercial retention periods, we are obliged to retain documents such as contracts and invoices for a specific period of time).

 

1.6 Recipients of personal data

1.6.1 Other responsible parties

We will principally only transfer your personal data to other responsible parties insofar as if this is necessary for fulfilling the purposes (see 1.4), we or the third party has a predominantly justified interest in the transfer or if you have given your consent. Third parties can also be subsidiaries or representatives of GMN, also outside the European Economic Area.

Moreover, data can also be transferred to other responsible parties, insofar as we are obligated to do this on the basis of statutory regulations or due to enforceable official or judicial order.

1.6.2 GMN independent recipients outside the EEA

We have videos integrated on our website from „YouTube“, USA. YouTube belongs to „Google“, USA. Personal data of users of the website can be processed from YouTube and Google. For more information, please have a look at
2.6 YouTube videos

 

1.7 Your rights

Please use the information contained in section “Name and contact details of the privacy officer” (see 1.2) to assert your rights according to articles 15 up to 22 GDPR. Please ensure that an unambiguous identification of your person is possible for us.

1.7.1 Right of information and disclosure (Art. 15 GDPR)

You have the right to obtain information from us concerning the processing of your data. For this purpose, you can enforce a right to information in relation to the personal information that we process from you.

1.7.2 Right of rectification and deletion (Art. 16 and 17 GDPR)

You can demand from us the rectification of false data and – insofar as the legal prerequisites are fulfilled – the completion or deletion of your data.

This does not apply to data which are necessary for invoicing or accounting purposes or are subject to the statutory retention obligation. Insofar as the access to such data is not required, the processing thereof will be restricted (see below).

1.7.3 Restriction of processing (Art. 19 GDPR)

You can demand from us the restriction of the processing of your data insofar as the legal prerequisites are fulfilled.

1.7.4 Data portability (Art. 20 GDPR)

You will continue to have the right to obtain data that you have provided to us transmitted in a structured, conventional and machine-readable form or as far as this is technically feasible, to demand that the data are transmitted to a third party.

1.7.5 Right of objection (Art. 21 GDPR)

a. Case-related right of objection

Insofar as we undertake processing of data on the basis of a predominantly justified interest (article 6 section 1 sentence 1 lit. f GDPR), you have the right to file an objection to this processing, at any time, for reasons resulting from your special situation.

We will then discontinue the processing of your data, unless we can prove, in accordance with the statutory regulations, mandatory reasons worthy of protection for further processing, which outweigh your interests, rights and liberties, or if the further processing serves the assertion, exercising or defending of legal claims.

b. Objection against the processing of data for direct marketing purposes

Furthermore, you can file an objection to the processing of your personal data for commercial purposes at any time (“objection to advertising”). Please take into consideration the fact that there could be an overlapping between your objection and the utilization of your data in the scope of an ongoing campaign.

1.7.6 Rights of revocation

If you have given us your consent to the processing of your data (article 6 section 1 sentence 1 lit. f GDPR), you can revoke this with future effect at any time. This also applies to the revocation of declarations of consent, granted to us prior to the validity of the GDPR, therefore prior to 25. May 2018. The legality of the processing of your data shall remain unaffected unless revoked.

1.7.7 Right to appeal to the supervisory authority

You have the right to submit an appeal to a data protection supervisory authority. For this purpose, you can refer to the data protection supervisory authority, which is competent for your place of residence of federal state or to the data protection supervisory authority which is competent for our group. The data protection supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Phone: +49 981 180093-0
Fax: +49 981 180093-800
Mail: poststelle@lda.bayern.de
Internet: www.lda.bayern.de

2. Internet content of GMN

2.1 Processing purposes and legal grounds

We and our delegated service providers process your personal data for the following objectives:

2.1.1 Provision of this website and creation of log files

Whenever you use the Internet, specific information will be automatically transmitted from your Internet browser and stored by us in so-called log files. On the one hand we storing in log files in order to ensure the functionality and optimization of the website and on the other hand we do save the log files for the determination of malfunction and for safety reasons (e.g. for the investigation of attempted attacks) for a short period and delete them afterwards.
If a further retention of log files is required for evidence purposes, these will be exempted from deletion until the final clarification of the respective incident and can be handed over to investigating authorities in individual cases.

The following information in particular is stored in the log files:

  • IP address of the end device of the user
  • Date and time of the access
  • Transferred data volume
  • Target URL of the GMN website
  • Internet browser of the user
  • Return code (web server to the Internet browser)

Legal basis:

Safeguarding of the justified interest of GMN to provide a functional website (article 6 section 1 sentence 1 lit. f GDPR).
Fulfilment of a legal obligation (article 6 section 1 sentence 1 lit. c GDPR) as well as safeguarding of the justified interest of GMN to provide a secure website (article 6 section 1 sentence 1 lit. f GDPR).
Fulfilment of legal obligations, that means to assert legal claims and defence of any legal disputes (article 6 section 1 sentence 1 lit. c GDPR).

2.1.2 In reply to user requests in connecting with a contact form

We process the personal data which has been entered in contact forms from the users in particular to:

  • Responding requests
  • Creating offers
  • Processing of orders
  • Providing of services and/or information

Legal basis:

Consent of the user for data processing for one or more purposes (article 6 section 1 sentence 1 lit. a GDPR) as well as safeguarding of the justified interest of GMN to implement pre-contractual or contractual measures.

2.1.3 Safeguarding and defending our rights

If necessary, we process personal data for safeguarding and defending our trademark and copyright.

Legal basis:

Fulfilment of our legal obligations, that means to assert legal claims and defence of any legal disputes (article 6 section 1 sentence 1 lit. c GDPR).

 

2.2 Service providers

Contracted service providers, e.g. the Internet service provider and the service provider for programming, are carefully selected, in particular with regard to their handling of personal data. All providers are bound to confidentiality and adherence to the legal specifications by us.

 

2.3 Cookies

Basically, you can set your browser to inform you about setting cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for specific cases or in general, and to activate the automatic deletion of cookies when the browser is closed.
The functionality of our website may be restricted when cookies are deactivatede.

We use cookies to optimize our website and make it easy to use. Cookies are unable to execute programs or introduce viruses to your end device. It is distinguished between optional and essential (technically necessary) cookies.

We only use optional cookies for statistics as well as displaying contents of external media if you have given your consent in accordance with article 6 section 1 sentence 1 lit. a GDPR via our cookie banner.

Our website uses the WordPress plug-in “Borlabs Cookie” to record and manage consent and any revocations. If you give your consent to the use of cookies, a cookie will be set (“borlabs cookie”), which will record your consent. We set this technically required cookie on the basis of article 6 section 1 sentence 1 lit. f GDPR to document your consent. If you delete your cookies, we will ask you for your consent again when you visit the page later.

You can withdraw your consent at any time or adjust the selection of cookies by clicking the following link: Cookie settings

 

2.4 etracker

We use the etracker Analytics service of etracker GmbH (hereinafter referred to as “etracker”), Erste Brunnenstraße 1, 20459 Hamburg, Germany on our website. A contract for commissioned data processing has been concluded with the company etracker in accordance with the GDPR. We use etracker Analytics based on our legitimate interest according to article 6 section 1 sentence 1 lit. f GDPR. This means that we record your surfing behaviour when you visit our website and use this data to improve our website by optimising it and designing it to meet your needs as a user.

By default, etracker Analytics does not use cookies, but records visit behaviour (using purely technical parameters, such as the shortened IP address or the browser used) within a session (website visit) by means of cookie-less session tracking. Here, a fingerprinting procedure is used to generate a hash value (combination of characters from which the original data cannot be derived) from the purely technical data, to which the date of the day the page was accessed is also added in order to make it even less likely that the identity of the user can be deduced. This value is automatically deleted every 24 hours. Within the 24 hours, this fingerprint makes it possible to analyse user behaviour.

Statistical cookies that record your surfing behaviour when visiting our website are only set after your consent in the cookie settings.

Should you have not agreed the use of the appropriate cookie in the Cookie settings, your data will not gathered by etracker Analytics in this context.

All data is processed and stored by the company we have commissioned, etracker GmbH, exclusively in Germany and is therefore subject to the strict German and European data protection laws and standards. etracker has been independently audited, certified and awarded the ePrivacyseal data protection seal of approval in this regard.

It is not possible to draw any conclusions about your person.

 

2.5 mapz

On our website, we use the services of mapz.com, hereinafter referred to as “mapz”, a map service of Kober-Kümmerly+Frey Media AG, to display interactive maps. When you visit our website, Kober-Kümmerly+Frey receives the information that the IP address used by you has called up the corresponding page on our website and that a map graphic has been delivered by mapz.com to the IP address used by you.

Kober-Kümmerly+Frey collects the following data, which are technically necessary to display the map and to ensure the stability and security of the map service:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access Status/HTTP status code
  • Data volume transferred in each case
  • Website from which the request comes
  • Operating system and its interface
  • Type, language and version of the browser software

With mapz, the statistical data on your map retrievals stays where it belongs – protected with encrypted connections on their servers in Germany. Kober-Kümmerly+Frey acts in accordance with strict EU data protection regulations and avoids contact with the Big Data industry and commercial data collectors.

Your IP address is stored by Kober-Kümmerly+Frey in an anonymised form that does not allow any conclusions to be drawn about your person. Kober-Kümmerly+Frey does not transmit any data to third parties and operates its server systems exclusively in member states of the European Union and exclusively with renewable energy.

Should you have not agreed the use of the appropriate cookie in the Cookie settings, your data will not gathered by map.com.

 

2.6 YouTube videos

On our website are videos integrated from YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA („YouTube“). These are stored on https://www.YouTube.com and can be played directly from our website.

The videos are all integrated in „extended data protection mode“, that means no data of the user are transmitted to YouTube as long as the videos are not played. Only if you play the videos, the player from YouTube integrated on the website establishes a connection to YouTube in order to ensure the technical transfer of the videos. Data are transmitted during the connection to YouTube.
We have no influence on this data transmission.

For information on the purpose and scope of the data collection and further processing by YouTube as well as your rights and settings options related to protecting your privacy, please see Google’s data privacy statement: https://policies.google.com/?hl=en&gl=en.

Should you have not agreed the use of the appropriate cookie in the Cookie settings, your data will not gathered by YouTube.

 

2.7 SSL or TSL encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content such as inquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

 

2.8 External links

Our website can contain links to the websites of third parties − to providers who are not affiliated with us. After you click the link, we no longer have any influence on the processing of any personal data that is transferred to third parties after clicking the link (e.g. the IP address or the URL of the site on which the link is located), as our control of the conduct of third parties is then naturally withdrawn. We assume no responsibility for the processing of this kind of personal data by third parties.

3. Audio/Video conferences

3.1 Name and contact details of the responsible

See 1.1

Please note: If you access the website of “Microsoft” as the provider of “Teams”, Microsoft Corporation is responsible for the data processing. However, you only need to access the website to download the app to use Teams on mobile or desktop devices.

You can use Teams by entering the respective meeting ID and, if necessary, additional access data for the meeting directly in the Teams app.

If you do not want to or cannot use the Teams app, you can also join a conference via an internet browser (preferably Microsoft Edge or Google Chrome).

 

3.2 Name and contact details of the privacy officer

See 1.2

 

3.3 Processed data categories

When using Microsoft Teams, different categories of data are processed. The scope of this data depends, among other things, on the data you provide before or while taking part in a video conference.

The following personal data may be the subject of processing:

  • Authentication data: first name, last name, user name, profile picture
  • Contact data: phone number(s), e-mail address
  • Meeting metadata: subject, description, meeting ID, place, date, time, participant IP addresses, device/hardware information
  • Audio/video data: microphone and camera data are processed for the duration of the meeting if not turned off by the user.
  • Chat/screen data: user-created content is processed, as is the transmitted data during screen sharing.

 

3.4 Processing purposes and legal grounds

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Data Protection Act and all other relevant laws.

The purpose of data processing is to use the communications software “Microsoft Teams” (in short “Teams” for execution of audio/video conferences.

We do not normally make audio or video recordings during such conferences, nor do we log chat content.
However, should we decide to record audio/video conferences, then we will inform you transparently of this and, if necessary, ask for consent. The fact that the conference is being recorded will also be visible to you as a display in the Teams app.
Should it also be necessary to record results of online conferences, then we will log chat content.

Your personal data will be processed

  • for employment-related purposes – hiring decision or after hiring decision to carry out or terminate the employment contract – in accordance with Section 26 BDSG (German Federal Data Protection Act),
  • during the employment relationship for the protection of GMN’s legitimate interests (e.g. to effectively carry out audio/video conferences) in accordance with Art. 6 (1) (1) (f) GDPR,
  • during the customer, prospective customer, supplier relationship in performance of a contract or for the purpose of carrying out pre-contractual measures in accordance with Art. 6 (1) (1) (b) GDPR

3.5 Duration of storage; retention periods

We delete your personal data as a matter of principle when the lawfulness of their processing according to Art. 6 (1) GDPR no longer applies and further storage is therefore no longer required. There may be a requirement in particular if the data is still needed to perform contractual services, e.g. for the examination and granting or defence of warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion is only possible after expiry of the respective retention obligation.

 

3.6 Recipients of personal data

3.6.1 Other responsible parties

We will principally not transfer your personal data to other responsible parties except we are obligated to do this on the basis of statutory regulations or due to enforceable official or judicial order.

3.6.2 Conference participants and third parties

Please note that the very purpose of communicating content in audio/video conferences – as well as face-to-face meeting sessions – is the need to communicate information with customers, prospective customers or third parties and this information is therefore intended to be shared.

3.6.3 Software provider

The provider of Teams obtains knowledge of the above-mentioned data by necessity to the extent provided for under our order processing agreement with Microsoft.

3.6.4 GMN independent recipients outside the EEA

Teams is the software of the US provider Microsoft Corporation. The processing of personal data takes place on servers in the EU. An adequate level of data protection is guaranteed by the use of so-called EU standard contractual clauses.
Data processing outside the European Union (EU) does not generally take place. In the course of support and hosting services from Microsoft the transmission of personal data to the USA can partially take place. Furthermore, we cannot rule out the possibility of data being routed via internet servers located outside the EU. This may occur, for example, if someone taking part in a video conference is located in a third country.
However, the data is encrypted during transmission over the internet and thus protected from unauthorised access by third parties.

Current notice: Due to the ECJ ruling in the Schrems II case, the EU Commission is currently revising the standard contractual clauses. Until the implementation of new clauses, Microsoft Corporation undertakes to ensure the exhaustion of legal remedies for the data subject in order to safeguard the level of data protection and to grant the data subject financial compensation in the event of a breach of the GDPR by disclosing data to a U.S. authority (https://news.microsoft.com/de-de/neue-massnahmen-zum-schutz-von-daten/).

 

3.7 Your rights

See 1.7

4. Change of the privacy statement

We reserve the right to make modifications to our security and data protection measures, insofar as this is necessary due to the technical development.

 

Last revision: 23.08.2021

In these cases, we will also adapt our data protection policy accordingly. Therefore, please note the currently valid version of our privacy statement.