1. Data protection at a glance
General information
The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.
Data collection on our website
We use the personal data provided by you generally, to answer your enquiries, to process your orders or to afford you access to specific information or services. For the purposes of customer relations management, it may also be necessary for us or a service company contracted by us to use this personal data to notify you of product offers or to conduct online surveys in order to better meet the needs and requirements of our customers. We naturally respect your wishes if you choose not to surrender your personal data to us to support our customer relations activities (in particular for direct marketing or for market research purposes). We will not sell your personal data to third parties or market it in any other way.
We will collect, process and use the personal data you provide online exclusively for the stated purposes. Your personal data will not be disclosed to third parties without your express consent. Personal data is only collected and disclosed to government institutions and authorities that are entitled to information in line with the relevant laws or if we are obliged to do so by a court order. Our employees and the service providers contracted by us are obliged by us to observe confidentiality and to adhere to the provisions of the EU’s General Data Protection Regulation (GDPR).
2. Hosting
This website is hosted by an external service provider (host). Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.
The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user's end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
3. General and mandatory information
3.1 Data protection
The operators of these pages take the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with the statutory data protection provisions and this privacy policy.
Various examples of personal data are collected when you use this website.
Personal data is data with which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It additionally explains how this happens and to what end.
Please bear in mind that online data transmission (e.g. email communication) can entail security vulnerabilities and that data cannot be fully protected against third-party access.
3.2 Information regarding the controller
The data processing controller for this website is:
UBB Umformtechnik GmbH
Im Grund
91593 Burgbernheim
Germany
Email: info@ubb-gmbh.de
3.3 Statutory data protection officer
We have appointed a data protection officer for our company.
DEUDAT GmbH
Marcel Wetzel
Zehntenhofstr. 5b
65201 Wiesbaden
Germany
Phone: +49 611 950008-40
Email: datenschutz@ubb-gmbh.de
3.4 Revoking your consent to data processing
Many data processing procedures are only permissible with your explicit consent. You may revoke the consent you have granted at any time. To do so, you simply need to send us an informal email to this effect.
Your revocation does not affect the lawfulness of the data processing performed prior to the revocation of consent.
3.5 Data subject rights
3.5.1 Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)
If data is processed pursuant to points (e) or (f) of Art. 6 (1) GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you; this equally applies to profiling founded on these provisions. For the legal basis upon which an instance of data processing is founded, please refer to this privacy policy. If you lodge an objection, we shall cease to process your affected personal data unless we can present compelling and legitimate grounds for the data processing which override your interests, rights and liberties or unless the data processing serves the assertion, execution or defense of legal claims (objection pursuant to Art. 21 [1] GDPR).
Where your personal data is processed for direct marketing purposes, you shall have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will subsequently no longer be processed for such direct marketing purposes (objection pursuant to Art. 21 [2] GDPR).
3.5.2 Right to lodge a complaint with the competent supervisory authority
If the GDPR is infringed, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint shall exist without prejudice to any other administrative or judicial remedy.
3.5.3 Right to data portability
You have the right to have data which we process automatically on the basis of your consent or for the performance of an agreement surrendered to you or to a third party in a commonly used and machine-readable format. Insofar as you demand that data be transmitted to another controller, this shall be only affected where technically feasible.
3.5.4 Access, blocking, erasure and rectification
In accordance with the applicable statutory provisions, you have the right to access the personal data saved relating to you, its source and recipients, and the purpose of the processing of this data at any time free of charge, and, if applicable, the right to have this data rectified, blocked or erased. In this regard and should you have any other queries, you may contact us at any time at the address listed in our legal notice.
3.5.5 Right to restriction of processing
You shall have the right to obtain restriction of the processing of your personal data.
In this regard, you may contact us at any time at the address listed in our legal notice. A right to the restriction of processing exists in the following cases:
- If you contest the accuracy of the personal data stored by us, we generally need time to verify its accuracy. You shall have the right to obtain restriction of the processing of your personal data for the duration of this verification process. If the processing of your personal data was/is unlawful, you may demand that its processing be restricted rather than it being erased.
- If we no longer need your personal data, but it is required by you for the exercise, defence or establishment of legal claims, you have the right to obtain restriction of its processing rather than it being erased.
- If you have objected to data processing pursuant to Art. 21 (1) GDPR, your interests must be weighed up against ours. Until it is determined whose interests take precedence, you shall have the right to obtain restriction of the processing of your personal data..
If you have restricted the processing of your personal data, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state.
3.6 Storage duration
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
3.7 Legal basis of processing
If you have given your consent to your personal data being processed for a specific purpose, this processing shall be in accordance with point (a) of Art. 6 (1) GDPR. If you have consented to the storage of cookies or to the access to information in your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25 (1) TTDSG. The consent can be revoked at any time. If such processing is necessary in order to perform or initiate a contract with you, the processing shall be founded on point (b) of Art. 6 (1) GDPR. In a number of cases such as to comply with tax law obligations, we may be subject to a legal obligation to process personal data; in such cases, the legal basis for this is point (c) of Art. 6 (1) GDPR. In rare cases, data may be processed to protect the vital interests of you or of another natural person. In this exceptional case, data shall be processed pursuant to point (d) of Art. 6 (1) GDPR. Finally, data processing may also be founded on point (f) of Art. 6 (1) GDPR. This is the case if data is processed to protect a legitimate interest of the company or of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. It can already be assumed that such a legitimate interest exists if you are a customer of ours. If the processing of personal data is based on point (f) of Art. 6 (1) GDPR, our legitimate interest shall be the execution of our business activities.
3.8 Security
As the data processing controller, we have implemented technical and organisational security measures in accordance with Art. 32 GDPR. These include in particular measures to safeguard the confidentiality, integrity and availability of data. Further, we have put processes in place which guarantee the protection of data subjects’ rights, the erasure of personal data and an immediate reaction to such data being jeopardized. We additionally guarantee the protection of personal data already when developing and selecting hard- and software in accordance with the principles of Art. 25 GDPR. All of our employees and those persons who are involved in data processing are obliged to comply with the General Data Protection Regulation and other data protection legislation and to handle personal data confidentially.
In the event that personal data is collected and processed, the information shall be transmitted in encrypted form in order to prevent the misuse of data by third parties. Our security measures are revised on an ongoing basis in line with technological developments.
Online data transmission can nonetheless entail security vulnerabilities, and as such comprehensive protection cannot be guaranteed.
3.9 Changes to our data privacy rules
We reserve the right to amend our security and data protection measures insofar as is necessary due to technical developments. In such cases, we will also amend our data protection information accordingly. Please therefore refer to the latest version of our privacy policy.
4. Data collection on our website
4.1 Cookies
These web pages occasionally make use of so-called cookies. Cookies will not damage your computer and do not contain any viruses. Cookies serve to make our website more user-friendly, more efficient and more secure. Cookies are small text files which are stored on your computer by your browser.
The majority of the cookies used by us are so-called session cookies. These are automatically deleted at the end of your visit. Other types of cookie remain stored on your terminal until you delete them. These cookies enable us to recognize your browser when you next visit the website.
You can alter your browser settings such that you are notified whenever cookies are to be set so that you can accept cookies on a case-by-case basis, such that the acceptance of cookies is excluded in certain cases or in general or such that cookies are automatically deleted upon the browser being closed. Deactivating cookies may limit the functionality of this website.
Cookies which are necessary for electronic communication processes or for the provision of specific functions requested by you (e.g. shopping cart function) shall be stored in accordance with point (f) of Art. 6 (1) GDPR. The website operator has a legitimate interest in cookies being stored for the technically flawless and optimised provision of its services. If your consent to the storage of the cookies and similar recognition technologies has been requested, processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25 (1) TTDSG); this consent may be revoked at any time.
Insofar as other cookies are stored (e.g. cookies which analyse surfing behaviour), these are addressed separately within this privacy policy.
4.2 Using of ‘Microsoft Teams’ for online Meetings
4.2.1 Purpose of processing
We use the tool ‘Microsoft Teams’ to conduct teleconferences, online meetings, video conferences and/or webinars (hereinafter referred to as: ‘online meetings’). ‘Microsoft Teams’ is a service of the Microsoft Corporation.
4.2.2 Person responsible
The person responsible for data processing in direct connection with the implementation of ‘online meetings’ is UBB Umformtechnik GmbH.
Please note: When you access the ‘Microsoft Teams’ website, the provider of ‘Microsoft Teams’ is responsible for data processing. However, accessing the website is only necessary in order to download the software to use ‘Microsoft Teams’.
If you do not want to or are not able to use the ‘Microsoft Teams’ app, you can also use ‘Microsoft Teams’ via your browser. In this case, the service will then also be provided by the ‘Microsoft Teams’ website.
4.2.3 Which data are processed?
Various types of data are processed when ‘Microsoft Teams’ is used. The scope of the data also depends on the details you provide before or during participation in an ‘online meeting’.
4.2.4 The following personal data are subject to processing:
User details: e.g. display name or email address, profile picture (optional), preferred language
Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location
Text, audio and video data: you may have the option to use the chat function during an ‘online meeting’. The text you submit there will be processed so it can be displayed in the ‘online meeting’. To enable video display and audio playback, the data from the microphone on your end device and any video camera on your end device will be processed for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the ‘Microsoft Teams’ apps.
4.2.5 Scope of processing
We use ‘Microsoft Teams’ to conduct ‘online meetings’. If we want to record ‘online meetings’, we will inform you transparently of this in advance and request consent if necessary.
If it is necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will not normally be the case.
Automated decision-making in the sense of Art. 22 GDPR is not used.
4.2.6 Legal basis of the data processing
If personal data is processed by employees of UBB Umformtechnik, section 26 BDSG (German Federal Data Protection Act) is the legal basis for data processing. If personal data are not necessary for the creation, implementation or termination of the employment relationship in connection with the use of ‘Microsoft Teams’ but are nevertheless an elementary component of the use of ‘Microsoft Teams’, Article 6 (1) (f) GDPR is the legal basis for the data processing. In these cases, our interest lies in the effective implementation of ‘online meetings’.
In addition, the legal basis for data processing in connection with ‘online meetings’ is Art. 6, para. 1 (b) GDPR, insofar as the meetings are held within the framework of contractual relationships.
If no contractual relationship exists, the legal basis is Art. 6 para. 1 (f) GDPR. In this regard, our interest again lies in the effective implementation of ‘online meetings’.
4.2.7 Recipient/forwarding of the data
Personal data processed in connection with participation in ‘online meetings’ are generally not forwarded to third parties unless they are specifically intended to be forwarded. Please note that content from ‘online meetings’, as is the case with in-person meetings, often serves to communicate information to customers, interested parties or third parties and is therefore intended to be forwarded.
Additional recipients: the provider of ‘Microsoft Teams’ necessarily obtains knowledge of the above-mentioned data insofar as this is provided for in our contract processing agreement with ‘Microsoft Teams’.
4.2.8 Data processing outside the European Union
Data processing outside the European Union (EU) does not take place as a matter of principle as we have restricted our storage location to computer centres within the European Union. However, we cannot exclude the possibility that data may be routed via Internet servers located outside the EU. This may in particular be the case if participants in an ‘online meeting’ are situated in a third country.
However, the data are encrypted during transmission via the Internet and are therefore secured against unauthorized access by a third party.
4.3 Children and adolescents
Persons under the age of 16 should not submit personal data to us without the authorisation of a parent or legal guardian. We do not request information from children and adolescents, collect information on them or share information on them with third parties.
4.4 Server log files
The provider of these web pages automatically collects and records information in so-called server log files, which your browser automatically sends to us. This information is:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data shall not be combined with other data sources.
This data shall be collected in accordance with point (f) of Art. 6 (1) GDPR. The website operator has a legitimate interest in the technically flawless presentation and optimisation of its website, and server log files must be logged to this end.
4.5 Enquiries by email, telephone or contact form
If you contact us by email, telephone or contact form, your enquiry and all the personal data obtained (name, enquiry) shall be stored and processed by us for the purposes of handling your enquiry. We do not share this data without your consent.
This data shall be processed in accordance with point (b) of Art. 6 (1) GDPR insofar as your enquiry relates to the performance of a contract or is necessary for the taking of steps prior to entering into a contract. In all other cases, the processing shall be founded on your consent (point [a] of Art. 6 [1] GDPR) and/or on our legitimate interests (point [f] of Art. 6 [1] GDPR), as we have a legitimate interest in the efficient processing of the enquiries addressed to us. The data you submit to us via the contact form remains with us until you request that we erase it, you revoke your consent to its storage or the purpose of storing the data is no longer applicable (e.g. once your enquiry has been fully processed). Compelling legal requirements – in particular statutory retention periods – shall remain unaffected.
4.6 Registration on this website
You have the option to register on this website to be able to use additional website functions. We shall use the data you enter only for the purpose of using the respective offer or service you have registered for. The required information we request at the time of registration must be entered in full. Otherwise, we shall reject the registration.
To notify you of any important changes to the scope of our portfolio or in the event of technical modifications, we shall use the e-mail address provided during the registration process.
We shall process the data entered during the registration process on the basis of your consent (Art. 6(1)(a) GDPR).
The data recorded during the registration process shall be stored by us as long as you are registered on this website. Subsequently, such data shall be deleted. This shall be without prejudice to mandatory statutory retention obligations.
4.7 Processing of data (customer and contractual data)
We collect, process and use personal data only insofar as it is needed in order to initiate, elaborate or modify the legal relationship (inventory data). This occurs on the basis of point (b) of Art. 6 (1) GDPR, which allows for the processing of data for the performance of a contract or to take steps prior to entering into a contract. We collect, process and use personal data regarding the use of our web pages (usage data) only insofar as this is necessary in order to enable the user to use the service or to bill the user for said service.
The customer data collected shall be erased upon conclusion of the order or termination of the business relations. The statutory retention periods shall remain unaffected.
4.8 Data transmission upon conclusion of a contract for online shops, merchants and goods dispatch
We share personal data with third parties only if this is necessary for the purpose of contract processing, for example with the companies commissioned with the delivery of goods or with the bank commissioned with payment processing. Your data shall not be shared otherwise or shall only be shared otherwise if you have explicitly given your consent to this. Your data shall not be shared with third parties for, for example, advertising purposes without your explicit consent.
The data processing shall occur on the basis of point (b) of Art. 6 (1) GDPR, which allows for the processing of data for the performance of a contract or to take steps prior to entering into a contract.
To dispatch your order, we share your postal address and, if applicable, your email address and telephone number with the logistics company commissioned with delivery for the purposes of delivery coordination.
Some products are delivered to you directly by the manufacturer. In this instance, we share your address details with the manufacturer for the delivery of your ordered goods.
4.9 Data transmission upon conclusion of a contract for services and digital content
We share personal data with third parties only if this is necessary for the purpose of contract processing, for example with the bank commissioned with payment processing.
Your data shall not be shared otherwise or shall only be shared otherwise if you have explicitly given your consent to this. Your data shall not be shared with third parties for, for example, advertising purposes without your explicit consent.
The data processing shall occur on the basis of point (b) of Art. 6 (1) GDPR, which allows for the processing of data for the performance of a contract or to take steps prior to entering into a contract.
In order for us to be able to provide services in advance (payment on account, instalments etc.), we have to protect our legitimate interests and ensure that the use of this type of payment method does not lead to misuse and that consumers are not placed under excessive financial pressure. Our company is therefore connected to a credit reference agency’s credit quality warning system in order to protect itself against default due to inability to pay, misuse through unwillingness to pay and the filing of improper claims by third parties. Before and during any contractual relationship in which we provide our consideration in advance, we have a credit reference agency carry out a credit check on every customer in the form of a credit scoring procedure based on mathematical and statistical methods within the meaning of Art. 22 GDPR. In line with Art. 22 GDPR, your address data alone does not form the basis of the calculated probability – your credit quality – but rather also your particulars (first name and surname) and personal data concerning your payment history.
The data is collected exclusively in order to determine a statistical risk in terms of your ability and willingness to meet financial obligations in future as well as the likelihood of default. In this way, you enable us to make a sufficiently sound decision as to whether to provide you with the contractual consideration in advance and whether we will be able to sustain it. In order for the credit reference agency to carry out such a credit check, we provide it with your particulars (first name and surname) as well as your address data. You can object to the disclosure of your data to the credit reference agency at any time and in any format. In this case, however, the payment options available to you will be limited to payment in advance. We will no longer be able to perform the contract in advance and will potentially have to discontinue any ongoing performance.
5. Social media
5.1 Data processing through social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.
5.2 Legal basis
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).
5.3 Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
5.4 Storage time
The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.
We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).
5.5 Individual social networks
We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook’s statement the collected data will also be transferred to the USA and to other third-party countries.
We have signed an agreement with Facebook on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Facebook are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can customize your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/.
We have a profile on XING. The provider is New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany. Details on their handling of your personal data can be found in the XING Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.
We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For details on how they handle your personal information, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in the YouTube privacy policy: https://policies.google.com/privacy?hl=en.
6. Analytics tools and advertising
6.1 Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. Google may consolidate these data in a profile that is allocated to the respective user or the user’s device.
Google Analytics uses technologies that make the recognition of the user for the purpose of analysing the user behaviour patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.
IP anonymization
On this website, we have activated the IP anonymization function. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyse your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.
Browser plug-in
You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.
Contract data processing
We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.
Archiving period
Data on the user or incident level stored by Google linked to cookies, user IDs or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 months. For details, please click the following link: https://support.google.com/analytics/answer/7667196?hl=en.
6.2 Google Ads
The website operator uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g., location data and interests; target group targeting). As the website operator, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.
6.3 Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If the relevant consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.
6.4 Meta Pixel (formerly Facebook Pixel)
To measure conversion rates, this website uses the visitor activity pixel of Facebook/Meta. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.
This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.
For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Facebook archives the information and processes it, so that it is possible to make a connection to the respective user profile and Facebook is in a position to use the data for its own promotional purposes in compliance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/). This enables Facebook to display ads on Facebook pages as well as in locations outside of Facebook. We as the operator of this website have no control over the use of such data.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
In Facebook’s Data Privacy Policies, you will find additional information about the protection of your privacy at: https://www.facebook.com/about/privacy/.
You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you first have to log into Facebook.
If you do not have a Facebook account, you can deactivate any user-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.
7. Newsletter
Newsletter data
If you wish to receive the newsletter offered on the website, you are required to provide us with an email address and with information that authorises us to verify that you are the owner of the email address provided and consent to being sent the newsletter. No other data is collected or is collected on a voluntary basis only.
The data provided in the newsletter subscription form is processed exclusively on the basis of your consent (point [a] of Art. 6 [1] GDPR). You may revoke your consent to your data and email address being recorded and to your data being used to distribute the newsletter at any time, for example by using the ‘Unsubscribe’ link in the newsletter. Your revocation does not affect the lawfulness of the data processing performed prior to the revocation of consent.
The data you submit to us in order to receive the newsletter is stored by us until you are removed from the newsletter mailing list and is deleted following cancellation of your newsletter subscription. This shall not affect data which we store for other purposes.
This website uses “Optimizely” for the sending of newsletters. The provider is the Episerver GmbH, Wallstrasse 16, 10179 Berlin, Germany.
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
8. Plug-ins and tools
8.1 YouTube
Our website uses YouTube plug-ins operated by Google. The operator is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
If you visit one of our pages featuring a YouTube plug-in, a connection is established with the YouTube servers. The YouTube server is notified which of our pages you have visited.
YouTube can additionally store various cookies on your terminal, which it uses to obtain information regarding visitors to our website. This information is used among other things to record video statistics, improve user-friendliness and prevent attempted fraud. The cookies remain on your terminal until you delete them.
If you are logged into your YouTube account, you allow YouTube to associate your surfing patterns directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interests of the attractive presentation of our online services.
This is a legitimate interest within the meaning of point (f) of Art. 6 (1) GDPR.
More information on how user data is used can be found in the YouTube privacy policy at: https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.
8.2 SurveyMonkey
For individual surveys, we use the SurveyMonkey web service (SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland) to create and evaluate online surveys. Participation is voluntary. The legal basis is your consent in accordance with Article 6 (1) (a) of the GDPR.
SurveyMonkey collects information about the device and application you use to take the survey. This includes the IP address, the version of your operating system, the device type as well as information about the system and performance and the browser type. If you take the survey from a mobile device, SurveyMonkey also collects the device's UUID. SurveyMonkey also uses so-called tracking services from third-party providers, which in turn use cookies and page tags to collect usage data and user statistics. We have no influence on the extent of the data collected by SurveyMonkey.
Further information on the cookies used by SurveyMonkey, data protection and storage duration can be found under the following link: https://www.surveymonkey.com/mp/legal/privacy/.
As a participant in a survey, you can contact us at any time and ask for the deletion of your survey data, including personal data, if collected. Subsequent correction of individual answers after submitting the survey is not possible.
8.3 Google Maps
This website uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. In case Google Maps has been activated, Google has the option to use Google web fonts for the purpose of the uniform depiction of fonts. When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly display text and fonts.
We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6(1)(f) GDPR. If a respective declaration of consent has been obtained, the data shall be processed exclusively on the basis of Art. 6(1)(a) GDPR. This declaration of consent may be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.
8.4 Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyses the behaviour of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.
reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.
Data are stored and analysed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If a respective declaration of consent has been obtained, the data will be processed exclusively on the basis of Art. 6(1)(a) GDPR. Any such consent may be revoked at any time.
For more information about Google reCAPTCHA please refer to the Google Data Privacy Declaration and Terms Of Use under the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.
9. Own services
9.1 Applications
We offer you the opportunity to apply for a position with us, for example by email, by post or via an online application form. Here, we will outline the scope, purpose and use of the personal data we collect in the course of the application process. We offer our assurance that your data is collected, processed and used in accordance with the applicable data protection laws and all other legal provisions and that your data is handled in the strictest confidence.
9.2 Scope and purpose of data collection
If you apply to us, we process the personal data this entails (e.g. contact and communication data, application documents, notes made during job interviews, etc.) insofar as this is necessary to reach a decision regarding justifying the employment relationship. The legal basis for this is Section 26 of Germany’s revised Federal Data Protection Act (BDSG) (initiation of an employment relationship), point (b) of Art. 6 (1) GDPR (general initiation of a contract) and – insofar as you have granted your consent – point (a) of Art. 6 (1) GDPR. You may revoke your consent at any time. Your personal data shall be shared only with persons within our company who are involved in processing your application.
Insofar as your application is successful, the data submitted by you shall be stored in our data processing system for the purposes of executing the employment relationship on the basis of Section 26 BDSG as revised and point (b) of Art. 6 (1) GDPR.
9.3 Duration of data retention
If we are unable to offer you a position, you reject an offer of employment, withdraw your application, revoke your consent to data processing or request that we erase your data, the data transmitted by you including, if applicable, any remaining physical application documents shall be stored/retained for a maximum of 6 months following conclusion of the recruitment process (retention period) in order that we can track the details of the application process in the event of disagreements (point [f] of Art. 6 [1] GDPR).
You may object to this data storage insofar as you have legitimate interests which override our legitimate interests.
9.4. Individual Services
MHM eRecruiting
In addition, the application platform "MHM eRecruiting" of the provider MHM HR // MHM-Systemhaus GmbH (hereinafter "MHM"), Presselstrasse 25a, 70191 Stuttgart, is integrated on our website. As soon as you click on the "Careers" button on our website, your browser will redirect you to the MHM servers, which UBB Umformtechnik uses to publish its job advertisements. You can find more information on the handling of your personal data in MHM's data privacy policy: https://www.mhm-hr.com/informationspflicht, https://www.mhm-hr.com/datenschutzerklaerung.
In addition, we have concluded an order processing contract with MHM in accordance with Art. 28 GDPR.
JobAgent
So that you do not miss any career opportunities, you can subscribe to suitable job offers via our JobAgent. We process the information you provide us with your consent exclusively for the stated purpose and you can unsubscribe from JobAgent emails and services at any time.
The legal basis for receiving the newsletter is the consent you have given in accordance with Article 6 Para. 1 a) GDPR. You can revoke your consent at any time by clicking the unsubscribe button in the newsletter.
Correct as at: 02 / 2024