Data protection has a very high priority for our company. The use of the website is possible in principle without providing any personal data. However, if a data subject wishes to make use of our company’s special services online, the processing of personal data may be necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally seek the consent of the data subject.
Our company has implemented numerous technical and organizational measures to ensure the most complete protection of processed personal data. Nevertheless, internet-based data transmissions can in principle have security gaps so absolute protection cannot be guaranteed.
1 Definition of terms
1.1 Personal data
Personal data means “any information relating to an identified or identifiable natural person (hereinafter: data subject); a natural person is regarded as identifiable, which can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features,which are the expression of the physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person” (GDPR Art. 4 (1)).
1.2 Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing is any procedure or series of operations performed with or without the aid of automated processes in connection with personal data such as collection, gathering, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure through submission, dissemination or any other form of provision, reconciliation or association, restriction, erasure or destruction.
1.4 Restriction of processing
Restriction of processing refers to the marking of stored personal data with the aim to limit its future processing.
Profiling is any type of automated processing of personal data in which this personal information is used to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health, personal preferences, interests in order to analyze or predict the reliability, behavior, location or change of location of this natural person.
Pseudonymization is the processing of personal data in which personal data can no longer be assigned to a specific data subject without the need for additional information. This additional information shall be kept separate, subject to technical and organizational measures, thus ensuring that the personal data is not assigned to an identified or identifiable natural person.
1.7 Controller or controller responsible for the processing
The controller or controller responsible for the processing is the natural or legal person, public authority, body or entity that, alone or in concert with others, decides on the purposes and means of processing personal data.
1.8 Commissioned processor
A commissioned processor is a natural or legal person, public authority, body or entity that processes personal data on behalf of the controller.
A recipient is a natural or legal person, agency, body or other entity to whom personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered to be recipients.
1.10 Third party
A third party is a natural or legal person, public authority, entity or body other than the data subject, the controller, the commissioned processor and the persons authorized under the direct responsibility of the controller or commissioned processor to process the personal data.
Consent is any act of volition voluntarily and unambiguously given by the data subject in an informed and unambiguous manner in the form of a statement or other unambiguous confirmatory act by which the data subject indicates that they consent to the processing of the personal data concerning them.
2 Name and address of the controller
The controller within the meaning of the GDPR is:
Executive Director: Stephan Neubauer
Authorized Representatives: Elmar Müller, Jörg Quasinowski, Ronald Suchanecki
Commercial Register: Kempten HRB 10394
VAT ID No.: DE 267020117
Tax No.: 125/141/30289
3 Contact details of our external data protection officer
Mr. Michael Gruber
Tel. +49 (0) 941 46 29 09 29
Any data subject can contact our data protection officer directly with any questions or suggestions regarding data protection.
The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable.
5 Collection of general data and information
The web server of Muster GmbH collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the log files of the server. The following may be collected: the browser types and versions used, the operating system used by the accessing system, the website from which an accessing system accesses our website, the sub-websites which are accessed via an accessing system on our website, the date and time of access to the website, an internet protocol address (IP address), the accessing system's internet service provider and other similar data and information that may be used in the event of attacks on our IT systems.
When using this general data and information, VENTURETEC MECHATRONICS does not draw any conclusions about the data subject. Rather, this information is needed to properly deliver the contents of our website, to optimize the content of our website as well as to advertise it, to ensure the continued functioning of our information technology systems and the technology of our website, and to provide law enforcement with the necessary criminal prosecution in the event of a cyberattack. VENTURETEC MECHATRONICS evaluates this anonymously collected data and information on the one hand statistically and further with the aim to increase the data protection and data security in our company, in order to ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.
6 Contact options via the website
The website of our company contains, by law, information that allows others to contact our company quickly and to communicate with us directly, which also includes a general address for so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or through a contact form, the personal data transmitted by the data subject will be automatically saved. Such personal data provided on a voluntary basis by a data subject to the controller is stored for the purposes of processing or contacting the data subject. There is no disclosure of this personal data to third parties.
7 Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only for the period necessary to achieve the processing purpose or as provided by law in acts or regulations governing the controller. If the storage purpose is omitted or if a storage period prescribed by law expires, personal data will be routinely blocked or deleted in accordance with the statutory provisions.
8 Rights of the data subject
8.1 Right to confirmation
Each data subject has the right to ask the controller for confirmation of the processing of personal data concerning them. If a data subject wishes to exercise this right of confirmation, they can contact our data protection officer or another employee of the controller at any time.
8.2 Right to information
Any data subject affected by the processing of personal data shall have the right to obtain from the controller information concerning the personal data stored about the data subject and a copy of this data together with the information given here:
- The processing purposes
- The categories of personal data being processed
- The recipients or categories of recipients to whom the personal data has been disclosed or is still to be disclosed, in particular to recipients in third countries or to international organizations
- If possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
- The existence of a right to correction or deletion of the personal data concerning them, and to the restriction of the processing by the controller and a right to object to such processing
- The existence of a right to appeal to a supervisory authority
- If the personal data is not collected from the data subject: All available information about the origin of the data
- The existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended impact of such processing on the data subject
Furthermore, the data subject has a right to information as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, then the data subject has the right to obtain information about the appropriate guarantees in connection with the transmission.
If a data subject wishes to exercise this right to information, they can contact our data protection officer at any time.
8.3 Right to correction
Any data subject affected by the processing of personal data has the right to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of the processing.
If a data subject wishes to exercise this right to correction, they can contact our data protection officer at any time.
8.4 Right to deletion (Right to be forgotten)
Any data subject affected by the processing of personal data shall have the right to require the controller to delete the personal data concerning them without delay, provided that one of the following reasons is satisfied and the processing is not required:
- The personal data has been collected for such purposes or otherwise processed for which it is no longer necessary.
- The data subject revokes their consent according to which the processing occurred pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR and there is no other legal basis for processing.
- According to Art. 21 (1) of the GDPR, the data subject objects to the processing and there are no legitimate reasons for the processing or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
- The personal data was processed unlawfully.
- The deletion of personal data is necessary to fulfill a legal obligation under Union or national law, to which the controller is subject.
- The personal data was collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.
If one of the above reasons is applies and a data subject wishes to arrange for the deletion of personal data stored at our company, they may contact our data protection officer at any time. Our data protection officer will arrange that the deletion request be fulfilled immediately.
If the personal data has been made public by our company and if our company is responsible for deleting personal data as the responsible controller according to Art. 17 (1) GDPR, our company will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, in order to inform other data controllers processing the published personal data that the data subject has requested the deletion of all links to such personal data or copies or replications of such personal data by those other data controllers unless the processing is required. The data protection officer will arrange the necessary measures in individual cases.
8.5 Right to restriction of processing
Any data subject affected by the processing of personal data has the right granted by the European directive and regulatory authority to require the controller to restrict the processing if one of the following conditions applies:
- The accuracy of the personal data is contested by the data subject for a period of time that enables the controller to verify the accuracy of the personal data.
- The processing is unlawful, and the data subject refuses to delete the personal data and instead requests the restriction of the use of personal data.
- The controller no longer needs the personal data for processing purposes, but the data subject requires it to assert, exercise or defend legal claims.
- The data subject has objected to the processing according to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.
If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored at our company, they can contact our data protection officer at any time. The data protection officer will initiate the restriction of the processing.
8.6 Right to data portability
Any data subject affected by the processing of personal data shall have the right to receive the personal data concerning them, which they have provided to a controller, in a structured, common and machine-readable format. They also have the right transfer this data to another controller without hindrance by the original controller for providing the personal data, provided that the processing is based on the consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task in the public interest or exercise of public service, which was transferred to the controller.
Furthermore, in exercising their right to data portability under Art. 20 (1) GDPR, the data subject has the right to obtain that the personal data is transmitted directly from one controller to another, where technically feasible and if so this does not affect the rights and freedoms of others.
In order to assert the right of data portability, the data subject may at any time contact the data protection officer appointed by us.
8.7 Right to objection
Any data subject affected by the processing of personal data shall have the right, at any time for reasons arising out of their particular situation, to object to the processing of personal data concerning them pursuant to Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.
In the event of an objection, our company no longer processes personal data unless we can prove compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purposes of asserting, exercising or defending legal claims.
If our company processes personal data in order to carry out direct advertising, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling, as far as it is associated with such direct advertising. If the data subject objects to such direct advertising with our company, we will no longer process the personal data for these purposes.
In addition, the data subject has the right, for reasons that arise from their particular situation, object to the processing of personal data relating to them, which is process by our company for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary to fulfill a public interest task.
In order to exercise the right to objection, the data subject may directly contact the data protection officer.
8.8 Automated decisions in individual cases including profiling
Any data subject affected by the processing of their personal data shall have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on them or which, in a similar manner, significantly impairs them, unless the decision is taken for conclusion or the fulfillment of a contract between the data subject and the controller is required, or permitted by Union or Member State legislation to which the controller is subject, and that legislation is adequate to safeguard the rights, freedoms and legitimate interests of the data subject or this processing occurs with the express consent of the data subject.
If the decision to conclude or fulfill a contract between the data subject and the controller is necessary or with the express consent of the data subject, our company will take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person at the controller, to express one’s own position and to contest the decision.
If the data subject wishes to assert rights with regard to automated decisions, they can contact our data protection officer at any time.
8.9 Right to revoke granted data protection consent
Any data subject affected by the processing of personal data is entitled to revoke consent to the processing of personal data at any time. If the data subject wishes to assert their right to revoke consent, they can contact our data protection officer at any time.
9 Data protection in applications and in the application process
The controller collects and processes the personal data of applicants for the purpose of carrying out the application process. The processing can also be done electronically. This is especially the case if an applicant submits corresponding application documents to our company electronically, for example by e-mail or via a web form on the website. If our company concludes a contract of employment with an applicant, the transmitted data will be stored for the purpose of the employment relationship in compliance with the legal requirements. If no employment contract is concluded with the applicant by our company, the application documents will be automatically deleted 6 months after the announcement of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller. Other legitimate interest in this sense, for example, include a burden of proof in a procedure under the General Equal Treatment Act (AGG).
10 Data protection regulations: Tracking Tools
The controller has integrated the component Google Analytics (with anonymization function)on this website. Google Analytics is a web analytics service. Web analytics is the gathering, collection and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data about the website through which a data subject has come to a website (so-called referrers), which subpages of the website are accessed or how often and for what length of stay a subpage has been viewed. Web analytics is used primarily to optimize a website and for cost-benefit analysis of internet advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the “_gat._anonymizeIp” extension for web analytics via Google Analytics. By means of this extension, the IP address of the data subject's internet access will be shortened and anonymized by Google if the access to our websites occurs from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze visitor flows on our web site. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our websites, and in to provide related services in connection with the use of our website.
Google Analytics uses a cookie on the information technology system of the data subject. What cookies are, has already been explained above. By using the cookie, Google will be able to analyze the use of our website. Each time one of the pages of this website operated by the controller is accessed and a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject will be automatically triggered by the respective Google Analytics website component to send data to Google for online analysis purposes. As part of this technical process, Google receives information about personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks, and subsequently to facilitate commission settlement.
The cookie stores personally identifiable information, such as access time, the location from which access was made, and the frequency of visits to our website by the data subject. Each time you visit our websites, your personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States. This personal data is stored by Google in the United States. Google may transfer this personal data collected through the technical process to third parties.
The data subject can prevent the setting of cookies through our website, as described above, at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
In our website we use Google reCAPTCHA to check and avoid interactions on our website through automated access, for example through so-called bots. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereafter referred to as "Google." Through certification under the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Google guarantees that it complies with EU data protection standards when processing data in the United States.
Through this service, Google can determine from which website a request is sent and from which IP address you use the so-called reCAPTCHA input box. In addition to your IP address, additional information may be collected by Google, which is necessary for the offer and the guarantee of this service. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the security of our website and in the defense against unwanted, automated access in the form of spam or the like.
Google provides further information on the general handling of your user data under https://policies.google.com/privacy.
11 Responsible data protection authority
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
Phone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300