We are pleased about your interest in our company. Data protection has a great importance for the management of Simac Electronics GmbH. The usage of the websites of Simac Electronics GmbH is fundamentally possible without indicating any personal data. If the data subject makes use of special services from our company via the website, personal data may be required for the processing. If the processing of personal data is required and there is no legal basis for processing, we will generally obtain the approval of the data subject beforehand.
The processing of personal data for example name, address, e-mail or telephone number of the data subject is always in accordance with the general data protection regulation and with country-specific data protection regulations of Simac Electronics GmbH. With the aid of this privacy statement, our company wants to inform the public about the type, extent and purpose of the raised, used and processed personal data from us. Moreover, the data subject gets informed about the vested right by means of the privacy statement.
The Simac Electronics GmbH as the company in charge, has implemented various technical and organizational measures to ensure the preferably gapless protection of the processed personal data of the website. Nevertheless, internet-based data transmission can generally display security holes, thereby it is also possible to transmit personal data alternatively, for example via telephone.
Personal data are any information which refer to an identified or identifiable natural person (in the following “data subject”). An identifiable natural person is someone who can be identified directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
A data subject is every identified or identifiable natural person whose personal data is processed by the controller.
Processing is any operation or set of operations which are performed on personal data whether or not by automated means such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other type of provision, alignment or combination, restriction, erasure or destruction.
Restriction of processing
This is the marking of stored personal data with the aim of limiting their processing in the future.
This is any type of automated processing of personal data consisting in the use of personal data to evaluate certain personal aspects relating to a natural person. In particular, it analyses or predicts aspects concerning the natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data cannot be longer attributed to a specific data subject without the use of additional information. It is provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.
This is the natural or legal person, public authority, agency or any other body which determines solely or jointly with others the purposes and means of the processing of personal data. If the purposes and means are determined by European Union or member state law, the controller or rather the specific criteria for its nomination may be provided by the Union or member state law.
This is a natural or legal person, public authority, agency or any other body which processes personal data on the behalf of the controller
Recipient is a natural or legal person, public authority, agency or any other body to which personal data is disclosed whether it is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or member state law, shall not be regarded as recipients. The processing of those data by public authorities shall be in compliance with the applicable data protection regulations according to the purposes of the processing.
A third party is a natural or legal person, public authority, agency or any other body then the data subject, controller, processor or persons who are under the direct authority of the controller or the processor which are authorised to process personal data.
The consent is any freely, specific and in informed manner and unambiguous given declaration of the will of the data subject. This statement or clear affirmative action signifies the agreement of the processing of personal data concerning the person.
2. Name and address of the controller
Controller according to the general data protection regulation, other relevant data protection acts in the member states of the European Union and other provisions with the principles of the data protection law is:
Simac Electronic GmbH
3. Name and address of the data protection officer
The data protection officer of the controller is:
SIMAC Electronics GmbH
The data subject can prevent the setting of Cookies on our website at any time through the according configuration in the used internet browser and can thereby contradict the setting of Cookies permanently. Furthermore, already set Cookies can be deleted via the internet browser or other software programmes. This is possible in all common internet browsers. If the data subject deletes the set Cookies in the used internet browser, not all functions might possibly be fully accessible on our website.
5. Capture of general data and information
The website of Simac Electronics GmbH captures with every visit on the website through a data subject or an automated system, a series of general data and information. These general data and information are saved in logfiles of the server. The (1) used browser types and versions, (2) operating system of the accessing system, (3) website from which the accessing system has opened our website (so-called referrer), (4) sub-websites which are opened by the accessing system, (5) date and time of access, (6) internet protocol address (IP address), (7) internet server provider of the accessing system and (8) any other similar data and information which serves as an emergency response in case of attacks on our information technological systems, can be gathered.
With the use of these general data and information, the Simac Electronics GmbH does not draw conclusions on the data subject. This information is moreover required for (1) correctly transferring contents on our website, (2) optimizing the contents as well as the advertisements on our website, (3) guaranteeing the permanent functionality of our information technological systems and the technology of our website, as well as (4) providing the necessary information for the prosecution to the prosecuting authorities in case of a cyberattack. These anonymous data and information are evaluated statistically and with the aim to increase the data protection and safety in our company by Simac Electronics GmbH, to ultimately ensure an optimal safety level for the processed personal data. The anonymous data of the server logfiles are saved separately of the gathered personal data from all data subjects.
6. Registration on our website
The data subject has the opportunity to register himself or herself on the website of the controller with the information of personal data. Which personal data is transmitted to the controller, results of the respective input mask which is utilized for the registration. The personal data stated by the data subject is only raised and saved for internal use and for own purposes by the controller. The controller is able to arrange transfer of personal data to one or more data processors (f. e. a parcel service), who use it only for internal appropriation which is also only attributed to the controller.
With a registration on the website of the controller, the data subject’s IP address assigned by the internet service provider (ISP), the date as well as the time of the registration is also saved. The storage of this data takes place in that light that only due to this, the misuse of our services can be prevented and in case of committed offences, is it possible to solve them. Insofar, the storage of this data is necessary for the protection of the controller. The transfer of this data to a third party does generally not occur provided that there is no legal obligation or this does not serve for a prosecution.
The registration of the data subject as an optional mention of personal data serves for the controller to offer the data subject contents or services which can only be offered to registered users due to the nature of things. Registered persons have the opportunity to change the personal data at any time or to let the data be deleted completely from the database of the controller.
The controller provides details to every data subject which personal data of them is saved on request. Moreover, the controller rectifies or erases personal data upon request or on note of the data subjects provided that there are no legal retention requirements. The whole staff of the controller serves the data subject as contact person in that manner.
7. Contact opportunity on our website
The website of Simac Electronics GmbH contains on the basis of legal provisions information which enable a fast, electronic contacting our company as well as a direct communication which contains also a general address of the so-called electronic post (e-mail address). If the data subject establishes contact with the controller via e-mail or via contact form, the transmitted personal data of the data subject will be automatically saved. Such data sent on voluntary based from a data subject to the controller is only used for the purpose of processing or contacting the data subject. There will not be made a transfer to a third party.
8. Routine cancellation and blocking of personal data
The controller only processes and saves personal data of the data subject for the period which is required for the achievement of the storage purpose or which is provided by European guidelines and regulators or other regulators in obligations or provisions whereby the controller is subjected to.
If the saving purpose lapse or the mandatory memory term from the European guidelines and regulators or from other relevant legislators expires, the personal data will be erased or blocked routinely and according to the legal provisions.
9. Rights of data subject
Right of confirmation
Every data subject has the granted right by the European guidelines and regulators that they can claim a confirmation from the controller whether the controller processes relevant personal data. If a data subject wants to claim the right of confirmation, he or she can appeal to an employee of the controller at any time.
Right of disclosure
Any data subject whose data is processed shall have the right to obtain free information from the controller about the personal data concerning him or her being saved and to receive a copy of that. Moreover, the European guidelines and regulators granted the data subject the disclosure of the following information:
- the purposes of processing
- the categories of personal data which are processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
- if possible, the envisaged period for which the personal data will be stored or if it is not possible, the criteria which are used to determine that period
- the existence of the right to request rectification or erasure of personal data or restriction of processing personal data from the controller or a right of objection to this processing
- the right to lodge a complaint with a supervisory authority
- if the personal data is not collected from the data subject: any available information of their source
- the existence of automated decision-making including profiling referred to art. 22 I and II (GDPR) and – at least in those cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject
Moreover, the data subject has the right of disclosure if personal data was transmitted to a third country or an international organisation. If this is the case, the data subject has also the right to access the appropriate guarantees in connection with the transfer.
If a data subject wants to claim the right of confirmation, he or she can appeal to an employee of the controller at any time.
Right of rectification
Every data subject whose personal data is processed has the right from the European guidelines and regulators to claim the controller to rectify immediately the relevant inaccurate personal data. Moreover, he or she has the right to demand the completion incomplete personal data in consideration of the purpose of processing –also via a complementary declaration.
If the data subject wants to claim the right of rectification, he or she can contact an employee of the controller at any time.
Right to erasure (right to be forgotten)
Every data subject whose personal data is processed has the right from the European guidelines and regulators to claim the controller that the personal data of the data subject will be erased immediately if one of the following causes applies and the processing is not required:
- the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed
- the data subject withdraws its consent on which the processing is based according to art. 6 I lit. a (GDPR) or art. 9 II lit. 2 (GDPR) and there is no other legal ground for processing
- the data subject objects the processing pursuant to art. 21 I (GDPR)and there is no overriding legitimate cause for the processing or the data subjects objects the processing pursuant to art. 21 II (GDPR)
- the personal data have been unlawfully processed
- the personal data have to be erased for compliance with a legal obligation in union or member state law to which the controller is subject
- the personal data have been collected in relation to the offer of information society services referred to in art. 8 I (GDPR)
If one of the causes matches and the relevant person claims the erasure of the personal data which the Simac Electronics GmbH has saved, any employee of the controller can be contacted at any time. The employee of the Simac Electronics GmbH will arrange the claim of erasure immediately.
If personal data were published from the Simac Electronics GmbH and our company is obligated to erasure referring to art. 17 I (GDPR) as the responsible, the Simac Electronics GmbH takes reasonable steps considering the available technology and implementation costs also of technical nature to inform other data processing controllers which process the published personal data that the data subject claims the erasure of any links to any personal data, copies or replications of this specific personal data so far as is not required for processing. The employee of the Simac Electronics GmbH will arrange in the individual case everything necessary.
Right to restriction of processing
Every data subject whose personal data is processed has the right from the European guidelines and regulators to claim the restriction of processing by the controller if one of the following requirements is fulfilled:
- the accuracy of the personal data is contested by the data subject, as for a period enabling the controller to verify the accuracy of the personal data
- the processing is unlawful, but the data subject opposes the erasure of the personal data and requests the restriction of their use instead
- the controller no longer needs the personal data for the purposes of processing but the data subject needs them for the establishment, exercise and defence of legal claims
If one of the above-named requirements is fulfilled and the data subject claims on the restriction of processing the personal data which the Simac Electronics GmbH has saved, it can contact an employee of the controller at any time. The employee will arrange the restriction of the processing.
Right to data portability
Every data subject whose personal data is processed has the right by the European guidelines and regulators to claim the right to get her or his personal data which the data subject has provided to the controller, in a structured, common and machine-readable format. They have also the right to transfer the personal data to another controller whereby the current controller is not allowed to hinder this process as far as the processing is based on a consent referring to art. 6 I lit. a (GDPR) or art. 9 II lit. a(GDPR) or referring to a contract referring to art. 6 I lit. b (GDPR) and the processing takes place with the aid of automated procedure, as far as the processing does not occur for the perception of an assignment which is in public interest or in exertion of public violence where the controller has been assigned to.
Moreover, the data subject has the right by the right of exertion of data portability referring to art. 20 I (GDPR) to claim that the personal data is going to be transferred from one controller to another as far as it is technically possible and it does not affect the rights and liberties of other individuals.
For the assertion of the right to data portability, the data subject can contact an employee of the Simac Electronics GmbH at any time.
Right to objection
Every data subject whose personal data is processed has the right by the European guidelines and regulators by reasons which arise from a special situation to enter an objection against the processing of the relevant personal data which take place on base of art. 6 I lit. e or f (GDPR). This is also valid for profiling based on these regulations.
The Simac Electronics GmbH does not process personal data anymore in case of an objection unless we can determine mandatory reasons worth protecting for the processing which prevail the interest, rights and liberties of the data subject or the processing serves as assertion, exertion or defence of legal claims.
If the Simac Electronics GmbH processes personal data to practice direct marketing, the data subject has the right to object the processing of personal data for such advertising purposes at any time. This is also valid for the profiling as far as it is connected to such direct marketing. If the data subject objects the processing of personal data for advertising purposes against Simac Electronics GmbH, Simac Electronics GmbH will not process the personal data for these purposes anymore.
Moreover, the data subject has right to object against processing of the relevant personal data which serve Simac Electronics GmbH for scientific or historical research or statistical purposes pursuant to art. 89 I (GDPR), unless such processing is necessary for fulfilment of a task for public benefit.
For the exertion of the right to objection, the data subject can contact any employee of the Simac Electronics GmbH or another employee. The data subject has the possibility in relation with the usage of services of the information society, notwithstanding the guideline 2002/58/EG, to claim the right to object via automated proceedings which use technical specifications.
Automated individual decision-making including profiling
Every data subject whose personal data is processed has the right by the European guidelines and regulators not to be subjected by a decision based only on an automated processing including profiling which has a legal effect to her or affects her badly in a similar way, as far as the decision is: (1) not necessary for the conclusion or the fulfilment of a contract between the data subject and the controller or (2) permissible on the basis of legal provisions from the Union or the member states where the controller is subjected to, and this legal provision contains appropriate measures for the protection of the rights and liberties as well as the justified interest of the data subject or (3) takes place with the explicit consent of the data subject.
If the decision is (1) required for the exertion or the fulfilment of a contract between the data subject and the controller or (2) takes place with the explicit consent of the data subject, Simac Electronics GmbH takes appropriate measures to maintain the rights and liberties as well as justified interest of the data subject which inherits at least the rights to obtain the intervention of a person from the controller, or demonstrating their own position and contesting the decision.
If the data subject wants to claim the right relating to automated decision, he or she can contact any employee of the controller at any time.
Right to revoke the consent of the data regulation law
Every data subject whose personal data is processed has the right by the European guidelines and regulators to claim revocation to the consent of processing personal data at any time.
If the data subject wants to claim the right to repeal the consent of the data regulation law, he or she can contact any employee of the controller at any time.
10. Data protection by application and in the application procedure
The controller raises and processes the personal data of applicants for the purpose of handling the application procedure. The processing can occur by electronic means. This is especially the case if an applicant transfers the relevant application documents to the controller by electronic means for example via e-mail or a form on the website. If the controller concludes an employment contract with the applicant, the transferred data are saved for the purpose of transaction of the employment in compliance with legal provisions. If the controller does not conclude an employment contract with the applicant, the application is going to be erased automatically two months later after the notification of the rejection as far as there are no other justified interests of the controller against the erasure. Miscellaneous justified interest is for example the burden of proof according to the General Act on Equal Treatment (GAET).
11. Data protection regulations for the application and use for Facebook
The controller has integrated components of the company Facebook on this website. Facebook is a social network.
A social network is a social meeting place operated in the internet, an online community which allows users generally to communicate among each other and to interact in virtual rooms. A social network can be used as a platform for the exchange of experiences and opinions or to allow the internet community to provide personal and business-related information. Facebook enables users of the social network inter alia the creation of private profiles, upload of photos and the networking via friendship requests.
The operating company of Facebook is the Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If the data subject lives outside the USA or Canada, the controller of personal data is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With every visit on a single page on this website which is operated by the controller and on which a component of Facebook is integrated (Facebook plug-in), the internet browser on the information technological system of the data subject is prompted by the according Facebook component to download a representation of the according Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found here: https://developers.facebook.com/docs/plugins/?locale=en_US . Within this technical procedure receives Facebook the information on which explicit subpage on our website is visited by the data subject.
As far as the data subject is logged in on Facebook simultaneously, Facebook detects with every visit on our website and the complete duration of the stay on our website, which explicit sub-website has been visited by the data subject. This information is collected through the component of Facebook and linked to the referring Facebook account of the data subject. If a data subject presses one of the integrated Facebook buttons on our website, for example the “Like” button or the data subjects writes a comment, Facebook will associate this information to the personal Facebook user account of the data subject and saves this personal data.
Facebook receives information through the Facebook component every time that the data subject visited our website, if the data subject is simultaneously logged in on Facebook up to the time of the visit; this happens independently whether or not the data subject clicks on the Facebook component or not. If such a transfer of information to Facebook is not in intended by the data subject, the data subject can stop the transfer by means of logging out on Facebook before the visit of our website.
12. Data protection regulations for the application and use of Google Analytics (with function for anonymisation)
The controller has integrated components from Google Analytics (with function for anonymisation) on this website. Google Analytics is a web analysis service. Web analysis is the uprising, collection and evaluation of data about the behaviour of visitors of websites. The web analysis service captures inter alia data about from which website the data subject is coming (so-called referrer), which subpages of the website are visited or how often and for how long the subpage was visited. A web analysis is generally used for the improvement of a website and for cost-benefit-analysis of websites.
The company of Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043 – 1351, USA.
The controller uses for the web analysis via Google Analysis the addition “_gat._anonymizeIp”. Via this addition, the IP address of the internet connection of the data subject is shortened and anonymised by Google if the access on our website occurs from a member state of the European Union or from a contractual state of the convention about the European Economic Area.
The purpose of the Google Analytics component is the analysis of streams of visitors on our website. Google uses the gained data and information to evaluate the usage of our website, to compile online reports which show the activities on our websites and to deliver further available services in relation to the usage of our website.
Google Analytics sets a Cookie on the information technological system of the data subject. The subject Cookie has already been explained above. With setting this Cookie, Google is enabled to do this analysis of our website. Through every visit of the subpages of this website which is operated by the controller and where the Google Analytics component was integrated, the internet browser on the information technological system of the data subject is automatically prompted by the particular Google Analytics component to transfer data for the purpose of the online analysis to Google. Within this technological procedure, Google acquires knowledge about the personal data like the IP address of the data subject which serve Google to retrace the location of the visitor, the number of visits and klicks and as a result, to enable commission invoices.
With this Cookies, personal data, for example the time of access, the location from where an access originated and the frequency of visits on our website by the data subject are saved. Through every visit on our website, this personal data, including the IP address of the used internet connection of the data subject, is transferred to and saved by Google in the United States of America. Google might give the personal data which is gained through the technical procedures possibly to a third party.
The data subject can prevent the setting of Cookies by our website at any time, via a particular configuration of the used internet browser like explained above and in this way, disagree to this permanently. Such configuration of the used internet browser would also prevent that Google sets a Cookie on the information technological system of the data subject. Additionally, it is possible to erase an already set Cookie by the internet browser or another software program at any time.
13. Data protection regulations for the application of YouTube
The controller has integrated components from YouTube. YouTube is an internet video portal which enables video-publisher the upload of videos clips and other users the viewing, valuation and commenting for free. YouTube allows publication of all kinds of videos which is why there are complete movie and tv shows, music videos, trailers as well as self-made videos from users available at the internet portal.
The operating company of YouTube is the YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The YouTube LLC is a subsidiary of the Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043 – 1351, USA.
With each visit on a subpage of this website which is operated by the controller and has integrated a YouTube component (YouTube-video), the internet browser on the information technological system of the data subject is prompted automatically by the particular YouTube component to download a representation of the according YouTube component by YouTube. Further information about YouTube can be called up on https://www.youtube.com/intl/en-GB/yt/about/ . Within this technical procedure YouTube and Google acquires knowledge on which explicit subpages of our website is visited by the data subject.
As far as the data subject is logged in on YouTube simultaneously, YouTube will recognize what explicit subpage of our website the data subject has visited with each visit of a subpage which contains a YouTube video. This information will be collected by YouTube and Google and will be associated with the particular YouTube account of the data subject.
YouTube and Google receive information every time that the data subject has visited our website via the YouTube component if the data subject is logged in on YouTube simultaneously to the visit our website and this happens independently on if the data subject opens a YouTube video or not. If such transfer of information to YouTube and Google is not intended by the data subject, this transfer can be prevented by logging out of YouTube before visiting our website.
14. Legal basis of processing
Art.6 I lit. a (GDPR) serves our company as the legal basis for processing acts for which we obtain approval for a particular purpose of processing. If the processing of personal data is necessary for the fulfilment of a contract, in which the contracting party is the data subject, this is the case with some processing acts which are necessary for a delivery of commodities or service for example, then this processing refers to art. 6 I lit. b (GDPR). The same applies on processes which are necessarily needed for the provision of precontractual measures, like in cases of enquiries for our products and services. If our company is subject to a legal obligation, due to this a processing of personal data is necessary, as for example the fulfilment of tax duties, the processing is based on art. 6 I lit. c (GDPR). In rare cases, the processing of personal data could be necessary to protect the vital interests of data subjects or other natural persons. Such a case could be for example if a visitor in our company gets injured and his or her name, age, data of health insurance or other vital information must be transferred to a doctor, hospital or other third parties. Then the processing refers to art. 6 I lit. d (GDPR). Finally, the procedures could refer on art. 6 I lit. f (GDPR). On this legal basis, procedures are based which are not included by the legal bases beforehand if the processing is necessary for protection of a justified interest from our company or a third party, as far as the interest, fundamental rights and fundamental freedoms of the data subject are not prevailing. Such procedures are especially allowed because they were especially mentioned by the European legislator. He represents the conception insofar, that a justified interest could be accepted if the data subject is a customer of the controller (recital 47 sentence 2 (GDPR)).
15. Justified interests in processing which are pursued by the controller or by a third party
Referring the processing on personal data art. 6 I (GPDR), it is our justified interest to execute our business operations in favour the welfare of all our employees and our shareholder.
16. Duration of storage of personal data
The criteria of the duration for the storage of personal data is the particular legal retention obligation. After the expiry of the obligation, the relevant data is going to be erased routinely, as far as there are not necessary for any performance of a contract or a contract initiation.
17. Legal or contractual regulations for provisioning personal data; necessity for the conclusion of contract; obligation of data subject to provide personal data; potential consequences of non-provison
We clarify to you that the provision of personal data is partially prescribed by law (for example tax regulations) or result from contractual arrangements (for example data of the contracting party). Sometimes it might be necessary to conclude a contract that the data subject allocates us personal data which must be processed in our company in consequence. The data subject is obliged to provide us personal data, f.e. when our company terminates a contract with him or her. The non-provision of personal data would have the consequences that a contract with the data subject could not be concluded. Before the provision of personal data through the data subject, the data subject has to contact one of our employees. Our employee will clarify to the data subject individually, if the provision of the personal data is legally or contractually obligated or necessary for the conclusion of a contract, if there is an obligation in order to provide the personal data and which consequences a non-provision of personal data would have.
18. Existing of an automated decisoin-making
As a conscientious company, we waive automated decision-making or a profiling.