This privacy statement explains the type, scope and purpose of personal-data (hereinafter “data”) processing as part of our services, our website, and affiliated websites, functions, content and external online presences, e.g. our social media profiles (hereinafter collectively known as “website”). We refer to the definitions in Art. 4 of the General Data Protection Act regarding the terms used, such as “processing” or “controller”.
PRUFREX Innovative Power Products GmbH
PRUFREX Engineering e Motion GmbH & Co. KG
Egersdorfer Straße 36
Telephone: +49 9103 7953-0
Fax: +49 9103 7953-55
Authorised representative: Dipl. Ing. Univ. Kurt Müller
Data protection officer:
Kurt Ebert - Ebert & Partner Consulting
Graf-Eberhard Str. 1
Mobile: +49 157 355 62332
Please contact our data protection officer directly if you have any questions about privacy.
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. It covers virtually any type of data handling.
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
In accordance with Art. 13 GDPR, we advise you of the legal bases for our data processing. The following applies to users from the area governed by the General Data Protection Regulation (GDPR), i.e. the EU and EEA, unless the legal basis has been mentioned in the privacy statement:
We take suitable technical and organisational measures to ensure an appropriate level of protection, taking into account technological standards, implementation costs, the type, scope, circumstances and purpose of the processing, and the different likelihood and degree of risk to the rights and freedoms of natural persons.
The measures particularly include protecting the confidentiality, integrity and availability of data by monitoring physical and computer access to the data, data entry, data sharing, availability protection, and data separation. We have also established operations ensuring the protection of data-subject rights, erasure of data, and responses to data threats. Furthermore, we take into account the protection of personal data right from the moment we develop/select hardware, software and processes, in keeping with the principle of data protection, by designing technology accordingly and implementing privacy-friendly default settings.
If, as part of our processing, we disclose data to other persons or companies (processors, joint controllers or third parties), send data to these parties, or otherwise grant them access to the data, this shall only be done on the basis of a legal permission (e.g. if data needs to be sent to third parties, e.g. a payment service provider, in order to fulfil the contract), if the users have consented to this, if a legal obligation stipulates this, or based on our legitimate interests (e.g. when hiring contractors, web hosts etc.).
Insofar as we disclose or send data to other companies within our corporate group, or otherwise grant them access to the data, this is done as a legitimate interest, particularly for administrative purposes, and based on the relevant legal regulations.
In the event that we process data in a third country (i.e. outside the European Union (EU), European Economic Area (EEA) or Switzerland), or data is disclosed/sent to other persons or companies as part of third-party services, this is only done for the purpose of fulfilling our (pre)contractual duties, based on your consent, based on a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we only process or send the data to a third country if the legal requirements have been met, i.e. the data is processed based on special guarantees, such as an officially recognised privacy level complying with EU regulations (e.g. the “Privacy Shield” for the USA) or special, officially recognised contractual obligations.
You are entitled to request confirmation as to whether relevant data is being processed, information about this data, and further details and copies of the data in accordance with the legal regulations.
Under the legal regulations, you are also entitled to request that your data be completed or rectified.
You are similarly entitled to ask for relevant data to be immediately erased, or restricted in terms of their processing.
You are legally entitled to ask to receive the relevant data you have provided to us, and for it to be transmitted to another controller.
You also have the legal right to lodge a complaint with a competent supervisory authority.
“Cookies” is the term used to describe small files stored on users’ computers. They may contain various information. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or even after the user’s visit to a website. Temporary cookies, also known as “session cookies” or “transient cookies”, are cookies that are deleted once a user leaves a website and closes their browser. These sorts of cookies may store things such as the contents of a shopping cart in an online shop or a login status. “Permanent” or “persistent” cookies are cookies that remain stored even after the browser has been closed. For example, the login status may be stored if the users retrieve this after several days. These cookies can also store user interests, which are used for marketing or to measure reach. “Third-party cookies” are cookies that are placed by providers other than the controller running the website (in cases when only the controller’s cookies exist, the term “first-party cookies” is used).
We can use temporary and permanent cookies, and provide information on these as part of our privacy statement.
If users do not want cookies to be stored on their computer, they are asked to disable the relevant option in their browser’s system settings. Stored cookies may be deleted in the browser’s system settings. Disabling cookies may limit the functions of this website.
The data processed by us is erased or restricted in terms of its processing in accordance with the legal regulations. Unless expressly mentioned in this privacy statement, the data stored by us is erased as soon as it is no longer required for the relevant purpose and the erasure is not impeded by any legal storage obligations.
If the data is not erased because it is required for other lawful purposes, its processing will be restricted, i.e. the data will be locked and not processed for other purposes. This applies, for example, to data that needs to be stored for commercial or fiscal reasons.
We also process the
- Contractual data (e.g. contract subject, term, customer category).
- Payment data (e.g. bank details, payment history)
of our customers, interested parties and business partners for the purpose of rendering contractual services, assisting customers, marketing, advertising and market research.
We process our customers’ data as part of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, execution of campaigns and processes/handling, server administration, data analysis/consultancy services, and training services.
This involves us processing inventory data (e.g. basic customer data, such as names or addresses), contact data (e.g. email, telephone numbers), content data (e.g. text, photographs, videos), contractual data (e.g. contract subject, term), payment data (e.g. bank details, payment history), and usage data & metadata (e.g. as part of analysing and rating the success of marketing measures). We do not generally process special categories of personal data unless this is part of contractual processing. The data subjects include our customers, interested parties and their customers, users, website visitors or staff and third parties. The purpose of the processing is to render contractual services, bill these services, and provide customer service. The legal basis for the processing is Art. 6 Para. 1 b GDPR (contractual services), and Art. 6 Para. 1 f GDPR (analysis, statistics, optimisation, security measures). We process data necessary to justify and fulfil contractual services, and expressly cite the need for this data to be provided. It is only disclosed to external parties if this is required as part of a job order. When processing the data provided to us as part of a contract, we follow the client’s instructions and the legal regulations for data processing as per Art. 28 GDPR, and only process the data for the specific contractual purposes.
We erase the data once the legal guarantee and similar duties have elapsed. The need for the data to be stored is reviewed every three years. In the event of legal archiving obligations, the data is erased once these obligations have elapsed (6 J, as per Section 257 Para. 1 of the German Commercial Code (HGB), 10 J, as per Section 147 Para. 1 of the German Tax Code (AO)). In the event data has been disclosed to us by the client as part of a job order, we generally erase the data at the end of the order, as per the order specifications.
We process data as part of administrative tasks, our company’s operational structure, financial accounting and compliance with legal obligations, e.g. archiving. This involves us processing the same data we process when rendering our contractual services. The processing bases are Art. 6 Para. 1 c GDPR, and Art. 6 Para. 1 f GDPR. Customers, interested parties, business partners and website visitors are all subjects of the data processing. The purpose and our interest in the processing lies in administration, financial accounting, office organisation and data archiving, i.e. tasks enabling us to maintain our business operations, perform our work, and render our services. Erasure of the data in relation to contractual services and contractual communication corresponds with the information stated for these processing tasks.
We disclose or send data to the fiscal authority, advisors (e.g. tax advisors or auditors) and other billing centres and payment service providers.
We also store information on suppliers, organisers and other business partners based on our business interests, e.g. to make contact in the future. This largely company-related data is generally stored permanently.
In order to run our business profitably, and identify market trends and the requirements of contractual partners and users, we analyse the data made available to us regarding business processes, contracts, requests etc. We process inventory data, communication data, contractual data, payment data, usage data, and metadata based on Art. 6 Para. 1 f GDPR, with the data subjects including contractual partners, interested parties, customers, visitors and users of our website.
The analyses are conducted for the purpose of business administration analysis, marketing and market research, and enable us to take into account the profiles of the registered users, e.g. with information on the services they use. The analyses help us increase user-friendliness and optimise our service and profitability. The analyses serve us alone, and are not disclosed to external parties unless they are anonymous analyses with pooled readings.
Insofar as these analyses or profiles are personal, they are anonymised or erased when the user terminates the contract; otherwise two years after the contract is concluded. For the rest, the overall business administration analyses and general identified trends are anonymised wherever possible.
We only process the applicant data for the purpose and as part of the application process, in accordance with the legal regulations. The applicant data is processed to fulfil our (pre)contractual obligations during the application process as defined by Art. 6 Para. 1. b GDPR, and Art. 6 Para. 1 f GDPR, insofar as the data processing is necessary for us, e.g. as part of legal procedures (Section 26 of the German Data Protection Act (BDSG) applies additionally in Germany).
The application process requires applicants to send us the applicant data. If we provide an online form, the necessary applicant data is marked, otherwise it comes from the job descriptions and generally includes the information about the person, their postal and contact addresses, and the application documents, such as covering letter, CV and references. Applicants can also voluntarily send us additional information.
By sending us an application, the applicants declare they agree for their data to be processed in accordance with the method and scope outlined in this privacy statement for the purposes of the application process.
If, as part of the application process, special categories of personal data as defined by Art. 9 Para. 1 GDPR are voluntarily advised, these are additionally processed in accordance with Art. 9 Para. 2 b GDPR (e.g. health data, such as severe disability or ethnic origin). If, as part of the application process, special categories of personal data as defined by Art. 9 Para. 1 GDPR are requested from applicants, these are additionally processed in accordance with Art. 9 Para. 2 a GDPR (e.g. health data, if this is necessary to practise a profession).
If provided, applicants may send us their applications via an online form on our website. The data is encrypted and transmitted to us via state-of-the-art technology.
Applicants may similarly send us their applications by email. Please note, however, that emails cannot generally be sent encrypted; applicants will have to encrypt them themselves. We thus cannot accept any responsibility for applications in transit between the sender and our server, and hence advise using an online form or post. Because in addition to online forms and email, applicants may also post their applications to us.
The data provided by the applicants may, in the event of a successful application, be further processed by us for the purposes of the employment contract. Otherwise, if the job application is not successful, the applicants’ data is deleted. It is also deleted if an application is retracted, which applicants are entitled to do at any time.
Subject to a justified retraction by the applicant, the data is deleted after six months, so that we can answer any follow-up questions and fulfil our documentary proof obligations under the German Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.
As part of the application, we give applicants the opportunity to join our “talent pool” for two years, based on consent as defined by Art. 6 Para. 1 a and Art. 7 GDPR.
The application documents in the talent pool are solely processed as part of future job advertisements and recruitment drives, and are destroyed at the end of the two-year period, at the latest. The applicants are informed that their consent to joining the talent pool is voluntary, has no influence over the application process, may be revoked at any time with effect for the future, and that they may object as per Art. 21 GDPR.
Users may create a user account. During registration, the mandatory information is advised to the users and processed based on Art. 6 Para. 1 b GDPR for the purpose of providing the user account. The processed data particularly includes login information (name, password and email address). The data entered as part of the registration is used for the purpose of the user account.
The users may receive email updates on information relating to their user account, such as technical changes. If users have cancelled their user account, their data relating to said account will be erased, subject to a legal storage obligation. It is the users’ responsibility to back-up their data prior to contract termination. We are entitled to permanently erase all user data stored during the contractual term.
We store IP addresses and the time of each user action as part of our registration and login functions and user-account usage. This storage is based on our legitimate interests, and those of the users, in protecting against misuse and other unauthorised usage. This data is not generally shared with third parties, unless it is required in order to pursue our claims, or there is a legal obligation as per Art. 6 Para. 1 c GDPR. The IP addresses are anonymised or erased within 7 days.
If users leave comments or other posts, their IP addresses may be stored for 7 days based on our legitimate interests as defined by Art. 6 Para. 1 f GDPR. This is done to protect us in case someone leaves illegal content in comments or posts (insults, prohibited political propaganda, etc.). In such cases, we may ourselves be prosecuted for the comment or post, so the composer’s identity is of interest to us.
We also reserve the right to process user details based on our legitimate interests as per Art. 6 Para. 1 f GDPR for the purpose of identifying spam.
The personal information, any contact information, website information or content details shared in comments and posts is stored permanently by us until the user objects.
When contacting us (e.g. via contact form, email, telephone or social media), user details are processed in order to handle and address the contact query as per Art. 6 Para. 1 b (for contractual/pre-contractual relationships), and Art. 6 Para. 1 f (for other enquiries) GDPR. The user data may be stored in a Customer Relationship Management System ("CRM System") or similar system.
We erase enquiries once they are no longer required. We review necessity every two years. The legal archiving obligations also apply.
Based on our legitimate interests as defined by Art. 6 Para. 1 f GDPR, we, or our hosting provider, collect(s) data relating to every hit on our server providing this service (so-called “server log files”). The access data includes the name of the retrieved website, file, date and time of access, transferred data quantity, report on successful access, browser type and version, the user’s operating system, referrer URL (the page visited just prior), IP address and the requesting provider.
Log-file information is stored for a maximum for 7 days for security purposes (e.g. to clarify misuse or fraud), and then erased. Data requiring further storage for evidence purposes is exempt from erasure until the respective incident has been definitively clarified.
Google is certified under the Privacy Shield agreement, meaning it guarantees to uphold European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyse users’ usage of our website, compile reports on activities within this website, and render additional services relating to usage of this website and the Internet for us. Pseudonym usage profiles may be created for the users based on the processed data.
We only use Google Analytics with IP anonymisation enabled. This means the users’ IP addresses are shortened by Google within the European Union or other countries in the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA, and then shortened.
The IP address sent by the user’s browser is not combined with other Google data. Users may prevent cookies from being stored by configuring their browser software settings accordingly. They may also prevent Google from recording and processing the data generated by the cookie regarding their website usage by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information on Google’s data usage, settings options and opportunities to object may be found in Google’s privacy statement (https://policies.google.com/technologies/ads) and in Google’s ad settings (https://adssettings.google.com/authenticated).
The users’ personal data is erased or anonymised after 14 months.
Based on our legitimate interests (i.e. an interest in analysing, optimising and profitably running our website as defined by Art. 6 Para. 1 f GDPR), we use the Jetpack plugin (in this case, the “WordPress Stats subfunction), which integrates a tool to statistically analyse user hits and is run by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack uses “cookies” – text files stored on your computer to enable your website usage to be analysed.
The information generated by the cookie in relation to your use of this website is stored on a server in the USA. The processed data may be used to create usage profiles for users, though these are only used for analysis, not advertising, purposes. Further information may be found in the Automattic privacy statements: https://automattic.com/privacy/ and in the statements on Jetpack cookies: https://jetpack.com/support/cookies/.
Based on our legitimate interests (i.e. an interest in analysing, optimising and profitably running our website as defined by Art. 6 Para. 1 f GDPR), we use services or content offered by third-party providers on our website in order to integrate their content and services, e.g. videos or fonts (hereinafter known as “content”).
The third-party providers of this content always need to know the user’s IP address, as they cannot send the content to the user’s browser without it. The IP address is thus required in order to display this content. We endeavour to only use content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use “pixel tags” (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The pixel tags may help analyse information such as user traffic on this website. The pseudonymised information may additionally be stored in cookies on the user’s device, and may contain, among other things, technical information on the browser and operating system, referring websites, time of visit, and other information relating to the use of our website. It may also be combined with similar information from other sources.
We integrate videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement: https://www.google.com/policies/privacy/.
We integrate the maps provided by the “Google Maps” service run by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may particularly include user IP addresses and location data, though this will not be collected without the user’s consent (generally as provided in the settings on their mobile device). The data may be processed in the USA.
Privacy statement: https://www.google.com/policies/privacy/.
Functions and content from the Xing service, provided by XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany, may be integrated into our website. This may include content such as images, videos or texts and buttons enabling users to share this website’s content within Xing. If users are members of the Xing platform, Xing may link the accessing of said content and functions to the users’ Xing profiles. Xing privacy statement: https://privacy.xing.com/de/datenschutzerklaerung.
Functions and content from the LinkedIn service, provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, may be integrated into our website. This may include content such as images, videos or texts and buttons enabling users to share this website’s content within LinkedIn. If users are members of the LinkedIn platform, LinkedIn may link the accessing of said content and functions to the users’ LinkedIn profiles. LinkedIn privacy statement: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield agreement, meaning it guarantees to uphold European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy statement: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.