We take the protection of your personal data seriously and adhere to the legal rules of data protection. Personal data is only collected to the extent necessary.
The following declaration gives you an overview of how we guarantee this protection, and what kind of data is collected for what purpose.
§ 1 Name and contact details of the data controller and the data protection officer
(1) The data controller within the meaning of Art. 4 para. 7 of the EU Geneneral Data Protection Regulation (GDPR) is
75323 Bad Wildbad-Calmbach
Managing Directors: Peter Kaiser, Michael Rentschler
T: 07081 95444 0
F: 07081 95444 10
(2) You can reach the data protection officer of the data controller at the following address
Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
§ 2 General information on the processing of personal data
(1) In the following we inform you about the processing of personal data, in particular when using our website.
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person shall be considered identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Data subject is any identified or identifiable natural person whose personal data is processed by the data controller.
Processing means any operation or set of operations which is carried out with or without the aid of automated processes and which relates to personal data, such as collection, recording, organization, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
Restriction of processing
Limitation of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movement of that natural person.
Pseudonymization means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures, ensuring that the personal data is not attributed to an identified or identifiable natural person.
Person responsible or data controller
The controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the data controller or data controllers may be designated in accordance with Union law or with the law of the Member States on the basis of certain criteria.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. However, authorities which may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States shall not be considered as recipients.
Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or processor.
Consent shall mean any voluntary, informed and unambiguous expression by the data subject of his or her will in the particular case, in the form of a statement or other unequivocal confirmatory act, indicating that he or she consents to the processing of his or her personal data.
(2) We will process your personal data only if a legal basis has been established, in particular if
(3) Fundamentally, we do not transfer any data to a third country (outside the EU). Should such a transfer become necessary, we will obtain your consent if your consent does not already result from the contractual relationship (e.g. delivery to a third country).
(4) We adhere to the principles of data avoidance and data economy. We will therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the various storage periods provided for by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data will be routinely blocked or deleted in accordance with the statutory provisions. Basically, the duration of the storage is measured on the basis of the respective legal retention period, e.g. commercial and tax retention periods according to § 257 Para. 4 HGB, § 147 Para. 3 AO (6 or 10 years). Retention periods may also arise due to current limitation periods for claims. Thus, civil law claims regularly expire in 3 years, at most in 30 years.
After expiry of this period, the corresponding data will be routinely deleted if they are no longer required for contract fulfilment or contract initiation and/or if there is no justified interest on our part in further storage.
(5) If you have not registered with us for a newsletter or an advertising mailing, and also no justification exists according to Art. 6 Para. 1 S. 1 lit. f GDPR, or an objection according to § 21 para. 2 GDPR is available, we will not use your data to inform you about further products from our portfolio.
However, we use your data to provide you with technical information for the contract processing if necessary.
(7) We would like to point out that data transmission over the Internet, e.g. via a browser or e-mail, may have security gaps. A complete protection of the data against access by third parties is not possible.
§ 3 Processing of personal data when visiting our website
(1) If you only use the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we will collect the following data, which is technically necessary for us to display our website to you, and to guarantee stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):
Operating system (e.g. Windows 10, Linux) and its interface (e.g. X-Windows)
Language and version of the browser software.
(2) The data mentioned will be processed by us for the following purposes:
Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person unless otherwise stated below.
(3) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using, and through which certain information flows to the entity that set the cookie (here through us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
a) This website uses the following types of cookies or comparable software, the scope and function of which are explained below:
b) Transient cookies are automatically deleted when you close your browser.
This especially includes session cookies. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session.
This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
d) You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.
f) The Flash cookies used are not stored by your browser, but rather by your Flash plug-in. We also use HTML5 storage objects that are stored on your device. These objects store the required data regardless of the browser you are using and do not have an automatic expiration date. If you do not want the Flash cookies to be processed, you must install an appropriate add-on, e.g.
“Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend that you regularly delete your cookies and browser history manually.
(4) In addition, we use analysis services when visiting our website. Further explanations are given below.
§ 4 Applications
We process the personal data of applicants for the purpose of handling the application procedure on the legal basis of Art. 6 para. 1 lit. b GDPR, § 26 para. 1 BDSG as well as Art. 6 para. 1 lit. a GDPR. The processing may also be carried out electronically. This is particularly the case if an applicant submits application documents to us electronically, for example, by e-mail or via a web form on the website. If an employment relationship is established, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, we will automatically delete the application documents two months after notification of the rejection decision, provided that there are no other legitimate interests to the contrary. Another legitimate interest in this sense is, for example, an obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).
§ 5 Processing of personal data when visiting our website
(1) Personal data shall be processed in order to fulfil our rights and obligations under a contractual relationship with our customers and other business partners.
We collect (process) the following personal data from you:
(2) The processing of this data is performed (purpose),
(3) We process personal data for the contractual relationship and record it in our database system (ERP, CRM) and in our accounting department. The data is also forwarded to our tax consultant. Recipients of personal data may also be third parties if contracts or services are offered or rendered by us together with partners, as well as suppliers, subcontractors, contractors of preceding or subsequent trades and credit institutions insofar as this is necessary in each case for the execution of the contract (manufacture, delivery, payment). For the delivery of orders we will pass on your data to the commissioned shipping company. No profiling or automatic decision making is carried out. The collection, storage and transfer of data is carried out on the basis of Art.6 Para.1 S.1 lit. b GDPR. Further processing will only be performed if you have given your consent, or if there is legal permission. Failure to provide data may result in the contract not being concluded or not being able to be executed.
(4) As a matter of principle, we collect data directly from the persons affected by the contractual relationship (data subjects pursuant to Art. 13 GDPR).
As a rule, we do not process any personal data that we have collected from third parties. Otherwise, we shall inform the data subject separately in accordance with Art. 14 GDPR, in particular about the source from which the personal data originated. This only applies in the absence of one of the following cases:
(5) For the duration of the storage and retention of your personal data we refer to above § 2 para. 4.
§ 6 Further functions and offers of our website
(1) In addition to the informative use of our website, we are offering the option of contacting us (e-mail or contact form), which you may use if you have any inquiries. For this purpose, you will generally have to provide further personal data which we will then use to provide the respective service, and to which the aforementioned data processing principles apply. Among other things, it is necessary to provide a valid e-mail address and your name so that we know who sent the request and are able to answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 S. 1 lit. a GDPR on the basis of your voluntary consent. We will delete the data arising in this connection after the storage is no longer necessary, or restrict the processing if there are legal storage obligations.
(2) To some extent we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly.
(3) Furthermore, we may pass on your personal data to third parties if contracts are concluded or similar services are offered by us together with partners.
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
§ 7 Disclosure of data
Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if (enumerated according to relevance):
§ 8 Objection or revocation against the processing of your data
(1) If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation influences the permissibility of the processing of your personal data after you have submitted this to us.
(2) Insofar as we base the processing of your personal data on a weighing of interests (Art. 6 para. 1 S. 1 lit. e and f GDPR), you may object to the processing. This is the case, if the processing is not necessary in particular for the fulfilment of a contract with you, it will be represented by us in each case with the following description of the functions. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the facts and either discontinue, or adapt the data processing, or point out our compelling reasons worthy of protection on the basis of which we will continue the processing.
(3) Of course you can object to the processing of your personal data for advertising purposes at any time.
(4) You can inform us about your objection or revocation by using the contact data mentioned in § 1.
(5) If there is another legal basis for the processing of personal data, we can continue to process this data despite your objection or revocation.
§ 9 Your further rights
You have the following rights towards us with regard to your personal data:
§ 10 Social Media, You-Tube, Google Maps
I. Social Media-Plug-ins
We do not use any social plug-ins (Facebook, Twitter, Google+) on our website.
(1) YouTube LLC is a company belonging to Google LLC. We have included our own YouTube videos in our online offering, which are stored at http://www.YouTube.com and can be played directly from our website. These are all integrated in the “Advanced Privacy Mode”, which means that no data about you as a user will be transferred to YouTube if you do not play the videos. Only when you play the videos will the data referred to in Para. 2 be transmitted. We have no influence on this data transmission. If third-party videos are linked, the extended data protection mode cannot be applied.
(2) By visiting the website, YouTube will receive the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 4 of this declaration will be transmitted. This will occur regardless of whether YouTube provides a user account that you are logged in to, or whether no user account exists. When you’re logged in to Google, your information will be directly associated with your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website to meet your needs. Such evaluation is carried out in particular (even for users who are not logged in) in order to provide demand-oriented advertising, and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
III. Google Maps
(1) We use the services of Google Maps on this website. This enables us to display interactive maps directly on the website and enables you to use the map function conveniently.
(2) By visiting the website, Google will receive the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This will occur regardless of whether Google provides a user account that you are logged in to, or whether no user account exists. When you’re logged in to Google, your information will be directly associated with your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website to meet your needs. Such evaluation is carried out in particular (even for users who are not logged in) in order to provide demand-oriented advertising, and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
(3) Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the provider’s data protection declarations. There you will also find further information on your rights, and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy . Google also processes your personal data in the USA, and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
§ 11 jQuery
Our website uses jQuery as an external program library in the form of the integration variant via a Google server. We do not transfer personal data to third parties ourselves, but only between your browser and the third party server. This gives the third party provider access to your personal data, at least to your IP address. The data will be collected on the basis of Art. 6 para. 1 S. 1 lit. f GDPR.
§ 12 Use of analysis software
I. Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “Cookies”, which are text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is enabled on this website, Google will first truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.
(2) The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are further processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you is related to a person, it will be excluded immediately and the personal data thus deleted immediately.
(5) We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained will enable us to improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework . The legal basis for the use of Google Analytics is Art. 6 para. 1 S. 1 lit. f GDPR.
(6) Third party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/intl/de/analytics/learn/privacy.html ,as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy .
(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your use in your customer account under “My data”, “Personal data”.
II. Google AdWords Conversion Tracking
(1) We use the online advertising program “Google AdWords” and conversion tracking within the framework of Google AdWords. The Google Conversion Tracking is an analysis service of Google Inc. When you click on an ad placed by Google, a conversion tracking cookie is placed on your computer. These cookies lose their validity after 30 days, contain no personal data and are therefore not used for personal identification.
(2) If you visit certain pages of our website and the cookie has not expired, Google and we may recognize that you have clicked on the ad and were directed to that page. Each Google AdWords customer will receive a different cookie. Therefore, there is no possibility that cookies can be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers can see the total number of users who clicked on their ad, and were then redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users.
§ 13 Google reCAPTCHA
(1) We use Google reCAPTCHA. The purpose of this software is to use a Turing test to ensure that a certain action on our website is performed by a human being and not automatically by a so-called (Ro-)Bot. This service enables the provider (Google) to determine from which website an inquiry is sent and from which IP address the so-called reCAPTCHA input box is used. In addition to your IP address, Google collects other information necessary to provide and guarantee this service.
(2) This service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. Through a certification according to the EU-US Privacy Shield) https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active Google declares that the EU’s data protection requirements are also met when processing data in the United States. Google offers further information on the general handling of your data at https://policies.google.com/privacy
(3) The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the security of our Internet presence and in the defense against unwanted, automated access in the form of spam or similar.
§ 14 Data security
(1) We use the widely utilized SSL (Secure Socket Layer) method within the website in conjunction with the highest level of encryption supported by your browser. As a rule, this will be a 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in the encrypted form by the closed representation of the key or lock symbol in the status bar of your browser.
(2) We use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are being continuously improved in line with new technological developments.
§ 15 Spamschutz durch Akismet
Diese Seite nutzt das Akismet-Plugin der Automattic Inc., 60 29th Street #343, San Francisco, CA 94110-4929, USA. Mit Hilfe dieses Plugins werden Kommentare von echten Menschen von Spam-Kommentaren unterschieden. Dazu werden alle Kommentarangaben an einen Server in den USA verschickt, wo sie analysiert und für Vergleichszwecke vier Tage lang gespeichert werden. Ist ein Kommentar als Spam eingestuft worden, werden die Daten über diese Zeit hinaus gespeichert. Zu diesen Angaben gehören der eingegebene Name, die Emailadresse, die IP-Adresse, der Kommentarinhalt, der Referrer, Angaben zum verwendeten Browser sowie dem Computersystem und die Zeit des Eintrags. Sie können gerne Pseudonyme nutzen, oder auf die Eingabe des Namens oder der Emailadresse verzichten. Sie können die Übertragung der Daten komplett verhindern, in dem Sie unser Kommentarsystem nicht nutzen. Das wäre schade, aber leider sehen wir sonst keine Alternativen, die ebenso effektiv arbeiten. Sie können der Nutzung Ihrer Daten für die Zukunft unter email@example.com, Betreff “Deletion of Data stored by Akismet” unter Angabe/Beschreibung der gespeicherten Daten widersprechen.
§ 16 Cookiebot
• your anonymized IP address;
• the date and time of your consent;
• the user agent of your browser;
• the provider’s URL;
• an anonymous, random, and encrypted key.
• your cookie status which serves as proof of consent.
The encrypted key and cookie status are stored by means of a cookie on your device to enable the corresponding cookie status to be restored when you return to our site. This cookie automatically deletes after 12 months. The legal basis for this processing of data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is in the user-friendliness of the website and the fulfillment of the statutory requirements of GDPR. You can prevent cookies from being installed and/or delete this cookie by adjusting the settings on your internet browser.