Privacy Policy

Data protection at DEMMEL AG

1. We take data protection seriously

The protection of your privacy when we process your personal data is an important concern for us. When you visit our website, our web servers automatically store the IP of your Internet service provider, the website from which you visit us, the pages which you visit when you are on our website, as well as the date and duration of the visit. This information is essential for the technical transmission of the web pages and for secure server operation. No personalised evaluation of this data is carried out.

If you send us data via the contact form, this data is stored on our servers as part of the data back-up process. Your data will be used by us only to process your request. Your data will also be dealt with in the strictest of confidence. It will not be disclosed to third parties.
 

Controller:

Demmel AG

Grüntenweg 14

D-88175 Scheidegg/GERMANY

 

Telephone: +49 8381 919-00

Fax: +49 8381 919-9191

Registered office of Demmel AG: D-88175 Scheidegg

Local court Kempten, HRB 7632

Legal form: Public limited company (AG)

Authorized board members: Mr. Thomas Fischer, Mrs. Maria Hege, Mr. Markus Kölle.

Applicable law: Law of the Federal Republic of Germany (FRG)

2. Personal data

Personal data is data about your person. This includes your name, address and email address. You do not have to disclose any personal data in order to be able to visit our Internet site. In some cases, we need your name and address as well as further information in order to be able to offer you the requested service.

The same applies if we supply you with information material on request or if we answer your enquiries. In these cases, we will always point this out to you. Furthermore, we store only the data that you have sent to us either automatically or voluntarily.

If you use one of our services, we generally only collect the data that is necessary for us to be able to provide you with our service. We may ask you for further information, although this is only on a voluntary basis. Whenever we process personal data, we do so in order to be able to provide you with our service or to pursue our commercial objectives.
 

3. Automatically stored data

Server log files

The website provider automatically collects and stores information in so-called "server log files", which your browser automatically transmits to us. These are:

  • Date and time of the request
  •  Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Complete IP address of the requesting computer
  • Transferred data volume 

This data is not combined with other data sources. Processing is carried out in accordance with Art. 6 Para. 1 (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. 
This data is temporarily stored by us for reasons of technical security, in particular in order to prevent attempts to attack our web server. It is not possible for us to draw conclusions about specific individuals on the basis of this data. After seven days at the latest, the data is made anonymous by shortening the IP address at the domain level, so that it is no longer possible to establish a reference to the individual user. The data is also processed in anonymous form for statistical purposes; it is not compared with other data stocks or passed on to third parties, even in the form of extracts. Only within the context of our server statistics, which we publish every two years in our activity report, is the number of page views made known. 
 

Cookies

When you visit our Internet pages, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on its hard drive. Only the Internet protocol address is saved during this process – but no personal data. This information, which is stored in the cookies, enables us to recognise you automatically the next time you visit our website, thereby making it easier for you to use our website. The legal basis for the use of cookies is the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

You can of course also visit our Internet pages without accepting cookies. If you do not want your computer to be recognised upon your next visit, you can also refuse the use of cookies by changing the settings in your browser to "Reject cookies". You can find out how to do this in the operating instructions of your browser. However, if you reject the use of cookies, there may be restrictions on the use of some areas of our Internet pages. 
 

Security

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All of our employees and the service providers working for us are obliged to comply with the valid data protection laws.

Whenever we collect and process personal data, it is encrypted before being transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a constant improvement process and our privacy policies are constantly being revised. Please make sure that you have the latest version.

 

4. Affected Rights

You have a right to information, rectification, erasure or restriction of the processing of your stored data, a right of objection to the processing as well as a right to data portability and a right to complain in accordance with the requirements of data protection law.

Right to information:
You can request information from us concerning whether and to what extent we process your data. 

Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we rectify or complete such data at any time. 

Right to erasure:
You can request that we erase your data if we process it unlawfully or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of legally regulated retention obligations.
Irrespective of the exercising of your right to erasure, we will erase your data immediately and completely, unless there is a contractual or legal obligation to retain it.
 

Right to restriction of processing:
You may request that we restrict the processing of your data if

  • you dispute the accuracy of the data, namely for a period of time that enables us to verify the accuracy of the data.
  • the processing of the data is unlawful, but you refuse to have it erased and instead request a restriction on the use of the data, 
  • we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or 
  • you have lodged an objection to the processing of the data.


Right to data portability:
You may request us to provide you with the data you have made available to us in a structured, current and machine-readable format and to allow you to forward this data to another responsible party without our interference, provided that 

  • we process this data on the basis of an agreement which you have submitted and which is revocable or in order to fulfil a contract between us, and 
  • this processing is carried out using automated methods. 

If it is technically feasible, you can ask us to transfer your data directly to another responsible party. 


Right of objection:
If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to any profiling which is based on these provisions. We will then no longer process your data unless we can prove compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. You can object to the processing of your data for the purposes of direct advertising at any time without stating any reasons.  


Right of appeal:
If you are of the opinion that we are infringing German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course you also have the right to contact the supervisory authority which is responsible for you, i.e. the respective State Office for Data Protection Supervision. 
If you wish to assert any of the above rights against us, please contact our Data Protection Officer. In cases of doubt we may request additional information to confirm your identity. 
 

5. Data protection for applications and in the application process

The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents to the controller by electronic means, for example by e-mail or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

6. SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

7. Hosting

Hetzner
We host our website with Hetzner. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner).
Details can be found in Hetzner's privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz.
Hetzner is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.


Order processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
 

8. Fonts

This site uses so-called fonts provided by the following providers for the uniform display of fonts:

Open Sans, Dosis, Moderat-Extended

The fonts are installed locally. There is no connection to the provider's servers.
 

9. Google Analytics 4

We use Google Analytics 4 on our website, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”). In this context, pseudonymous user profiles are created and cookies are used.
The information generated by the cookie about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information on the browser and operating system used) is generally transmitted to Google servers in the USA and processed there.
The use of Google Analytics is based on your consent in accordance with (Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG) in the analysis and optimization of our online offer and the economic operation of this website. Google therefore processes the information on our behalf to evaluate the use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website.
We have concluded an order processing contract with Google for the use of Google Analytics. Through this contract, Google ensures that it processes the data in accordance with the General Data Protection Regulation and guarantees the protection of the rights of the data subject.
The IP address processed by Google Analytics is automatically truncated. The last three digits of your IP address are replaced by a “0”, which prevents them from being assigned.

The data collected may be transferred to third parties if this is required by law or if third parties process the data on our behalf. The user data collected via cookies is automatically deleted after 14 months.

The information generated by the cookies about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is transmitted to Google servers in the USA and processed there. Google relies on the Transatlantic Data Privacy Framework of 10.07.2023 (TADPF) for the transfer of data to recipients based in the USA and, in the case of data transfer to other third countries, on standard contractual clauses approved by the EU Commission as a guarantee of a level of data protection comparable to that in the EU. You can obtain a copy of the standard contractual clauses here [https://policies.google.com/privacy/frameworks?hl=de]. We only transfer data to Google on the basis of your consent.

You can revoke or adjust your consent at any time with effect for the future. Further information on data protection in connection with Google Analytics can be found in the Google Analytics help section (https://support.google.com/analytics/answer/6004245). Information on the use of data by Google can be found in their privacy policy (https://policies.google.com/privacy?hl=de).

 

10. Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When you access Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offers and easy offers and to make it easy to find the places we indicate on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/

You can find more information on the handling of user data in Google's privacy policy: https://policies.google.com/privacy?hl=de.


 

11. Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links:
https://policies.google.com/privacy?hl=de and
https://policies.google.com/terms?hl=de.
 

12. ajax.googleapis.com/ jQuery

We use Ajax and jQuery technologies on this site to optimize loading speeds. In this regard, program libraries are called from Google servers. The CDN (content delivery network) from Google is used. If you have previously used jQuery on another page of the Google CDN, your browser will fall back on the copy stored in the cache. If this is not the case, this will require a download, whereby data from your browser will be sent to Google! Your data will be transferred to the USA. You can find out more on the provider's website.
 

13. Google gstatic

We use the Gstatic service provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, email: support-deutschland@google.com, website: https://www.google.com/ on our website. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.


The legal basis for the processing of personal data is your consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website. Gstatic is a background service used by Google to retrieve static content in order to reduce bandwidth usage and load required catalog files in advance. In particular, the service loads background data for Google Fonts and Google Maps.


As part of order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. You can access the provider's certification under the EU-US Data Privacy Framework at www.dataprivacyframework.gov/list.
You can withdraw your consent at any time. You can find more information on revoking your consent either in the consent itself or at the end of this privacy policy.
Further information on the handling of the transferred data can be found in the provider's privacy policy at policies.google.com/privacy.
The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

 

14. Microsoft 365 Teams

We use the “Microsoft Teams” tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). “Microsoft Teams” is a service of the Microsoft Corporation.

Note: If you access the “Microsoft Teams” website, the provider of “Microsoft Teams” is responsible for data processing. However, accessing the website is only necessary for the use of “Microsoft Teams” in order to download the software for the use of “Microsoft Teams”.

If you do not want to or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” via your browser. The service is then also provided via the Microsoft Teams website.


What data is processed?
Various types of data are processed when you use Microsoft Teams. The scope of the data also depends on the data you provide before or when participating in an online meeting.

The following personal data is processed:

  • IP address
  • User details: e.g. display name, e-mail address if applicable, profile picture (optional), preferred language
  • Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location
  • Text, audio and video data: You may have the option of using the chat function in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting”. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Microsoft Teams” applications.


Scope of the processing
We use “Microsoft Teams” to conduct “online meetings”. If we want to record “online meetings”, we will inform you transparently in advance and - if necessary - ask for your consent.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

Automated decision-making within the meaning of Art. 22 GDPR is not used.


Legal basis for data processing
Insofar as personal data of employees is processed, § 26 BDSG i.V.m. Art. 6 para. 1 lit. b GDPR is the legal basis for data processing.  

If, in connection with the use of Teams, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of Teams, Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. Our interest in these cases is to conduct meetings effectively.

Otherwise, the legal basis for data processing when conducting online meetings is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here, too, we have an interest in the effective conduct of online meetings.

 

Recipients / disclosure of data
Unless intended for disclosure, personal data processed in connection with participation in online meetings will not be passed on to third parties.


Other recipients:
The provider of Microsoft Teams necessarily receives knowledge of the above-mentioned data insofar as this is provided for in our order processing contract with Microsoft.
 

Data processing outside the European Union
“Teams” is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing contract with the provider of “Teams” that meets the requirements of Art. 28 GDPR.

An appropriate level of data protection is guaranteed on the one hand by Microsoft's “DPFP” certification and on the other hand by the conclusion of the so-called EU standard contractual clauses.
 

15. Newsletter: CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter referred to as “CleverReach”). CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) is stored on CleverReach's servers in Germany or Ireland.

Our newsletters sent with CleverReach enable us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. Conversion tracking can also be used to analyze whether a predefined action (e.g. purchase of a product on this website) has taken place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletters can be found at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

Data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

If you do not want CleverReach to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist.
newsletter service provider in a blacklist, if this is necessary to prevent future mailings.
mailings is necessary. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. For more information, please refer to CleverReach's privacy policy at: https://www.cleverreach.com/de/datenschutz/.

We have concluded a data processing agreement (DPA) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
 

16. Changes to this privacy policy

We reserve the right to change our privacy policies if this becomes necessary due to new technologies. Please make sure that you have the latest version. If fundamental changes are carried out to this privacy policy, we announce these on our website.

All interested parties and visitors to our website can reach us concerning questions of data protection at the following address:
 

Mr. Jürgen C. Beer

Project 29 GmbH & Co. KG

Ostengasse 14

93047 Regensburg

 

Phone: 0941 2986930

Fax: 0941 29869316

E-Mail: anfragen@projekt29.de

Internet: www.projekt29.de