Privacy policy

We take the protection and security of your (hereinafter “user” or “you”) personal data (hereinafter “pd”) as defined by Art. 4 no. 1 General Data Protection Regulation (hereinafter “GDPR”) seriously. Consequently, we comply with the statutory provisions to ensure adequate protection of the pd of every single user. We would like to inform you hereinafter about the nature, scope and purpose of the processing of pd:

GTP Schäfer Giesstechnische Produkte GmbH (hereinafter “GTP Schäfer” or “we”) processes pd exclusively within the limits of the applicable data protection regulations.

In this Privacy Policy (hereinafter “PP“), we provide you with information according to Art. 13 GDPR regarding the use of the website gtp-schaefer.com including its sub-pages. First of all, we are going to explain to you who is the responsible body (hereinafter “controller”) and who is the data protection officer; after that, broken down by the different modes of access in the different areas of the website, we provide you with information on the types of pd, the purposes of the processing and the legal basis for the processing, the recipients, if any, and legitimate interests, if any, and the periods until erasure of the pd and with supplementary information, where required. Finally, at the end of this Privacy Policy, we explain to you the rights to which you are entitled.

 

1. Contact data of the controller (Art. 13 subs. 1 a) GDPR)
The controller responsible for the operation of the website and all sub-pages and for the handling of pd that is processed in this context is GTP Schäfer Giesstechnische Produkte GmbH, Benzstraße 15, 41515 Grevenbroich, Germany, managing director with the power to represent the company: Jörg Schäfer, telephone: +49 2181 233 940.

2. Contact data of the data protection officer (Art. 13 subs. 1 b) GDPR)
Our data protection officer is Mr. Georg Baumann, c/o LLR DSC GmbH, Mevissenstraße 15, 50668 Cologne, Germany, email address: baumann@llrdsc.de.

3. Website access, use of the search function on the website and download of freely accessible documents

a) Types of personal data: Every time a user accesses the website or uses the search function or downloads documents in the freely accessible area of the website, the following log files of the respective user are collected automatically: Information on the browser type and the browser version used, operating system of the user and type of terminal used, address of the website visited before (referrer), requested file and/or website, anonymized IP address of the user, exact time of access.

b) Purposes of the processing (Art. 13 subs. 1 c) GDPR): The log files are processed to ensure proper functioning of the website, enable download and/or answer your search request. Moreover, the data serves to ensure the security of the information technology systems under which the website is operated. The data is not analysed for marketing purposes or any other purposes.

c) Legal basis for the processing, legitimate interests (Art. 13 subs. 1 c) and d) GDPR): The legal basis for the processing of the log files data is Art. 6 subs. 1 f) GDPR, which means that the processing is based on legitimate interests of GTP Schäfer. These legitimate interests consist in the possibility to offer you user-friendly web services including the download of documents.

d) Recipients/Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The data is not transferred to third parties (Art. 4 no. 10 GDPR). All data is processed on computers within the European Union. The website hoster only processes pd on behalf. The pd is not transferred to a third country and there is no intention to do so either. Transfer of pd to government bodies or authorities is made only within the limits of the law.

e) Periods until erasure (Art. 13 subs. 2 a) GDPR): The data is erased as soon as you have terminated your visit of our website at the latest, i.e. as soon as the browser on your computer is closed. The technical settings are such that the data on the server (log files) is erased regularly every eight weeks

4. Download in the not freely accessible area/White paper

a) Types of personal data: In the case of a download of documents that are subject to access authorization by way of data retrieval, the following data is requested: (i) email address as mandatory information (ii) company name, first name and last name and telephone number as voluntary information.

b) Purposes of the processing (Art. 13 subs. 1 c) GDPR): The processing of the mandatory information enables transmission of the link which redirects the user to the download. The data is not analysed for marketing purposes or any other purposes.

c) The legal basis for the processing (Art. 13 subs. 1 c) and d) GDPR): The legal basis for the data processing is the consent given by the user, Art. 6 subs. 1 a) GDPR.

d) Recipients/ Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The data is not transferred to third parties (Art. 4 no. 10 GDPR). All data is processed on computers within the European Union. The website hoster only processes pd on behalf. The pd is not transferred to a third country and there is no intention to do so either. Transfer of pd to government bodies or authorities is made only within the limits of the law.

e) Periods until erasure (Art. 13 subs. 2 a) GDPR): The data is erased after expiry of six months at the latest.

5. Use of the contact form

The user, before he/she uses the contact form (transmission of the completed form available on the sub-page), must consent to the processing of the pd disclosed in connection with the use of the contact form according to the following provisions by actively placing a check mark, otherwise the completed form cannot be sent. As to your right to withdraw the consent at any time: see sec. 10.

a) Types of personal data: Name and email address (if and to the extent the latter allows to deduce therefrom information relating to an individual).

b) Purposes of the processing (Art. 13 subs. 1 c) GDPR): The purpose of the processing is to answer the user’s request and, subsequently, perhaps the initiation (taking steps prior to entering into a business relationship), the establishment and performance of a business relationship, depending on the kind of request made from time to time.

c) Legal basis for the processing (Art. 13 subs. 1 c) GDPR): The legal basis for the processing is Art. 6 subs. 1 a) GDPR, i.e. the consent given and, depending on the further course of communication, Art. 6 subs. 1 b) GDPR for the initiation (taking steps prior to entering into a business relationship) and performance of a business relationship;

d) Recipients/Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The user data is not transferred to third parties (Art. 4 no. 10 GDPR) unless the user has explicitly requested such transfer in his/her request and the consent specifically refers to such transfer. All data is processed on computers within the European Union. The pd is not transferred to a third country and there is no intention to do so either. Transfer of pd to government bodies or authorities is made only within the limits of the law.

e) Periods until erasure (Art. 13 subs. 2 a) GDPR): The data is erased upon expiry of twelve months from the time when the request was answered resp. settled (we know by experience and in consideration of the types of products we offer that this is the typical request-answer cycle on the part of the user in the case of potential orders for work performance or other requests relating to our products) unless the specific nature of the request requires different handling (e.g. rendering of advice) or the consent is withdrawn at an earlier point in time. Where the request leads to a contractual relationship or prepares such a contractual relationship, the data will be erased in accordance with the statutory provisions, that is no later than after expiry of six months from the termination of the contractual or precontractual relationship unless Art. 17 subs. 3 GDPR applies, namely in particular where legal obligations to retain the data must be complied with and/or the data is necessary for the establishment, exercise or defence of or against legal claims.

6. Contact by email via the email addresses of GTP Schäfer stated on the website

We offer you the possibility at different points on our website where the applicable email addresses are stated to contact us directly by email.

a) Types of personal data: The types of pd comprise the email address, log files containing information on the quality and attributes of the email and the time of receipt as well as all pd which the sender may have disclosed in his/her email.

b) Purposes of the processing (Art. 13 subs. 1 c) GDPR): The purpose of the processing is to answer the user’s request, and, subsequently, perhaps the initiation (taking steps prior to entering into a business relationship), the establishment and performance of a business relationship, depending of the kind of request made from time to time.

c) Legal basis for the processing (Art. 13 subs. 1 c) GDPR): The legal basis for the processing of the data which the user transfers to us in the context of an email transmission is Art. 6 subs. 1 f) GDPR if the sender is not our customer yet or does not otherwise maintain or initiate a business relationship with us. If there is already a contractual relationship with the user or such a relationship is intended to be established on the sender’s initiative, the legal basis for the processing is Art. 6 subs. 1 b) GDPR.

d) Legitimate interests in the case of processing based on Art. 6 subs. 1 f) GDPR (Art. 13 subs. 1 d) GDPR): Our legitimate interests consist in informing you and answering your request, or, as the case may be, in entering into a business relationship with you where this is part of your request.

e) Recipients/Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The data is not transferred to third parties (Art. 4 no. 10 GDPR) unless the user has explicitly consented to the transfer. All emails are processed on computers within the European Union, and we have concluded with the email hoster a contract for data processing on behalf according to Art. 28 GDPR. The data is not transferred to a third country and there is no intention to do so either. Transfer of pd to government bodies or authorities is made only within the limits of the law.

f) Periods until erasure (Art. 13 subs. 2 a) GDPR): The data is erased upon expiry of twelve months from the time when the request was settled in technical respect (we know by experience and in consideration of the types of products we offer that this is the typical request-answer cycle on the part of the user in the case of potential orders for work performance or other requests relating to our products) unless the specific nature of the request requires different handling (e.g. rendering of advice). Where the request leads to a contractual relationship or prepares such a contractual relationship, the data will be erased in accordance with the statutory provisions when the desired contractual or precontractual relationship has been terminated, that is after expiry of six months from the termination of the said relationship unless Art. 17 subs. 3 GDPR applies, namely in particular where legal obligations to retain the data must be complied with and/or the data is necessary for the establishment, exercise or defence of or against legal claims.

7. Transfer of application documents
We offer you the possibility to file an application for our vacancies by email under www.gtp-schaefer/careers.

a) Types of personal data: The types of pd comprise the email address including the logging of the email on our computers as well as all pd contained in your email that pertain to your application, e.g. title, last name, first name, details from the curriculum vitae, references/ certificates or the like.

b) Purposes of the processing (Art. 13 subs. 1 c) GDPR): The purpose of the processing is to select applicants and possibly establish an employment relationship with them.

c) Legal basis for the processing (Art. 13 subs. 1 c) GDPR): The legal basis for the processing is § 26 BDSG (German Federal Data Protection Act) and, as the case may be, Art. 6 subs. 1 b) GDPR (e.g. in the case of an application for freelance work).

d) Recipients/Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The data is not transferred to third parties (Art. 4 no. 10 GDPR). All emails are processed on computers within the European Union, and we have concluded with the email hoster a contract for data processing on behalf according to Art. 28 GDPR. The data is not transferred to a third country and there is no intention to do so either. Transfer of pd to government bodies or authorities is made only within the limits of the law.

e) Periods until erasure (Art. 13 subs. 2 a) GDPR): The data is erased within three months from the termination of the application procedure (decision on whether or not your application is accepted) unless (i) the application was successful and the entire application documents are added to the personnel file (§ 26 BDSG – German Federal Data Protection Act), (ii) you as the applicant have explicitly consented that your data is entered in a talents pool for a certain period of time (after expiry of which the data will be erased) and/or (iii) Art. 17 subs. 3 GDPR applies, in particular where legal obligations to retain the data must be complied with and/or the data is necessary for the establishment, exercise or defence of or against legal claims

8. Newsletter

You may subscribe to our gratuitous newsletter.

a) Types of personal data: The types of pd collected and processed comprise the email address and the IP address which is collected in the context of the subscription process.

b) Purposes of the processing (Art. 13 subs. 1 c) GDPR): The purpose of the processing is to send the user the newsletter he/she has subscribed to.

c) Legal basis for the processing (Art. 13 subs. 1 c) GDPR): The legal basis for the processing of the data after the user has subscribed to the newsletter is the user’s consent which must be declared by clicking the appropriate checkbox, Art. 6 subs. 1 a) GDPR.

d) Recipients/Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The data is not transferred to third parties (Art. 4 no. 10 GDPR) unless the user has given his/her explicit consent to the transfer. All data is processed on computers within the European Union. The website hoster only processes pd on behalf. The data is not transferred to a third country and there is no intention to do so either. Transfer of pd to government bodies or authorities is made only within the limits of the law.

e) Periods until erasure (Art. 13 subs. 2 a) GDPR): The email address is erased as soon as the user unsubscribes or otherwise withdraws his/her consent.

 

9. Use of cookies and analysis tools, social media

a) Cookies

GTP Schäfer uses so-called “cookies“. Cookies are small text files which store website settings when the website is used, e.g. in the web browser of the user. The cookies are intended to render the use of the website easier. GTP Schäfer only uses so-called session ID cookies and, for the purposes of the white paper download, a “no-survey-main” cookie.

The session ID cookies are only stored in the user’s web browser for the duration of the relevant session and are deleted automatically when the browser is closed. The “no-survey-main” cookie is deleted after 14 days. Every user is free to set his/her browser to prevent the installation of cookies. However, in this case, the user might be prevented from using all features and functions of the website without restrictions.

b) Google Analytics

In addition, GTP Schäfer uses Google Analytics which is a web analysis service provided by Google Inc. (”Google”). Google Analytics also uses cookies (see above) which enable us to analyse how you use the website. The information generated by the cookie about how you use this website is transferred to a Google server in the USA and stored there. If IP anonymization is activated on this website, the user’s IP address is shortened by Google within the European Union Member States or other countries party to the Agreement on the European Economic Area before it is transferred to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and only shortened there.

Google, acting on instruction and on behalf of GTP Schäfer, uses this information to analyse how you use the website, compile reports on the website activities and render further services to GTP Schäfer relating to the use of the website and the use of the Internet. The IP address which is transferred by the user’s browser in the context of Google Analytics is not combined or pooled with other data of Google. The user can set his/her browser software to prevent the storage of cookies.

The user can also prevent the collection and transfer to Google of the data generated by the cookie about the use of the website (including the user’s IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on data protection in the context of Google Analytics is available for instance from the Google Analytics support

(https://support.google.com/analytics/answer/6004245?hl=de).

c) Google Font

On our website, we use Google Fonts which is a service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Fonts is used without authentication and no cookies are sent to the Google Fonts API. If the user has a Google account, none of his/her Google account data will be transmitted to Google while Google Fonts is being used. Google only records the use of CSS and the fonts used and securely stores this data. We use Google Web Fonts to ensure uniform and attractive presentation of our online services. This is a legitimate interest in terms of Art. 6 subs. 1 f) GDPR. For such purpose, the browser used by the user must connect to the Google servers. That is how Google is informed that our website was accessed from the user’s IP address.

If your browser does not support Web Fonts, your computer will use a standard font.

Information about which data is collected by Google and for which purposes the data is used is made available to the user at: https://www.google.com/intl/de/policies/privacy/

d) MyFonts

On our website, we use fonts which are provided by MyFonts Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA. When a user accesses the website, also data from a MyFonts server may be retrieved which at least enables MyFonts to become aware of the user’s IP address. Thereby, MyFonts is informed, among other things, that the user has retrieved the font via our website and also obtains cognizance of some technical information relating to the browser because almost every web browser automatically transmits this data to the server in any case of retrieval. MyFonts requires the transmitted information, especially the IP address, to make the retrieved contents available. Further information on data protection in the context of MyFonts is available under the following link:

https://monotype.com/legal/privacy-policy/

e) Vimeo

Videos from the video portal platform “Vimeo” are embedded in our website. The provider is Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. Every time the user clicks a video, a direct connection is established between the user’s browser and a server of Vimeo in the USA. On this occasion, information about the user’s visit to the website and the user’s IP address is stored there.

If the user has a Vimeo user account and does not want Vimeo to collect data relating to him/her via our website and combine such data with his/her membership data stored by Vimeo, the user must log out of Vimeo before he/she clicks the video on our website.

Further information on data processing and data protection by Vimeo is available at: https://vimeo.com/privacy.

f) Google Maps

In addition, we use plug-ins for the services of “Google Maps” which is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043. When the user accesses the website, information is transmitted to the server about which website the user has visited. In addition, Google stores the IP address of the browser of the user’s terminal. Further information is contained in the data protection information provided by Google which is available under the following link:

www.google.com/policies/privacy/

 

10. Rights of the user (Art. 13 subs. 2 b) – e), Art. 7 subs. 3 GDPR)

The user, subject to the statutory conditions being fulfilled, has the right at any time to request information which data relating to him or her we have stored, Art. 15 GDPR, as well as the right to rectification of this data, Art. 16 GDPR, the right to restriction of the processing, Art. 18 GDPR, and the right to erasure of his or her data, Art. 17 GDPR.

If the user has asserted a right to rectification, erasure or restriction of the processing against GTP Schäfer, GTP Schäfer will communicate any such rectification or erasure of data or restriction of processing to each recipient to whom the relevant pd has been disclosed, unless this proves impossible or involves disproportionate effort.

Moreover, the user has the right to withdraw any consent he/ she has given (Art. 7, Art. 6 subs. 1 a) GDPR), see Art. 7 subs. 3 GDPR. The withdrawal of consent does however not affect the lawfulness of processing based on consent before its withdrawal.

In addition, the user has the right to object, on grounds relating to his or her particular situation, at any time to the processing of pd concerning him or her which is based on Art. 6 subs. 1 e) or f) GDPR, see Art. 21 GDPR.

Moreover, the user has the right to receive the pd concerning him or her which he or she has provided to GTP Schäfer in a structured, commonly used and machine-readable format provided that the statutory conditions are fulfilled (right to data portability, Art. 20 GDPR)

If the user wants to exercise any of the aforesaid rights, he/she must contact the bodies/ persons designated in sec. 1 or 2.

Apart from that, the user has the right to lodge a complaint with a supervisory authority provided that the statutory conditions are fulfilled, see Art. 77 GDPR.