Data Privacy Statement
Thank you for visiting our website. As a service provider, the security of your data is particularly important to us. We would therefore like to present you with this detailed information about the use of your data when you visit our website.
Definition of terms
This Data Privacy Statement is based on the terms used by the European legislative and regulatory authorities when adopting the General Data Protection Regulation (GDPR). Our Data Privacy Statement is intended to be easy to read and understand, both for the public and for our customers and business partners. We would like to begin by explaining the terms used so as to guarantee that we have achieved our intention.
Some of the terms used in this Data Privacy Statement are defined below:
- Personal data: Personal data are pieces of information relating to an identified or identifiable natural person (referred to below as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, or to an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural
- Data subject: A data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for their
- Processing: Processing is the term used to denote any operation or series of operations which is performed in connection with personal data, with or without the aid of automated procedures, such as collection, recording, organisation, filing, storage, adaptation, modification, readout, retrieval, usage, disclosure by transmission, dissemination or other form of provision, alignment or connection, restriction, erasure or
- Restriction of processing: Restriction of processing is a procedure in connection with stored personal data with the aim of limiting their processing in the
- Profiling: Profiling is any form of automated processing of personal data which involves the use of these personal data to evaluate certain aspects relating to a natural person, in particular to analyse or predict aspects pertaining to the performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of this
- Controller: The controller or the party responsible for the processing is the natural or legal person, public authority, agency or other body who or which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State
- Processor: The processor is a natural or legal person, public authority, agency or other body who or which processes personal data on behalf of the
- Recipient: The recipient is a natural or legal person, public authority, agency or another body to whom or to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a particular inquiry in accordance with Union or Member State law shall not be regarded as
- Third party: A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who or which, under the direct authority of the controller or processor, are authorised to process personal
- Consent: Consent of the data subject means any freely given, specific, informed and unambiguous indication of wishes by which the data subject signifies agreement to the processing of his or her personal data by a statement or by clear affirmative
Collection of data
Every time a data subject or an automated system accesses our website, the website collects a series of general data and information. These general data and information are stored in the server log files. The following information may be collected:
- the browser types and versions used,
- the operating system used by the system accessing the site,
- the website from which a system gains access to our website (so-called referrer),
- the subpages which are visited on our website through the system gaining access,
- the date and time of the website visit,
- an Internet protocol address (IP address),
- the Internet service provider of the system gaining access
- other similar data and information used for security purposes in the event of attacks on our information technology
Instances of access via FTP are logged with anonymous user names and IP addresses and stored for 60 days.
When using these general data and information, we do not determine the identity of the data subject. This information is required for the following purposes:
- to deliver our website content correctly,
- to optimise our website content and the advertising for, the website
- to ensure the permanent operability of our information technology systems and our website technology
- to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a
These data and information are collected anonymously and are therefore evaluated by us statistically on the one hand and also with the aim of increasing data protection and data security in our company with the ultimate aim of ensuring an optimum level of protection for the personal data processed by us. The anonymous data in the server log files are stored separately from all the personal data provided by a data subject.
SSL and TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential information, such as the content of purchase orders or inquiries which you send to us as the website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser toolbar.
If SSL or TLS encryption is activated, the data which you send to us cannot be read by third parties during their transmission.
You can contact us by post, telephone, fax or email.
If you contact us by post, for example, we can most notably process your address data (e.g. surname, forename, street, town, postcode), date and time of receipt, and the data contained in your correspondence. Depending on which data you provide, we will contact you by telephone, fax or email and, where applicable, call you back or write to you.
If you contact us by telephone, we will most notably process your telephone number and, where applicable and requested in the course of the conversation, your name, email address, the time of the call and details of your inquiry.
If you contact us by fax, we will most notably process the fax number or the sender identification as well as the data contained in the fax.
Due to statutory regulations, our website contains information which enables rapid electronic contact with our company and direct communication with us, also including a general address for electronic mail (email address). If you contact us by email, we will most notably process your email address, the time of the email and the data contained in the message (and in any attachments, where applicable).
The above data will be processed for the purpose of responding to the inquiry and in order to be able to contact the sender.
The legal basis for the processing of personal data in these cases is Art. 6 (1) f) GDPR. It is our legitimate interest to be able to offer you the opportunity to contact us at any time and to be able to respond to your inquiries.
If you send us an (unsolicited) application via our applicant portal or by email, we will save your surname name, first name, address, phone number, email address and the application documents sent to us (letter of application, CV, references, certificates, etc.).
The collection and processing of your personal data on the application is exclusively for the purpose of filling positions within our company. The legal basis is Article 6.1.1(f) GDPR. We have a legitimate interest in processing your personal data for staff planning within the company.
As a matter of principle, your data will only be forwarded to the internal and specialist departments of our company responsible for the specific application procedure. In addition, your application data will not be used for other purposes or provided to third parties.
Retention period of application data
If we are unable to offer you a position, your personal application data will be deleted without delay, but no later than three months after receipt or on completion of the application process. This does not apply if legal regulations oppose deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly agreed to longer storage.
Storage for future job advertisements
If we are unable to offer you a position at the current time but your application could be of interest for future job vacancies, we will store your personal application data for 12 months, provided that you expressly consent to such storage and use.
We have taken technical and organisational precautions to protect the data collected in the context of your application against manipulation and unauthorised access. One particular precaution is the encryption of your online application for transmission, in accordance with the most current technologies available.
Information on the use of email
There can be security issues when communicating through unencrypted emails. For example, emails may be intercepted on their way to the employees of our company and viewed by experienced Internet users. If we receive an email from you, we will assume that we are entitled to reply by email. If this is not the case, you are required to refer explicitly to another form of communication. Please also let us know beforehand if you would like email communications to be protected by PGP encryption.
Log files of emails sent over our mail servers are deleted after eight weeks. The relatively long period of storage is necessary to analyse faults with dispatch or receipt processes, to ensure that the mail services are working properly, and to combat junk mail.
The logs listing emails dispatched via Sendmail/PHP are anonymised after one day and are kept for seven days.
Legal or contractual regulations on the provision of personal data
The provision of personal data is prescribed by law in some cases (e.g. tax regulations) but may also be required as a result of contractual arrangements (e.g. information on the contractual partner). It is necessary for the purposes of concluding contracts and fulfilling contracts for you to provide us with personal data which must subsequently be processed by us. Otherwise it will not be possible to enter into a contract with us because communications cannot be exchanged for the relevant purposes.
Your personal data will be processed solely for the purpose of fulfilling the contract under Art. 6 (1)
- b) GDPR. The purpose which we pursue in our data processing is to guarantee smooth contact processes with the customer. The processing of data pursuant to Art. 6 (1) f) GDPR is also necessary to safeguard our legitimate interests or those of a third party. These apply in connection with the processing of your order and final invoicing.
Data categories and data sources: We process the following categories of data: master data, communication data, contract data, accounting data, accounts receivable data, asset data. These data will be sent to us only by you.
Recipient: We will only process your data to the extent required in any given order and, where necessary, send them to the following categories of recipients to whom the personal data will be disclosed insofar as is necessary for the assertion of our claim: public authorities, third-party debtors, authorised legal representatives (of opposing parties, third-party debtors, other third parties), lawyers, assignees, employers, insurance companies and, where applicable, other third parties (e.g. tax accountants, revenue authorities, etc.).
If you do not want cookies to be stored on your terminal device for reach measurement, you can opt out of the use of these files here:
– Network Advertising Initiative cookie deactivation page: http://optout.networkadvertising.org/?c=1#!/
Commonly used browsers offer the option of disabling cookies. Note: there is no guarantee that you will be able to access all the functions of this website without restrictions if you enter the settings required in this case.
The purpose of this processing is to make our website user-friendly for you and to provide you with the opportunity to save your settings.
The legal basis for the processing is Art. 6 (1) f) GDPR. We have a legitimate interest in presenting you with a website which stores your personal settings and makes it easier for you to visit our website.
Use of Google Maps
This website uses Google Maps for site layout plans. The Google Maps service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google may collect and process information (including personal data) due to the incorporation of Google services. It cannot be ruled out that Google may also transfer the information to a server in a third country.
As stated in the Privacy Shield certification held by Google (available at https://www.privacyshield.gov/list under the search term “Google”), Google has signed up to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework in respect of the collection, use and storage of personal data from the EU Member States and Switzerlandrespectively. Google, including Google LLC and its wholly owned subsidiaries in the USA, has been certified as compliant with the Privacy Shield Principles. Further information can be found at https://www.google.de/policies/privacy/frameworks/.
We have no control over which data Google actually collects and processes. Google does state, however, that various pieces of information (including personal data) can be processed as a general principle, such as the following:
- log data (especially IP address)
- location-related information
- unique application numbers
- cookies and similar technologies
If you have logged into your Google Account, Google may add the processed information to your account and treat it as personal data, depending on your account settings, cf. https://www.google.de/policies/privacy/partners.
Google covers various issues in its statement, including the following:
“We may combine personal information from one service with information, including personal information, from other Google services – for example to make it easier to share things with people you know. Depending on your account settings, your activity on other sites and apps may be associated with your personal information in order to improve Google’s services and the ads delivered by Google.” (https://www.google.com/intl/en/policies/privacy/index.html)
You can prevent this information from being added directly to your account by logging out of your Google Account or by entering the appropriate settings in your Google Account.
You can find information about Google’s privacy settings at https://privacy.google.com/take- control.html.
The legal basis for the processing of personal data in these cases is Art. 6 (1) f) GDPR. The option of evaluating the success of individual services enables us to react to the market in various ways, such as targeting our offers at potential users in the best possible way. Google also has a legitimate interest in the (personal) data collected in order to improve its own services.
Use of Google Web Fonts
We use external fonts on our website (so-called Google Fonts). Google Fonts is a service provided by Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The web fonts are integrated through an interface (“API”) to the Google services. Google may collect and process information (including personal data) about you in certain circumstances due to the integration of the web fonts. It cannot be ruled out that Google may also transfer the information to a server in a third country.
Please see the preceding section of this privacy statement for information about the Privacy Shield certification currently held by Google and other relevant data relating to the processing of data by Google in connection with the use of Google services.
We ourselves do not collect any data in connection with the provision of Google Fonts.
Our aim in incorporating Google Fonts is to be able to display consistent fonts on your device.
The legal basis for the processing of personal data in these cases is Art. 6 (1) f) GDPR. Our necessary legitimate interest in this case lies in the great benefit offered by a uniform display of the fonts. The option of a uniform display allows us to spend less time and money on design than we would if we had to react to font standards of different operating systems or browsers with graphically customised web pages. Google also has a legitimate interest in the (personal) data collected in order to improve its own services.
There is a TLS-encrypted contact form on our website (cf. SSL and TLS encryption above) which you can use as a means of electronic contact.
If you use this form to contact us, we will process the data entered in the input fields. In this case the following data entries are mandatory:
- forename and surname;
- email address;
- telephone number (not mandatory);
- message sent (not mandatory).
Mandatory and voluntary information will be treated equally by us. The mandatory information is necessary in order to be able to contact you and to process your inquiry.
The following data are also saved when the form is sent:
- your IP address
- date and time of
The personal data entered in the mandatory fields and the information provided on a voluntary basis are processed in order to respond to the contact request and in order to be able to contact you for the purpose of dealing with your inquiry.
The legal basis for the processing of the personal data provided by you during the contact procedure is Art. 6 (1) b) GDPR.
The other personal data processed during the sending procedure (IP address, date and time of sending) serve to prevent misuse of our contact form.
The legal basis for this is our legitimate interest pursuant to Art. 6 (1) f) GDPR. We have a legitimate interest in being able to prevent or prove misuse of our contact form.
The data will be erased as soon as they are no longer required for the purpose for which they were collected.
The recipient of the data is our server host who works on our instructions under a commissioned data processing agreement.
Embedded videos and images from external websites
Some of our pages contain embedded content from YouTube or external websites. If you merely access a page on our website with embedded videos or images from such external sources, no personal data will be transmitted, with the exception of the IP address. In the case of YouTube, the IP address will be transmitted to Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) and, in the case of Instagram, to Instagram Inc., 181 South Park Street, Suite 2, San Francisco, CA 94107, USA (“Instagram”).
Presence on social media
We maintain an online presence on social media sites in order to communicate with the users who are active there or to offer information about ourselves.
Please be aware that user data may be processed outside the European Union. With regard to US providers certified under the Privacy Shield or offering comparable guarantees of a secure level of data protection, we would point out that by so doing they undertake to comply with EU data protection standards.
Furthermore, user data on social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created on the basis of usage behaviour. The usage profiles can in turn be used, for example, to place advertisements inside and outside the social media sites that presumably correspond to the interests of the users. Cookies are usually stored for these purposes on users’ computers in which the usage behaviour and interests of the users are stored. In addition, data can also be stored in usage profiles independently of the devices used by the users (especially if the users are members of the social-media platforms and are logged in to them).
Detailed information on individual forms of processing and options for objecting can be found on the following pages from each operator.
Requests for information and data subjects’ rights are most effectively asserted with the providers. Only they have access to users’ data.
- Type of data processed: data provided by data subjects (e.g. names, addresses), contact data (e.g. email, phone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, content of interest, access times), meta-
/communication data (e.g. device information, IP addresses).
- Persons concerned: users (e.g. website visitors, users of online services).
- Processing purposes: provision of our online offer and user-friendliness, contractual procedures and service, contact requests and communication).
- Legal basis: legitimate interests (Article 6.1.1(f) GDPR), consent (Article 6.1.1(a)GDPR), contract fulfilment and pre-contractual enquiries (Article 6.1.1(b)GDPR).
Services used and service providers:
- Facebook:Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
Right to object (opt-out) Settings for advertisements: https://www.facebook.com/settings?tab=ads;
We operate as
Visomax Coating GmbH
a so-called “Facebook fan page”, where we provide information about ourselves and our work, and make contact with (potential) customers. For this purpose, Facebook collects statistical data which it evaluates and makes available to us in anonymised form. This is not personally identifiable information. If a Facebook member writes us a message via our fan page, Facebook collects the data stored by the member.
We manage the page together with Facebook Ireland Ltd. and we are jointly responsible for the operation of that fan page according to current legislation and thus jointly responsible with Facebook for data protection, Article 26 GDPR. The legal basis of our data processing is Article 6.1.1(b) or
(f) GDPR. In the former case, we process the personal data within existing customer relationships at the request of the respective customer. In all other cases, the data subject has an overriding interest in the processing.
We have concluded an agreement with Facebook Ireland Ltd. on joint responsibility in accordance with Art. 26 GDPR. You can find the Facebook “Page addendum” supplement here:
Facebook Inc. bears sole responsibility for data protection when evaluating the data collected and manages both the rights of the data subjects and data security in accordance with the GDPR.
Additional information on data protection:Agreement on joint processing of persona data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, privacy notices for Facebook pages https://www.facebook.com/legal/terms/information_about_page_insights_data.
- Instagram: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; websitehttps://www.instagram.com;
- LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com;
Data protection policy: https://www.linkedin.com/legal/privacy-policy.
- Xing: XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany; website: https://www.xing.de/;
- YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; website: https://www.youtube.com;
Data protection policy: https://policies.google.com/privacy.
Privacy Shield (guarantee of level of data protection when processing data in the USA):
Right to object/Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en-GB
Settings for the display of advertisements: https://adssettings.google.com/authenticated.
For the creation and evaluation of online surveys we apply „SurveyMonkey“ (SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland). Participiation in such surveys always is optional.
At clicking on the link to the survey, the IP address of the user will be recorded. Furthermore, we request to provide us voluntarily with your name and surname as well as your e-mail address in order to clarify possible queries. The results are used within the company for analysis and as a basis for improving our range of services. In individual cases, we reserve the right to pass on the data collected from the customer to third parties. The legal basis for the processing of personal data described here is pursuant to Art. 6 (1) f) GDPR. Our justified interest, which is necessary for this, lies in the great benefit of being able to react purposefully to market behaviour and to place our offers in the best possible way for interested users.
SurveyMonkey will use this information on our behalf to create reports that enable us to analyze the satisfaction of our customers. In addition, SurveyMonkey may optimize its own services through the use of the online survey by respondents and create data trends. We collect cookies, usage data, device and browser data, log data and, where applicable, data about third-party integrations. Pseudonymous user profiles can be created from the processed data. In addition, the respondent’s contact information may be used to clarify a concern if the respondent has contacted SurveyMonkey.
SurveyMonkey is certified under the Privacy Shield Agreement, thereby providing a guarantee of compliance with European data protection legislation: https://www.privacyshield.gov/participantid=a2zt0000000Gn7zAAC&status=Active.
When you have participated in our survey you always can get in contact with us under above mentioned email address and request for erasure of your personal data provided in the survey.
Announcement of changes
Amendments to laws or changes in our internal processes may necessitate changes to this Data Privacy Statement.
In the event of any such change, we will notify you at least six weeks before it becomes effective. As a general rule, you have the right to revoke any consent already granted.
Please note (if you do not exercise your right of revocation) that the current version of the Data Privacy Statement at any given time is the valid one.
Revision/erasure of your personal data
You have the option of checking, changing or erasing the personal data provided to us at any time by sending us an email to the email address firstname.lastname@example.org. You also have the right to revoke, at any time, any consent already granted with effect for the future. The stored personal data will be erased if you revoke your consent to their storage.
The controller responsible for data processing will process and store the personal data of the data subject only for the time necessary to achieve the purpose for which the data are stored, or to the extent dictated by the European legislative and regulatory authorities or by another legislator in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply, or if a storage period prescribed by the European legislative and regulatory authorities or by another legislator expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.
Rights of data subjects
You have the following rights in principle:
- right of access (Art. 15 GDPR)
- right to rectification (Art. 16 GDPR)
- right to object (Art. 21 GDPR)
- right to erasure (Art. 17 GDPR)
- right to restriction of processing (Art. 18 f. GDPR)
- right to data portability (Art. 20 GDPR)
Please address any inquiries in this regard to email@example.com or call 0931/4528140. Please note that we must take measures to ensure that any such inquiries are genuinely from the actual data subject.
You have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority with responsibility for data protection.
Automated decision-making processes do not take place on our website
Note on the right to object
Data subjects whose personal data are processed have the right to object at any time, on grounds
relating to their particular situation, to the processing of their personal data which is carried out on the basis of Art. 6 (1) e) or f) GDPR.
You can express your objection or send us notice of your objection at any time (e.g. by email to firstname.lastname@example.org or by calling 0931/4528140).
Where objections are raised, we will no longer process the personal data unless we can show compelling legitimate grounds for their processing which override the interests, rights and freedoms of the data subject, or if the data are processed for the establishment, exercise or defence of legal claims.
We do not process any personal data for direct marketing or profiling purposes. Notwithstanding the above, any data subjects whose personal data are processed have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning them or significantly affects them in a similar manner in the following cases:
- the decision is necessary for the conclusion or performance of a contract between the data subject and the controller, or
- the decision is authorised by Union or Member State law to which the controller is subject and which also lays down appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, or
- the decision is taken with the express consent of the data
In cases where the following applies:
- the decision is necessary for the conclusion or performance of a contract between the data subject and the controller, or
- the decision is taken with the express consent of the data subject,
we take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, the right to express a point of view and the right to contest the decision.
Any data subject wishing to exercise rights in respect of automated decision-making processes may contact our data protection officer or another employee of the data controller at any time.
Any data subject whose personal data are processed has the right to revoke consent to the processing of personal data at any time.
Any data subject wishing to exercise rights in respect of the revocation of consent may contact our data protection officer or another employee of the data controller at any time.
We have technical and organisational measures in place to protect our website and other systems and to prevent your data from being lost, destroyed, accessed, altered or distributed by unauthorised persons. Despite regular checks, however, it is not possible to provide full protection from all risks.
Data controller and contact person
Please write directly to the data protection officer below if you have any questions on the collection, processing or use of your personal data, if you have a request for information, rectification, blockage or erasure of data, or if you wish to revoke consent which has been granted or object to a specific use of data.
Data protection officer
Our data protection officer can be contacted at email@example.com.
Authority responsible for supervising
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Phone: +49 981 53-1300
Fax: +49 981 53 98-1300