Data Protection Policy
We thank you for your visit to our website and interest in our company.
The protection of your personal data is extremely important to us. In this data protection policy, we are pleased to inform you of the specific personal data collected during your visit to our website and the rights you possess in this regard.
The use of terms in this Data Protection Policy is oriented to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Personal data means all information relating to an identified or identifiable natural person. This includes your name, address and communication data and email address.
Processing means any operation or series of operations, performed with or without the help of automated processing, in connection with personal data; such as its collection, recording, organisation, ordering, storage, adaptation or modification, outputting, querying, use, disclosure by transmission, distribution or any other form of provision, comparison or combination, restriction, deletion or destruction.
Data subject is any identified or identifiable natural person whose personal data are processed by the person responsible for processing.
Person responsible or “person responsible for processing” is the natural or legal person, supervisory authority, institution or other body that alone or together with others decides on the purpose and means of personal data processing.
1. Name and address of the person responsible
OTEC Präzisionsfinish GmbH
75334 Straubenhardt-Conweiler, Germany
Tel: + 49 (0) 70 82 / 49 11 20
Fax: + 49 (0) 70 82 / 49 11 29
The representatives of the person responsible are the managing directors Helmut Gegenheimer and Soran Jota.
2. Data protection officer
You can reach our data protection officer via email at datenschutz(at)otec.de or via our mailing address; please add the words “the Data Protection Officer” to the mailing address.
3. Processing of personal data
3.1. Visiting our website
3.1.1. Scope of data processing
When you visit our website, your browser transfers certain data to our web server for technical reasons. The data in question (“server log files”) are as follows:
- IP address
- Date and time of the request
- Time zone difference relative to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Operating system and its access status/HTTP code
- Data quantity transferred
- Website from which the request originated (“referrer URL”)
- Browser, language and browser software version
3.1.2. Purpose of data processing
It is necessary to store these data in log files in order to ensure the functionality of the website. They help us to optimise the website and ensure the security of our information technology systems.
3.1.3. Lawful basis of processing
We collect these data on the basis of our legitimate interest within the meaning of Article 6(1)(f) GDPR in order to display our website and ensure your security.
3.1.4. Duration of storage
Information in the log files is stored for security reasons (e.g. to deal with misuse or fraudulent use) for a maximum of seven days, then deleted. Data that must be stored for longer for documentation purposes is excepted from deletion until final resolution of the given incident.
3.1.5. Objection and removal options
Due to technical reasons, the collection of data for the purpose of providing the website and and the storage of such data in log files is absolutely necessary for its operation. The user is therefore not entitled to object.
3.2. Contact form and email contact
3.2.1. Scope of data processing
Our website contains a contact form that we encourage you to use to contact us electronically. In the input form we collect the following data: given name, surname, occupation, department, company, street, postal box, post code, city, country, telephone no., fax no., email address, message text, request for a response, interest in a mass finishing workshop.
Alternatively, you can contact us at the email addresses provided for our sales and service contacts. In this case, the personal data transmitted along with your email will be stored.
3.2.2.Purpose of data processing
The processing of the personal data from the contact input form serves solely to establish contact with you. In the event we contact you via email, we also have a necessary and legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and safeguard the security of our information technology systems.
3.2.3. Lawful basis of processing
The lawful basis for processing the data transmitted from the contact form or in an email is Article 6(1)(f) GDPR. If the email contact aims toward concluding a contract, the additional lawful basis for processing is Article 6(1)(b) GDPR.
3.2.4. Duration of storage
The data are deleted once they are no longer required for the purpose for which they were collected. For the personal data entered on the contact form and those transmitted via email, this is the case when the respective conversation with the user has ended. The conversation is deemed to end when it is evident from the circumstances that the matter at hand has been conclusively resolved.
3.2.5. Objection and removal options
You can revoke your consent for processing your personal data at any time. In this case, however, the conversation cannot be continued. Please send notice of revocation to firstname.lastname@example.org or our mailing address. In this case, all personal data stored during the process of contacting us are deleted.
3.3. Job applications
3.3.1. Scope of data processing
If you are interested in working at our company, you can apply online. Current job postings are listed under the “Career” menu item. You can also apply proactively.
If you apply via email, we process the data you transmit to us in order to carry out the application process.
Your personal data can be viewed by the human resources department and the technical department under which the position falls.
3.3.2. Purpose of data processing
We process personal data in order to decide whether to establish an employment relationship with applicants; especially for the process of selecting suitable candidates and administering the application process.
3.3.3. Lawful basis of processing
The lawful basis for processing your personal data in the application process is § 26 para. 1 German Federal Data Protection Act [Bundesdatenschutzgesetz – BDSG)-new version.
3.3.4. Duration of storage
If the application results in an employment relationship, we process these data in order to formally establish that relationship. The data are then entered into our human resources administration system.
Where the application does not result in an employment relationship, respecting the three-month statutory period per the German Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG), the data are deleted once the application process has ended, except if the applicant provided consent in accordance with Articles 6(1)(a) and 7 GDPR to the long-term storage of their personal data in order to be considered for new job offers.
3.3.5. Objection and removal options
You can have the information you convey to us updated or deleted at any time, upon request. To do so, please send an email to bewerbung(at)personal.otec.de.
This does not apply if you have applied during an ongoing application process for a specific position with us. In this case, we store the information you provided in relation to the position until the end of the statutory periods (§ 15 AGG in particular).
3.4.1. Scope of data processing
- a) Transient cookies are automatically deleted when you close the browser. A common example are session cookies, which save a session ID that enables various requests by your browser to be associated with the same session. This allows your computer to be identified when you return to our website. Session cookies are deleted when you log out or close the browser.
- b) Persistent cookies are deleted automatically after a prescribed length of time, which may differ from cookie to cookie. You can delete cookies at any time using the security settings on your browser.
3.4.2. Purpose of data processing
Some elements of our website require that the browser from which requests originate still be identifiable, even after navigating to a different web page. These elements require that the browser from which requests originate still be recognized, even after navigating to a different web page.
3.4.3. Lawful basis of processing
The lawful basis for processing of personal data using such cookies as may be technically necessary is Article 6(1)(f) GDPR.
3.4.4. Duration of storage
Session cookies are deleted when you close the browser.
Persistent cookies are deleted automatically after a prescribed length of time.
3.4.5. Objection and removal options
Please note, however, that if you do so, you may not be able to use all of the website's functions.
3.5. Web analysis with Google Analytics
3.5.1. Scope of data processing
Our website uses Google Analytics, a web analysis tool provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
Google collects information about your use of this website (e.g. the pages you visit) and transfers it to a Google server in the USA. Here it is stored and analysed, before the results are provided to us in anonymised form.
This website uses Google Analytics with the extension “_anonymizeIp()”. This extension enables IP anonymization, meaning that Google shortens your IP address within member states of the European Union, or other countries who are signatories to the Agreement on the European Economic Area, before transferring it to the USA. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
For those exceptional cases in which personal data is transferred to the USA, Google adheres to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Google is certified under the EU-US Privacy Shield, which provides a suitable level of protection for data transferred to Google in the USA.
3.5.2. Purpose of data processing
We use Google Analytics to analyse the use of our website and to continuously improve it. The generated statistics help us improve our website and make it more interesting for you as a user.
3.5.3. Lawful basis of processing
The processing of data for the aforementioned purposes using Google Analytics occurs on the basis of legitimate interest. The lawful basis is Article 6(1)(f) GDPR.
3.5.4. Duration of storage
Sessions and campaigns are ended after a certain period of time. Sessions end after 30 minutes of inactivity, while campaigns are ended after six months as standard. The maximum time limit for campaigns is two years.
3.5.5. Objection and removal options
Google does not combine the IP address transferred by your browser with other data. You can prevent the saving of cookies via the corresponding setting in your browser software, as described above in the “Cookies” section. You can also prevent data about your use of this website being sent to and processed by Google by downloading and installing the Google browser plugin available here: https://tools.google.com/dlpage/gaoptout?hl=en.
If you wish to prevent Google Analytics from collecting your data when you visit our website on different devices (in particular mobile devices such as smartphones or tablets), you must opt out from this on every system used. Click here to install the opt-out cookie.
3.6. Google AdWords
3.6.1. Scope of data processing
We use Google AdWords to advertise our offers on external websites. These advertisements are delivered by Google via an ad server. We therefore use Ad Server cookies to enable the measurement of certain key success indicators, such as the ads being displayed or user clicks. If you access our website via a Google ad, Google AdWords saves a cookie on your PC. Above we described what cookies are and how to delete them. These cookies enable Google to recognize your browser. If a user visits certain pages on the website of an Adwords customer and if the cookie stored on their computer has not expired, Google and the customer can detect that the user clicked on the advert and ended up on this page. Each Adwords customer is assigned a different cookie. Cookies cannot be subsequently tracked beyond the websites of Adwords customers. We ourselves do not collect or process any personal data for the advertising measures described. Google merely makes available to us statistical analyses. Based on these analyses, we can find out which of the advertising measures are especially effective. We do not receive any other data about the performance of the advertising measures; in particular, we cannot identify users based on this information.
Because of the marketing tools we use, your browser automatically establishes a direct connection with the Google server. We have no control over the scope and further processing of the data collected through the tool. According to our knowledge, through the integration of AdWords Conversion, Google receives the information that you accessed the respective part of our internet presence or clicked one of our adverts. If you are registered for a Google service, Google can associate the visit with your account. Even if you are not registered with Google or are not logged in, it is possible that the provider may become aware of your IP address and store it.
3.6.2. Purpose of data processing
The advertising campaign data allows us to evaluate the success of the various advertising measures. Our aim in this regard is to display advertising that’s of interest to you, to make our website more attractive and to equitably calculate advertising costs.
3.6.3. Lawful basis of processing
The processing of the data serves our legitimate interest in structuring our advertising so as to reach target audiences. The lawful basis is Article 6(1)(f) GDPR.
3.6.4. Duration of storage
These cookies usually expire after 30 days and are not intended to identify you personally. The values generally stored by this cookie for analysis are the unique cookie ID, number of ad impressions per placement (frequency), most recent impression (relevant for post-view conversions) as well as opt-out information (indication that the user no longer wishes to be contacted).
3.6.5. Objection and removal options
You can prevent participation in this process in various ways: a) by configuring your browser software settings accordingly; in particular, the suppression of third-party cookies means that you will not receive any ads from third-party providers; please see “Cookies” above for how to configure your browser; b) by deactivating the conversion tracking cookies by configuring your browser to block cookies from the domain “www.googleadservices.com”, see https://www.google.de/settings/ads; please note that this setting is cancelled when you delete your cookies; c) by deactivating the interest-based adverts from providers that belong to the “About Ads” self-regulation campaign; see http://www.aboutads.info/choices; please note that this setting is cancelled when you delete your cookies; d) by permanently deactivating them in your browser, whether Firefox, Internet Explorer or Google Chrome; to do so, go to http://www.google.com/settings/ads/plugin.
More information about data protection at Google is available here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google has agreed to be subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
4. Integration of services and third-party content
We have integrated external services and content into our website. This is done on the basis of our legitimate interest, within the meaning of Article 6(1)(f) GDPR, in the analysis, optimisation and economical operation of our online offerings.
When such a service is used or third-party content is displayed, communications data such as the date, time and IP address are exchanged between you and the respective provider for technical reasons. In particular this includes your IP address, which is necessary to display content in your browser.
The provider of the respective services or content may process your data for other purposes of its own. Since we have no control over the data collected by third parties or its processing by them, we cannot make any binding statements about the purpose and scope of such processing.
For more information about the purpose and scope of collection and processing of your data, please consult the privacy policies of the respective providers of the services and content integrated on our site, who bear responsibility under data protection law.
The following list offers an overview of third-party providers and the content they provide as well as links to their privacy policies, which contain additional information on the processing of data and objection options (“opt-outs”).
- Maps from the “Google Maps” service of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy policies: https://www.google.com/policies/privacy/ Opt-Out: https://www.google.com/settings/ads/.
- External fonts from Google, Google Fonts, third party vendor Google Inc., 1600 Amphi-theatre Parkway, Mountain View, CA 94043, USA. These web-fonts are downloaded by a server request, normally from a server of Google located in the USA.
During this process the information which of our websites you have visited will be trans-mitted to the server. Also, the IP address of the browser from the device of the visitor of this website is stored by Google. Privacy policies: https://policies.google.com/privacy. Opt-Out: https://adssettings.google.com/authenticated.
- Videos from the “YouTube” platform of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
More information on data protection: https://www.google.com/policies/privacy/. You can opt out at https://www.google.com/settings/ads/.
YouTube has agreed to be subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Functions of the social media network Facebook are integrated into our website. These functions are offered by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
Plugins can display interactive elements or content (e.g. videos, graphics or text) and can be identified by a Facebook logo (a white “f” on a blue square, the term “Like” or a “thumbs up” symbol) or are identified by the suffix “Facebook Social Plugin”. A list of Facebook social plugins, including their appearance, can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield treaty and therefore guarantees its compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If a user accesses a function on this online presence that contains a plugin of this sort, the user's device establishes a direct connection with Facebook servers. The plugin content is directly transmitted by Facebook to the user's device, which integrates it into the website. User profiles about users may be created based on the data processed. We therefore have no control over the scope of the data collected by Facebook through this plugin and are informing users of the information available to us.
Through the integration of the plugins, Facebook receives the information that a user accessed the respective page of our online presence. If the user is logged in to Facebook, Facebook can associate the visit with their account. When you interact with the plugins, such as clicking the Like button or leaving a comment, this information is transmitted by your device directly to Facebook and stored there. Even if a user is not a member of Facebook, it is possible that Facebook may become aware of their IP address and store it. According to Facebook, in Germany IP addresses are only saved in truncated form.
For the purpose and scope of data collection and the further processing and use of the data by Facebook as well as your rights in this regard and settings options to protect the private sphere of users, please consult Facebook's privacy information: https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not want Facebook, via this online offering, to collect data about them and correlate it with the member data stored by Facebook, the user must log out of Facebook and delete their cookies before using our website. The Facebook profile settings offer additional settings and opt-outs of the use of data for advertising purposes: https://www.facebook.com/settings?tab=ads
5.1.1. Scope of data processing
On our website you can subscribe to a newsletter, which contains first-hand news about our company. We only send newsletters with users’ permission. We use a double opt-in procedure in this regard. After signing up for the newsletter, you will receive an email asking you to confirm your subscription. We use this procedure to ensure that no one can subscribe using an email address that is not their own. We log newsletter subscriptions in order to document the subscription process in accordance with statutory requirements. This includes the date, time and IP address at the time of subscription.
To subscribe to the newsletter, the only data you need to provide is your email address.
5.1.2. Purpose of data processing
We send out newsletters for promotional purposes in order to inform our existing customers of our company's products, offers and promotions.
5.1.3. Data processing recipient
Your data are processed by our marketing department when you subscribe to the newsletter.
We have contracted iS-Fun Internet Services GmbH, Badhausweg 8, 76307 Karlsbad to send out the newsletters, acting as an external processor under data protection law. The data processing occurs in Germany. The data protection provisions of the email service provider can be viewed here: (https://www.is-fun.de/impressum/)
5.1.4. Lawful basis of processing
We only send newsletters with the users’ permission. The lawful basis for this is Article 6(1)(a) GDPR.
5.1.5. Duration of storage
We store the personal data you provided in order to subscribe to the newsletter until you revoke your consent.
5.1.6. Objection and removal options
If you no longer wish to receive our newsletter, you can cancel your subscription at any time, revoking your consent. An unsubscribe link is provided at the end of each newsletter. When you unsubscribe, the personal data you provided in order to subscribe to the newsletter are deleted.
6. Data security
We implement technical, contractual and organisational measures to ensure the security of data processing consistent with the state of technology. We therefore ensure compliance with the provisions of data protection laws and the General Data Protection Regulation in particular, and ensure the data processed by us is protected against destruction, loss, modification and unauthorised access. These security measures include encrypted transmission of data between your browser and our servers. Please note that SSL encryption for transmissions sent over the internet is only active when the lock symbol appears in the lower menu bar of your browser window and the address begins with http://https://. SSL (Secure Socket Layer) uses encryption technology to protect data transmissions against illegal access by third parties. If this option is not available, you can decide not to send certain data over the internet.
All the information you transmit to us is stored and processed on our servers in the Federal Republic of Germany.
7. Forwarding of data to third parties and third-party providers
Data is forwarded to third parties exclusively within the scope of statutory provisions. We only forward users’ data if necessary for contractual purposes on the basis of Art. 6(1)(b) GDPR or due to legitimate interests, within the meaning of Art. 6(1)(f) GDPR, in the economical and effective operation of our business.
To assist with the operation and maintenance of our website and information technology systems, we rely on the systems of providers, which may become aware of your personal data in connection with maintenance and upkeep of the IT systems; this occurs within the scope of external data processing under data protection law per Art. 28 GDPR. We have therefore implemented appropriate legal, technical and organisational measures with the service providers in order to ensure the protection of the personal data in accordance with the relevant statutory provisions. Your personal data are not transferred to any third countries or international organisations.
8. Your rights
When we process personal data you provide, you are the “data subject” within the meaning of the General Data Protection Regulation (GDPR) and you have the following rights vis-a-vis us in relation to the personal data that relates to you:
- Right of access (Art. 15 GDPR)
- Right to correction (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).
With regard to requests for information not made in writing, please note that we may request that you provide proof that you are who you say you are
9. Amendment of the data protection policy
We reserve the right to amend the Data Protection Policy in order to adapt it to changed legal situations or for changes in the service or data processing. This only applies with regard to data processing policies, however. Insofar as user consent is required or components of the Data Protection Policy contain provisions regarding the contractual relationship with users, the amendments are only made with the users’ consent.
Please inform yourself regularly of the contents of the Data Protection Policy.