We are delighted that you are visiting our website. Your privacy and, by association, protection of your personal data are important to us. This is why our business operations comply with the applicable legal regulations relating to data protection and data security. We are very keen to ensure that you feel safe visiting our website. This is why both we and our data protection officer ensure compliance with the stipulations under data protection legislation.
We are aware of the significance of the data you entrust us with and would like to inform you of the following:
- the purposes for which your (personal) data is collected, processed and used,
- how we handle and protect your data,
- who we provide your data to, and
- how you can exercise your rights.
In simplified terms, “processing” under the terms of Art. 28 of the General Data Protection Regulation (GDPR) is understood to mean a service where personal data is collected, processed and/or used by a service provider (processor according to the GDPR) on the behalf of and under the instruction of the “controller”. Before an order such as this is placed with a service provider, we conclude a special contract with the service provider and implement other measures to protect your personal data.
“Cookies” are small text files which are stored on your terminal device (e.g. computer or smartphone) and save certain settings and data concerning exchange with our system through your browser. A cookie usually contains the name of the visited web page from which the cookie data was sent, information about how old the cookie is, and an alphanumerical ID. Cookies enable the systems to recognise the user’s device and make any default settings immediately available.
A third party is any natural or legal person or agency other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process personal data, cf. Art. 4, Para. 10 of the GDPR. A person is not, therefore, considered a third party if, for example, personal data is disclosed to a service provider during the course of processing according to Art. 28 of the GDPR.
IP addresses are numerical sequences which can be assigned to individual IT devices or a group. In a similar way to postal addresses, the IP is used to be able to assign data to the correct recipient.
“Personal data” is understood to mean all information which relates to an identified or identifiable natural person, particularly their first name and surname, date of birth, email address, postal address, and bank and payment details, as well as health data, cf. Art. 4, Para. 1 of the GDPR.
The “controller” according to Art. 4, Para. 7 of the GDPR is any person or agency who, either alone or together with others, decides on the purposes and means of personal data processing. (In this situation: the website operator).
The controller in relation to your personal data on this website is:
If an agency other than the one mentioned above is the “controller” under the terms of the General Data Protection Regulation, you shall be explicitly and separately informed to this effect, if this is not obvious.
3. Using the website / log files
Every time this website is accessed, data is logged automatically; this also applies to file retrieval (log data). In this regard, we collect and use the technically necessary data in order to make the website available to you. The technically necessary data transmitted to our web server by your browser includes the following: browser type / browser version, the operating system used, the referrer URL, the pages accessed, the IP address, and the date and time of access.
We need this data to ensure the website’s functionality and to make your visit to this website as pleasant as possible. We reserve the right to analyse the logged data specifically for the purpose of data security. We do not use the technically necessary data to create individual profiles which provide information about your personalised user behaviour. The log data is not linked or merged with other sources of data.
The legal basis for processing the described data – if it is personal – is Art. 6, Para. 1, lit. f of the GDPR. Our legitimate interest is to offer you an appealing, user-friendly and technically functional website.
3.2 Communication by email, phone or fax, or using the contact form
3.2.1 Contact by email, fax, phone or post
If you contact us by email, fax, phone or post, we use your details for contact purposes and to process and respond to your request in a purpose-related manner. Your data is not disclosed to third parties. Your information shall be deleted within an appropriate period of time following completion of our processing activities, provided that there are no other legal regulations to the contrary and your request does not serve the purpose of preparation to conclude a contract.
The legal basis for processing is Art. 6, Para. 1, lit. f of the GDPR. Our legitimate interest lies in appropriately responding to and processing your request. If your request serves the purpose of preparing / initiating the process of concluding a contract with you, Art. 6, Para. 1, lit. b of the GDPR forms an alternative legal basis.
3.2.2 Contact using the contact form
You can contact us by using a contact form provided on the website. If you use the contact form, we collect and store your personal data which you have entered in the input screen (e.g. surname, first name, email address). We only use your data for processing and responding to your request in a purpose-related manner. Your data is not disclosed to third parties. Your information shall be deleted within an appropriate period of time following completion of our processing activities, provided that there are no other legal regulations to the contrary and your request does not serve the purpose of preparation to conclude a contract.
The legal basis for processing is Art. 6, Para. 1, lit. f of the GDPR. If your request serves the purpose of preparing / initiating the process of concluding a contract with you, Art. 6, Para. 1, lit. b of the GDPR forms an alternative legal basis.
3.3 Taking part in prize draws / campaigns
If you take part in a prize draw / campaign (e.g. free entry vouchers for trade fairs) on our website, we shall process your data only for the purpose of holding and settling the prize draw / campaign. Your personal data shall be deleted once the prize draw / campaign has been settled, provided that there are no statutory retention requirements to the contrary. Data is not used for any other purposes or disclosed to third parties.
You are also entitled to request that your data be deleted at any time. To do so, please contact: firstname.lastname@example.org. Alternatively, you are also welcome to send a fax or letter. If you revoke your consent, your data shall be deleted from the database immediately. Revocation of consent and deletion of your personal participant data shall be confirmed by email upon request. If you revoke your consent before the prize draw / campaign is complete, further participation in the same is therefore excluded.
The legal basis for processing is your consent according to Art. 6, Para. 1, lit. a of the GDPR.
4. Disclosing your data, using service providers
We collect and use your data in line with the legal requirements and only for our own purposes. Disclosure to “third parties” does not take place unless there is a legal obligation to this effect, you have given your consent to such disclosure, or disclosure is necessary to fulfil a contract concluded between you and ourselves.
4.1 Disclosing your data to handle services
We shall only disclose your data to third parties if doing so is necessary for fulfilling our contractual obligations vis-à-vis you. This includes disclosure of your data to shipping service providers (e.g. Deutsche Post) for the purpose of delivering the orders placed, or disclosure of the required payment data to the payment service providers for the purpose of handling payment. We only disclose the data required for completion of the respective task to the engaged service providers. Further use of your data by the service provider does not take place.
The legal basis for disclosure of data is Art. 6, Para.1, lit. b of the GDPR.
4.2 Using service providers to handle services
Insofar as we engage other service providers to enable provision of the products and services we offer and potentially grant such service providers necessary access to your data, we have naturally concluded a commissioned data processing contract (known as a “CDP contract” for short) according to Art. 28 of the GDPR with our commissioned data processing service providers (known as “processors” for short). We also still remain responsible for protecting your data. By concluding the contract, the engaged service providers shall not be considered “third parties”.
5. Integration of third-party services and contents
Third-party contents, such as YouTube or Vimeo videos, Google Maps map materials, RSS feeds or graphics from other websites may be integrated into this website based on our legitimate interests (i.e. our interest in analysing, optimising and commercially running our website under the terms of Art. 6, Para. 1, lit. f. of the GDPR). This always requires the provider of such content (hereinafter referred to as the “third-party provider”) to record the user’s IP address. This is because they would generally be unable to send the content to the respective user’s browser without the IP address. The IP address is therefore required to show this content. We strive to only use content from such providers who only use the IP address to deliver content. However, we have no control over whether third-party providers save the IP address for statistical purposes, for example. We shall inform users to this effect as soon as we become aware of such practices.
5.2 Use of Typotheque’s web fonts
5.3 Use of Google Maps
We have integrated the “Google Maps” service provided by Google Inc. (Google) on our website to be able to show you how to reach our premises. Corresponding map contents are retrieved from Google servers in this respect. Accessing external Google servers in the USA means that Google may log and store your IP address, among other things.
5.4 Use of YouTube
This website integrates videos from the “YouTube” platform provided by Google LLC. When you access videos via YouTube, a connection is established to YouTube’s servers in the USA. Accessing external YouTube servers in the USA means that YouTube may log and store your IP address, among other things. YouTube may also store cookies on your computer. If you would not like cookies to be stored, you can prevent this by making the relevant setting in your browser.
5.5 Use of Vimeo
This website integrates videos provided through Vimeo.com, a service provided by Vimeo, LLC (hereinafter referred to as “Vimeo”). When you access videos via Vimeo, a connection is established to Vimeo’s servers in the USA. Accessing external Vimeo servers in the USA means that Vimeo may log and store your IP address, among other things. Vimeo may also store cookies on your computer. If you would not like cookies to be stored, you can prevent this by making the relevant setting in your browser.
6. Duration of data use / retention
Your personal data is deleted provided that there are no legal retention requirements to the contrary and if you have asserted a claim for deletion, if the data is no longer required to fulfil the purpose pursued by storage, or if storage of the data is impermissible on other legal grounds.
7. Place of data use
Your data is generally processed in Germany. In exceptional cases, information which you transmit to us may be stored on servers within the European Union (EU). We shall notify you accordingly if we deviate from this regulation as the “controller”.
8. Data security / secure data transmission
We would like to explain to you that security loopholes can occur during data transmission over the Internet (e.g. via email). We cannot, therefore, offer complete protection against access by third parties. We back up our IT systems (including the web pages / website) using what are known as technical and organisational measures (known as “TOMs” for short) to protect against unwanted: access, admission, disclosure, entry, loss, dissemination, destruction and alternation by unauthorised individuals.
Your personal data is transmitted over the Internet in encrypted format using the Secure Socket Layer coding system (256-bit SSL encryption).
9. Rights of the data subject / data protection officer
The contact for protecting your rights as a data subject is our external data protection officer ((see below for contact details).
9.1 Right of access
Under the legal requirements set forth in Art. 15 of the GDPR, you can naturally and at any time request information as to whether we process personal data about you. If we do process personal data about you, you can request information about the circumstances and form of processing, and more detailed information about the processed data.
9.2 Right to correction
According to Art. 16 of the GDPR, you can request that incorrect information about you be corrected if you cannot make the change yourself.
9.3 Right to deletion
Under the legal requirements set forth in Art. 17 of the GDPR, you are entitled to request that we delete personal data concerning you without delay. To name but a few examples, the right to deletion does not exist if processing of the personal data is necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation to which we are subject (e.g. legal retention requirements), or for establishing, exercising or defending legal claims.
9.4 Right to restriction of processing
According to Art. 18 of the GDPR, you can request that processing of your personal data be restricted.
9.5 Right to data portability
Under the requirements set forth in Art. 20 of the GDPR, you are entitled to request that we provide you with the personal data concerning you which we process in a structured, common and machine-readable format.
9.6 Right to object
Under the requirements set forth in Art. 21 of the GDPR, you have the right to object to the processing of your personal data and request that we stop our processing activities. The right to object only exists to the extent stipulated by law. Legitimate interests necessitating further processing may be in conflict with your objection.
9.7 Right of revocation
According to Art. 7, Para. 3 of the GDPR, you can revoke the consent you granted with respect to processing of your personal data at any time and with effect for the future, without incurring any costs exceeding the transmission costs according to the basic tariffs.
9.8 Duty to notify
According to Art. 19 of the GDPR, we are obligated to inform all recipients to whom personal data was disclosed of corrections, deletions and restrictions on processing with regard to your personal data. Exceptions to this rule may exist in this regard if doing so is impossible or would involve a disproportionate effort. We shall provide you with information about these recipients upon request.
9.9 Automated individual decision-making, including profiling
We also guarantee your rights according to Art. 22 of the GDPR. You or your data do not, therefore, form the subject matter of decisions based on automated processing – including profiling – on our website.
9.10 Right to lodge complaints / supervisory authority
9.11 Data protection officer
If you would like to assert your rights as a data subject, such as your right to delete or block data, please contact our data protection officer – preferably in writing – with sufficient identification:
Alternatively, you are also more than welcome to contact the data protection officer using SAHM GmbH + Co. KG’s address:
Data protection officer – personal –
SAHM GmbH & Co. KG
10. External links and information on the website/h2>
We are not liable for external links and third-party sites made accessible in this way. We would further like to point out that the information provided on this website is only for information procurement purposes and does not aim to produce any legal binding effect.
Last updated: 23.07.2018