Privacy statement

Dear Sir, or Madam,

With this privacy statement we would like to inform you about the processing of your personal data by GMN Paul Müller Industrie GmbH & Co. KG („GMN“) as well as the rights you are entitled to under data protection law. In doing so, we first want to provide you with information in the section “General information”, which applies to all data processed by GMN. In the following section “Internet content of GMN” you will then find more detailed information on selected data processing operations. The next section „Audio/Video conferences“ contains data protection notices to conference systems used by GMN.

 

Tools from companies in the USA are integrated on our website among other things (see 2.4-2.8). Your personal data can be transmitted to US servers of the respective companies if the tools are activated. We would like to point out that the USA are not a safe third country in the sense of the EU data protection law. US companies are obliged to hand over personal data to security agencies without you can take legal action in this matter as affected person. It cannot ruled out that US authorities (e.g. secret services) process, evaluate and store permanently your data located on US servers for monitoring purposes. We have no influence on this processing activities.

1. General information

1.1 Name and contact details of the responsible

Responsible for the processing of your data is:

GMN Paul Müller Industrie GmbH & Co. KG
Äußere Bayreuther Straße 230
90411 Nürnberg

Phone: +49 911 5691-0
Fax: +49 911 5691-221
Mail: info@gmn.de
Internet: www.gmn.de

 

1.2 Name and contact details of the privacy officer

Privacy officer of the data controller is:

GMN Paul Müller Industrie GmbH & Co. KG
Mr. Rainer Förster
Äußere Bayreuther Straße 230
90411 Nürnberg

Phone: +49 911 5691-332
Mail: datenschutz@gmn.de

 

1.3 Processed data categories

The following data in particular belong to the categories of personal data processed:

  • Master data, e.g. first name, last name, function
  • Contact information, e.g. postal address, telephone number(s), mail address

Your personal data are always collected directly from you when you contact us. In some cases, we also collect personal data from publicly available sources (such as the internet, trade fair catalogues).

 

1.4 Processing purposes and legal grounds

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Data Protection Act and all other relevant laws.

The purpose of data processing is to serve customer support and to promote our products as well as to fill vacant positions in our company. These include in particular

  • responding to requests,
  • processing of orders,
  • sending of information material (e.g. flyer, catalogues),
  • contacting in any form, e.g. for consultation or appointment,
  • necessary measures in the course of a job interview, e.g. to send an invitation for a job interview.

Your personal data will be processed

  • if you have consented to processing on the basis of article 6 section 1 sentence 1 lit. a GDPR,
  • due to the implementation of pre-contractual measures (e.g. responding to requests, sending of information material) on the basis of article 6 section 1 sentence 1 lit. b GDPR,
  • due to protect the justified interests of GMN (e.g. running credit checks, inviting for a job interview on the basis of article 6 section 1 sentence 1 lit. f GDPR.

 

1.5 Duration of storage; retention periods

On principle, we store your data for as long as it takes for fulfilling the purposes and the associated measures and services or when we have a justified interest in further storage (e.g. after the fulfilment of a contract, we could still have a justified interest in postal trade fair invitations). In all other cases, we will delete your personal data with the exception of such data that we are obliged to retain for the fulfilment of legal obligations (e.g. as a result of fiscal and commercial retention periods, we are obliged to retain documents such as contracts and invoices for a specific period of time).

 

1.6 Recipients of personal data

1.6.1 Other responsible parties

We will principally only transfer your personal data to other responsible parties insofar as if this is necessary for fulfilling the purposes (see 1.4), we or the third party has a predominantly justified interest in the transfer or if you have given your consent. Third parties can also be subsidiaries or representatives of GMN, also outside the European Economic Area.

Moreover, data can also be transferred to other responsible parties, insofar as we are obligated to do this on the basis of statutory regulations or due to enforceable official or judicial order.

1.6.2 GMN independent recipients outside the EEA

We use on our website from „Google“, USA: Google Tag Manager, Google Analytics, Google Ads with Google Conversation Tracking as well as Google Maps. Furthermore we have videos integrated on our website from „YouTube“, USA. Personal data of users of the website can be processed from Google and YouTube. For more information, please have a look at
2.4 Google Tag Manager,
2.5 Google Analytics,
2.6 Google Ads with Google Conversion Tracking,

2.7 Goggle Maps,
2.8
YouTube videos.

 

1.7 Your rights

Please use the information contained in section “Name and contact details of the privacy officer” (see 1.2) to assert your rights according to articles 15 up to 22 GDPR. Please ensure that an unambiguous identification of your person is possible for us.

1.7.1 Right of information and disclosure (Art. 15 GDPR)

You have the right to obtain information from us concerning the processing of your data. For this purpose, you can enforce a right to information in relation to the personal information that we process from you.

1.7.2 Right of rectification and deletion (Art. 16 and 17 GDPR)

You can demand from us the rectification of false data and – insofar as the legal prerequisites are fulfilled – the completion or deletion of your data.

This does not apply to data which are necessary for invoicing or accounting purposes or are subject to the statutory retention obligation. Insofar as the access to such data is not required, the processing thereof will be restricted (see below).

1.7.3 Restriction of processing (Art. 19 GDPR)

You can demand from us the restriction of the processing of your data insofar as the legal prerequisites are fulfilled.

1.7.4 Data portability (Art. 20 GDPR)

You will continue to have the right to obtain data that you have provided to us transmitted in a structured, conventional and machine-readable form or as far as this is technically feasible, to demand that the data are transmitted to a third party.

1.7.5 Right of objection (Art. 21 GDPR)

a. Case-related right of objection

Insofar as we undertake processing of data on the basis of a predominantly justified interest (article 6 section 1 sentence 1 lit. f GDPR), you have the right to file an objection to this processing, at any time, for reasons resulting from your special situation.

We will then discontinue the processing of your data, unless we can prove, in accordance with the statutory regulations, mandatory reasons worthy of protection for further processing, which outweigh your interests, rights and liberties, or if the further processing serves the assertion, exercising or defending of legal claims.

b. Objection against the processing of data for direct marketing purposes

Furthermore, you can file an objection to the processing of your personal data for commercial purposes at any time (“objection to advertising”). Please take into consideration the fact that there could be an overlapping between your objection and the utilization of your data in the scope of an ongoing campaign.

1.7.6 Rights of revocation

If you have given us your consent to the processing of your data (article 6 section 1 sentence 1 lit. f GDPR), you can revoke this with future effect at any time. This also applies to the revocation of declarations of consent, granted to us prior to the validity of the GDPR, therefore prior to 25. May 2018. The legality of the processing of your data shall remain unaffected unless revoked.

1.7.7 Right to appeal to the supervisory authority

You have the right to submit an appeal to a data protection supervisory authority. For this purpose, you can refer to the data protection supervisory authority, which is competent for your place of residence of federal state or to the data protection supervisory authority which is competent for our group. The data protection supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach
Phone: +49 981 180093-0
Fax: +49 981 180093-800
Mail: poststelle@lda.bayern.de
Internet: www.lda.bayern.de

2. Internet content of GMN

2.1 Processing purposes and legal grounds

We and our delegated service providers process your personal data for the following objectives:

2.1.1 Provision of this website and creation of log files

Whenever you use the Internet, specific information will be automatically transmitted from your Internet browser and stored by us in so-called log files. On the one hand we storing in log files in order to ensure the functionality and optimization of the website and on the other hand we do save the log files for the determination of malfunction and for safety reasons (e.g. for the investigation of attempted attacks) for a short period and delete them afterwards.
If a further retention of log files is required for evidence purposes, these will be exempted from deletion until the final clarification of the respective incident and can be handed over to investigating authorities in individual cases.

The following information in particular is stored in the log files:

  • IP address of the end device of the user
  • Date and time of the access
  • Transferred data volume
  • Target URL of the GMN website
  • Internet browser of the user
  • Return code (web server to the Internet browser)

Legal basis:

Safeguarding of the justified interest of GMN to provide a functional website (article 6 section 1 sentence 1 lit. f GDPR).
Fulfilment of a legal obligation (article 6 section 1 sentence 1 lit. c GDPR) as well as safeguarding of the justified interest of GMN to provide a secure website (article 6 section 1 sentence 1 lit. f GDPR).
Fulfilment of legal obligations, that means to assert legal claims and defence of any legal disputes (article 6 section 1 sentence 1 lit. c GDPR).

2.1.2 In reply to user requests in connecting with a contact form

We process the personal data which has been entered in contact forms from the users in particular to:

  • Responding requests
  • Creating offers
  • Processing of orders
  • Providing of services and/or information

Legal basis:

Consent of the user for data processing for one or more purposes (article 6 section 1 sentence 1 lit. a GDPR) as well as safeguarding of the justified interest of GMN to implement pre-contractual or contractual measures.

2.1.3 Safeguarding and defending our rights

If necessary, we process personal data for safeguarding and defending our trademark and copyright.

Legal basis:

Fulfilment of our legal obligations, that means to assert legal claims and defence of any legal disputes (article 6 section 1 sentence 1 lit. c GDPR).

 

2.2 Service providers

Contracted service providers, e.g. the Internet service provider and the service provider for programming, are carefully selected, in particular with regard to their handling of personal data. All providers are bound to confidentiality and adherence to the legal specifications by us.

 

2.3 Cookies

Basically, you can set your browser to inform you about setting cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for specific cases or in general, and to activate the automatic deletion of cookies when the browser is closed.
The functionality of our website may be restricted when cookies are deactivatede.

We use cookies to optimize our website and make it easy to use. Cookies are unable to execute programs or introduce viruses to your end device. It is distinguished between optional and essential (technically necessary) cookies.

We only use optional cookies for statistics as well as displaying contents of external media if you have given your consent in accordance with article 6 section 1 sentence 1 lit. a GDPR via our cookie banner.

Our website uses the WordPress plug-in “Borlabs Cookie” to record and manage consent and any revocations. If you give your consent to the use of cookies, a cookie will be set (“borlabs cookie”), which will record your consent. We set this technically required cookie on the basis of article 6 section 1 sentence 1 lit. f GDPR to document your consent. If you delete your cookies, we will ask you for your consent again when you visit the page later.

You can withdraw your consent at any time or adjust the selection of cookies by clicking the following link: Cookie settings

 

2.4 Google Tag Manager

Our website uses Google Tag Manager, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The Tag Manager is used to manage the tools and external services we use on our website and allows the use of so-called tags. A tag is a code element that is stored in the source code of the website, for example to control which page or service elements and tools are activated and loaded in which order. The tool triggers other tags, which in turn may collect data and which are further explained in this privacy policy. Some of the data is processed on a Google server in the USA. You can find more information about this in Google’s information about Tag Manager.

Should you have not agreed the use of the appropriate cookie in the Cookie settings, your data will not gathered by Google Tag Manager.

 

2.5 Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Contact person for all matters of concern is according to Google the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google Analytics uses “cookies”, which are text files placed on the computers of the users, to help the website analyse how you use the site.

The information generated by the cookie about the users use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Because of activation of the IP-anonymisation by using the code “anonymizelp”, Google will truncate/anonymise the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On our behalf, provider Google will use this information gained by cookies for the purpose of evaluating the users use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google.

Please find further information about Privacy Police and Terms of Service from Google under https://policies.google.com/?hl=en&gl=en.

Should you have not agreed the use of the appropriate cookie in the Cookie settings, your data will not gathered by Google Analytics.

Furthermore, you may object to these web analytics activities by Google at any time. There are several ways to do this:

  • You can configure your browser to block cookies from Google Analytics.
  • You can adjust your advertising settings on Google.
  • In the browsers Firefox, Internet Explorer and Chrome, you can install the deactivation plug-in provided by Google using the following link (this option does not work on mobile devices): Browser plug-in link

 

2.6 Google Ads with Google Conversion Tracking

We use Google Ads (former times Google Adwords) as Ads customer in order to increase the access to this website or to optimize this website. Google Ads is an online advertising program of the Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“).

Within the framework of Google Ads the so-called Conversion Tracking is used. The conversion tracking cookie is set on your browser only when you click on an ad delivered by Google. Cookies are small text files which are saved on your computer. These cookies expire after 30 days and are not used for personal identification purposes. If the user visits certain pages of our website and the cookie has not yet expired, Google and we can detect that the user has clicked on the advertisement and has been redirected to this page.

Each Ads customer receives a different cookie. Cookies can therefore not be traced via the websites of Ads customers. Information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. Ads customers see the total number of users who clicked on their advertisement and were redirected to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users.

You will find more information about “How Google uses cookies in advertising” (e.g. AdSence, AdWords, Google Analytics) in Google’s data privacy statement: https://policies.google.com/technologies/ads?hl=en.

The use of this tracking tools is based on article 6 section 1 sentence 1 lit. f GDPR. The website provider has a justified interest to analyze of user behaviour to optimize the web offer as well as advertisment.

Should you have not agreed in the Cookie settings Conversation Tracking and therefore the use of the appropriate cookie by “Google Tag Manager & Google Analytics”, your data will not gathered by Conversation Tracking.

 

2.7 Google Maps

This website uses the map service Google Maps via an API. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). In order to use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there.
We as website provider have no influence on this data transmission.

For more information on the handling of user data, please see Google’s data privacy statement: https://policies.google.com/?hl=en&gl=en.

Should you have not agreed the use of the appropriate cookie in the Cookie settings, your data will not gathered by Google Maps.

 

2.8 YouTube videos

On our website are videos integrated from YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA („YouTube“). These are stored on https://www.YouTube.com and can be played directly from our website.

The videos are all integrated in „extended data protection mode“, that means no data of the user are transmitted to YouTube as long as the videos are not played. Only if you play the videos, the player from YouTube integrated on the website establishes a connection to YouTube in order to ensure the technical transfer of the videos. Data are transmitted during the connection to YouTube.
We have no influence on this data transmission.

For information on the purpose and scope of the data collection and further processing by YouTube as well as your rights and settings options related to protecting your privacy, please see Google’s data privacy statement: https://policies.google.com/?hl=en&gl=en.

Should you have not agreed the use of the appropriate cookie in the Cookie settings, your data will not gathered by YouTube.

 

2.9 SSL or TSL encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content such as inquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

 

2.10 External links

Our website can contain links to the websites of third parties − to providers who are not affiliated with us. After you click the link, we no longer have any influence on the processing of any personal data that is transferred to third parties after clicking the link (e.g. the IP address or the URL of the site on which the link is located), as our control of the conduct of third parties is then naturally withdrawn. We assume no responsibility for the processing of this kind of personal data by third parties.

3. Audio/Video conferences

3.1 Name and contact details of the responsible

See 1.1

Please note: If you access the website of “Microsoft” as the provider of “Teams”, Microsoft Corporation is responsible for the data processing. However, you only need to access the website to download the app to use Teams on mobile or desktop devices.

You can use Teams by entering the respective meeting ID and, if necessary, additional access data for the meeting directly in the Teams app.

If you do not want to or cannot use the Teams app, you can also join a conference via an internet browser (preferably Microsoft Edge or Google Chrome).

 

3.2 Name and contact details of the privacy officer

See 1.2

 

3.3 Processed data categories

When using Microsoft Teams, different categories of data are processed. The scope of this data depends, among other things, on the data you provide before or while taking part in a video conference.

The following personal data may be the subject of processing:

  • Authentication data: first name, last name, user name, profile picture
  • Contact data: phone number(s), e-mail address
  • Meeting metadata: subject, description, meeting ID, place, date, time, participant IP addresses, device/hardware information
  • Audio/video data: microphone and camera data are processed for the duration of the meeting if not turned off by the user.
  • Chat/screen data: user-created content is processed, as is the transmitted data during screen sharing.

 

3.4 Processing purposes and legal grounds

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Data Protection Act and all other relevant laws.

The purpose of data processing is to use the communications software “Microsoft Teams” (in short “Teams” for execution of audio/video conferences.

We do not normally make audio or video recordings during such conferences, nor do we log chat content.
However, should we decide to record audio/video conferences, then we will inform you transparently of this and, if necessary, ask for consent. The fact that the conference is being recorded will also be visible to you as a display in the Teams app.
Should it also be necessary to record results of online conferences, then we will log chat content.

Your personal data will be processed

  • for employment-related purposes – hiring decision or after hiring decision to carry out or terminate the employment contract – in accordance with Section 26 BDSG (German Federal Data Protection Act),
  • during the employment relationship for the protection of GMN’s legitimate interests (e.g. to effectively carry out audio/video conferences) in accordance with Art. 6 (1) (1) (f) GDPR,
  • during the customer, prospective customer, supplier relationship in performance of a contract or for the purpose of carrying out pre-contractual measures in accordance with Art. 6 (1) (1) (b) GDPR

3.5 Duration of storage; retention periods

We delete your personal data as a matter of principle when the lawfulness of their processing according to Art. 6 (1) GDPR no longer applies and further storage is therefore no longer required. There may be a requirement in particular if the data is still needed to perform contractual services, e.g. for the examination and granting or defence of warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion is only possible after expiry of the respective retention obligation.

 

3.6 Recipients of personal data

3.6.1 Other responsible parties

We will principally not transfer your personal data to other responsible parties except we are obligated to do this on the basis of statutory regulations or due to enforceable official or judicial order.

3.6.2 Conference participants and third parties

Please note that the very purpose of communicating content in audio/video conferences – as well as face-to-face meeting sessions – is the need to communicate information with customers, prospective customers or third parties and this information is therefore intended to be shared.

3.6.3 Software provider

The provider of Teams obtains knowledge of the above-mentioned data by necessity to the extent provided for under our order processing agreement with Microsoft.

3.6.4 GMN independent recipients outside the EEA

Teams is the software of the US provider Microsoft Corporation. The processing of personal data takes place on servers in the EU. An adequate level of data protection is guaranteed by the use of so-called EU standard contractual clauses.
Data processing outside the European Union (EU) does not generally take place. In the course of support and hosting services from Microsoft the transmission of personal data to the USA can partially take place. Furthermore, we cannot rule out the possibility of data being routed via internet servers located outside the EU. This may occur, for example, if someone taking part in a video conference is located in a third country.
However, the data is encrypted during transmission over the internet and thus protected from unauthorised access by third parties.

Current notice: Due to the ECJ ruling in the Schrems II case, the EU Commission is currently revising the standard contractual clauses. Until the implementation of new clauses, Microsoft Corporation undertakes to ensure the exhaustion of legal remedies for the data subject in order to safeguard the level of data protection and to grant the data subject financial compensation in the event of a breach of the GDPR by disclosing data to a U.S. authority (https://news.microsoft.com/de-de/neue-massnahmen-zum-schutz-von-daten/).

 

3.7 Your rights

See 1.7

4. Change of the privacy statement

We reserve the right to make modifications to our security and data protection measures, insofar as this is necessary due to the technical development.

 

Last revision: 20.04.2021

In these cases, we will also adapt our data protection policy accordingly. Therefore, please note the currently valid version of our privacy statement.