Data Privacy Policy
SPINNER GmbH thanks you for visiting this website and for your interest in the products and services of the SPINNER brand. This document informs you in detail about which data SPINNER GmbH captures when you visit our website and how we protect and process this information.
Contents
- Controller and data protection officer
- Data capture in connection with the use of our website
- Contact and quotation requests using our form or by email
- Social Media
- Data capture when using our online shop
- Transfer of data to other parties
- Digital information services
- Use of cookies
- Capture and processing of utilization data
- Embedded YouTube videos
- Social plugins
- Google Analytics
- Google Ads
- Google Tag Manager
- LinkedIn Insight Tag
- Usercentrics Consent Management Platform
- Salesforce
- Map services
- Video surveillance at the SPINNER sites in Westerham, Munich and Lauenstein
- Protection of your personal data
- Your rights
1. Controller and data protection officer
Controller in the sense of Art. 4, No. 7 of the General Data Protection Regulation (GDPR) of the European Union:
SPINNER GmbH,
represented by managing directors Katharina König and Torsten Smyk at
Erzgiessereistrasse 33
80335 Munich, Germany
Phone: +49 89 12601 0
Fax: +49 89 12601 1292
Email:
Data protection officer:
TÜV SÜD Akademie GmbH
Aslihan Kilic
2. Data capture during use of our website
2.1 Data capture
Every time that our website is called, our system―i.e. the webserver―automatically captures information on the computer or other device used to access it.
We collect the following information:
- The browser type and version
- The operating system running on the user’s device
- The user’s Internet service provider
- The user’s IP address
- The date and time at which our website is accessed
- The website, if any, from which the user has linked to our website
2.2 Purpose of processing
It is necessary for our system to temporarily save your IP address in order to deliver our website to your computer. For this to work, the IP address must remain stored for the duration of the session.
The information listed above is stored in log files to ensure that our website works as intended. In addition, these data allow us to improve the website and protect our IT systems (e.g. by detecting malicious attacks).
2.3 Legal basis
The legal basis for capturing and temporarily storing these data and log files is a weighing of legitimate interests as per Art. 6, Paragraph 1, (f) of the General Data Protection Regulation of the European Union (GDPR). Our legitimate interest is to make our website available..
2.4 Duration of data storage
The above-mentioned data are erased as soon as they are no longer required for the purposes for which they were captured. Data captured to enable you to access our website are deleted at the end of the current session.
3. Contact and quotation requests received via our form or email
3.1 Data capture
You may contact us by using our contact form or sending a message to the provided email address. In these cases, we store the personal data that you provide together with your question or request.
3.2 Purpose of data processing
These personal data are processed by us solely for the purpose of processing your message.
3.3 Legal basis for data processing
The legal basis for processing data that you communicate to us when submitting a question or request is a weighing of legitimate interests as per Art. 6, Paragraph 1 (f) of the GDPR (our legitimate interest is to communicate with external customers and other interested parties), the performance of a precontractual condition, or the fulfillment of a contract as per Art. 6, Paragraph 1 (b) of the GDPR.
3.4 Relaying of data to third countries
The SPINNER Group operates sales branches in various regions worldwide. In the case of requests received from outside the European Union, SPINNER reserves the right to relay your data to a regionally responsible sales branch that is geographically closer to you for processing your request or subsequent orders. Requests received from within the European Union are also processed inside the EU.
To the extent that data are relayed to third countries, this is done strictly in accordance with legal requirements, e.g.:
- when there is a legitimate interest in locally processing your request or
- when this is required in order to fulfill the contract.
Additional details on relaying data to third countries are provided in the sections on data capture and processing below.
3.5 Duration of data storage
The above-mentioned data are erased as soon as they are no longer required for fulfilling the purpose for which they have been captured. Regarding personal data that are sent to us by email or using the contact form, this is the case when processing of your request has been completed.
4. Social Media
4.1 Data capture
You can contact us using our contact form, the provided email address, or our social media pages. In the case of social media, we store the personal data that you send together with your request.
4.2 Purpose of data processing
These data are processed exclusively to facilitate the processing your request.
4.3 Legal basis for data processing
The legal basis for processing the data you send to use with your request is a weighing of legitimate interests as per Art. 6, Paragraph 1 (f) of the GDPR (our legitimate interest is to communicate with customers and interested parties) or the performance of a precontractual measure and/or fulfillment of a contract with you as per Art. 6, Paragraph 1 (b) of the GDPR.
4.4 Relaying of data to third countries
Please note that you use these platforms and their functions at your own risk. The company of SPINNER does not actively relay any data from requests in social media to recipients in third countries. We wish to point out, however, that when using social media your data may be processed outside the territory of the European Union. For obtaining detailed information on how the social media providers process data, section 4.5 below contains a list including contact information and links.
4.5 Duration of data storage
The above-mentioned data are erased as soon as they are no longer required for the purpose for which they have been captured. Regarding personal data that are sent to us by email or using the contact form, this is the case when processing of your request has been completed.
For information on other processing of your data by other providers via their platforms, please consult:
- Facebook: (co-)responsibility for data processing in Europe:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Data privacy policy (data guideline): https://www.facebook.com/about/privacy
- Twitter: (co-)responsibility for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Data privacy policy : https://twitter.com/en/privacy
- YouTube: (co-)responsibility for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Data privacy policy : https://policies.google.com/privacy
- LinkedIn: (co-)responsibility for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Data privacy policy : https://www.linkedin.com/legal/privacy-policy
- Xing: (co-)responsibility for data processing in Europe:
XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany
Data privacy policy : https://privacy.xing.com/en
5. Data capture during use of our online shop
5.1. Data capture
If you would like to use our online shop, you must register as a user. We capture and store user and company data (name, postal address, email address, payment data etc.) that you enter. We also combine certain information, such as prices and price lists applicable to use, payment terms, Incoterms® 2020 or other conditions, with your profile. In all cases, processing of your personal data explicitly takes place on a voluntary basis, i.e. with your consent.
5.2 Data transfer for payment processing
To enable payment for orders placed in our online shop, we use the products and services of CONCARDIS GMBH at Helfmann-Park 7, 65760 Eschborn, Germany (“Concardis”) and Sofort GmbH at Theresienhöhe 12, 80339 Munich, Germany (“Sofort”). If you use a credit card to pay in our online shop, Concardis receives payment data for processing your payment. If you pay by direct bank transfer in our online shop, Sofort receives payment data for processing your payment. More information is available in the data privacy policy of Concardis, which can be viewed at https://www.concardis.com/de-en/protecting-your-data, and in the data privacy policy of Sofort, which can be viewed at https://www.sofort.com/payment/wizard/getCmsContent/data_protection/EN/0/en.
For integrating the services of Concardis and Sofort in our online shop, we use the products and services of Computop Wirtschaftsinformatik GmbH, Schwarzenbergstrasse 4, 96050 Bamberg, Germany ("Computop"). We have concluded an order processing agreement with Computop for this purpose.
5.3 Purposes of data processing
We process the personal data captured by us via our online shop exclusively for the following purposes: for checking your profile (commercial customer, internal compliance, if relevant credit rating), for confirming and processing your order and payments, for delivering merchandise while meeting any applicable customs and export requirements, for providing services, for communicating with you, and possibly for analyzing the use of our online shop.
5.4 Legal basis for data processing
The legal basis for processing your personal data is a contract with you as per Art. 6, Paragraph 1 (b) of the GDPR and/or a weighing of legitimate interests as per Art. 6, Paragraph 1 (f) of the GDPR.
5.5 Duration of data storage
The above-mentioned data are erased as soon as they are no longer required for fulfilling the purpose for which they have been captured. Regarding data captured during registration in order to perform a contract or precontractual measures, this is the case when the data are no longer needed to perform the contract. After concluding a contract, it can also be necessary to store personal data of the other party for complying with contractual or legal obligations (e.g. the requirement to retain documents and information of relevance to taxation). We may store data relevant to invoices for up to 10 years.
6. Relaying of data
Personal data captured via this website are only transferred to third parties or contractors to the required extent. For example, we pass your address data to shipping and delivery companies in order for you to receive ordered merchandise.
6.1 Recipients and categories of recipients of personal data
The recipients of data are:
- Government agencies that are legally entitled to receive data (such as social security bodies and tax authorities)
- In-house departments involved in executing relevant business processes (e.g. accounting, invoicing and IT)
- External contractors involved in the processing or use of personal data in accordance with Arts. 28 ff. of the GDPR
- External contractors hired to perform certain business processes (e.g. shipping companies)
- Companies affiliated with SPINNER (e.g. wholly owned subsidiaries)
- SPINNER sales partners (e.g. distributors)
6.2 Legal basis for transferring data
Your personal data are transferred on the basis of your consent (Art. 6, Paragraph 1 (a) of the GDPR), either to fulfill a contract with you (Art. 6, Paragraph 1 (b) of the GDPR) or to comply with a legal obligation to which we are subject (Art. 6, Paragraph 1 (c) of the GDPR). Any processing of your data by a recipient at our request is based on an order processing agreement with that recipient.
7. Digital Information Services
We provide a wide range of digitally provided information on new products and offerings of SPINNER GmbH and recent technological developments and events, including a quarterly newsletter.
If you would like to take advantage of our digital information servies, you must give us permission to send you email. The data we collect from you will only be used for email correspondence. Every time that you open an email or click on a link, these actions are captured for sending you personalized advertising via email and our social media channels, displaying personalized content in emails, on our own website, in our Product Finder, or in our online shop and/or for communicating with you and possibly for analyzing how you use these media. The captured data are used exclusively by us and the recipients indicated in the section on data transfer.
The legal basis for data processing in this case is Art. 6, Paragraph 1 (a) of the GDPR (with your consent).
Data are processed and send via the CRM system of the provider Salesforce.com Germany GmbH, Erika-Mann-Strasse 31, 80636 Munich, Germany.
When you log on to our digital information services, the data you provide are sent to Salesforce and stored there. SPINNER then sends you an email confirming your log-on (“double opt-in”).
When you log on to our digital information services, we capture work-related contact data, your IP address, the date and time when you logged on, and your consent in a double opt-in procedure. Since we are required by Art. 6, Para. 1, Point (c) in conjunction with Art. 7, Para. 1 of the European General Data Protection Regulation (GDPR) to document your consent, we are also entitled to do so.
You may retract at any time your consent to receive emails within the scope of our digital information services and for the associated capture and storage of data. You can do so using a link in the emails or by sending a message to any of the contact addresses listed above.
Our digital information services contain so-called counting pixels. A counting pixel is a miniature graphic that is embedded in emails sent in HTML format to enable recording and analysis of log files. This makes it possible to statistically evaluate the relative success or failure of online marketing campaigns. The company can use the embedded counting pixels to determine whether or not and if so when you have opened an email and which links contained in the email you have clicked on.
We store and evaluate personal data that are captured by counting pixels embedded in sent emails in order to optimize our email campaigns and adjust their content to match your interests more closely. These personal data are not divulged to any third parties. You have the right to withdraw at any time the relevant specific consent for us to send you these emails that you have previously given using the double opt-in procedure. When you do so, we immediately delete your personal data. When you unsubscribe from receiving digital information from us, we automatically treat this as being equivalent to your revoking your consent.
8. Use of cookies
This website uses both temporary session cookies and permanent cookies. Cookies are small text files that your Internet browser stores locally on your computer. They allow us to recognize you if and when you return to our website. This saves you, for example, the trouble of having to register again and helps us recommend relevant products to you. Cookies are a prerequisite for using the shopping basket in our online shop. If you disable cookies in your browsers, you may not be able to fully take advantage of this website’s functionality.
We also use cookies to analyze use of our website and display relevant advertising to you. In this data privacy policy, we describe how to use your browser’s cookie settings. The following table provides general information on the various cookies used:
Name of cookie
|
Description
|
Category
|
Duration of storage/validity |
Session cookie
|
A session cookie is used to facilitate use of the many services available on this website for a high level of user-friendliness.
|
Required
|
Until end of session |
Authentication/login
|
Sustains the login while you are visiting a page.
|
Required
|
Until end of session |
Number of products in list
|
Remembers the number of products to be shown in list or tile views.
|
Convenience
|
12 months |
Selected product list view
|
Remembers whether a customer has chosen the list or tile view.
|
Convenience
|
12 months |
MyAccount panel cookie
|
Remembers the navigation settings at the lower left in the customer account section.
|
Convenience
|
Until end of session |
FileDownload
|
Remembers PDF documents that have been downloaded.
|
Statistics |
Set and then deleted within a few seconds of verification |
_ga
|
Google Analytics cookie used to distinguish users
|
Statistics |
2 years |
_gid
|
Google Analytics cookie used to distinguish users
|
Statistics |
24 hours |
_gat
|
Used to throttle the Google Analytics request rate
|
Statistics |
1 minute |
AMP_TOKEN
|
Contains a token that can be used to retrieve a client ID from the AMP client ID service. Other possible values indicate opt-out, inflight request, or an error retrieving a client ID from the AMP client ID service.
|
Statistics |
30 seconds to one year |
gac<property-id>
|
Contains campaign-related information for the user. When Google Analytics and Google Ads accounts are linked, this cookie is read by Google Ads website conversion tags.
|
Statistics |
90 days |
Usercentrics
|
For administering permissions to capture and process data and set cookies
|
Required |
3 years |
Newsletter window
|
Remembers when the newsletter window should stop displaying
|
Convenience |
Several years |
uvc
|
AddToAny links for sharing content set a cookie for security reasons
|
Convenience |
24 hours |
LinkedIn
|
Measurement of the performance of ads and campaign
|
Marketing |
90 days |
test_cookie
|
Set by Google on a test basis for checking whether your browser allows cookies to be set. Does not contain any identification attributes.
|
Marketing |
15 minutes |
IDE
|
Contains a randomly generated user ID that enables Google to recognize the user across domains and display personalized advertising.
|
Marketing |
1 year |
gcl_au
|
Contains a randomly generated user ID.
|
Marketing |
90 days |
gcl_aw
|
This cookie is set when a user clicks an ad to go to the corresponding website. It contains information on which ad has been clicked in order to correlate any associated results, such as orders or contact requests, with the ad.
|
Marketing |
90 days |
UserMatchHistory
|
This cookie is used to synchronize the IDs of LinkedIn ads.
|
Marketing |
30 days |
AnalyticsSyncHistory |
This cookie is used to store the time of synchronization with the cookie “lms_analytics” for users in the designated countries. |
Marketing |
30 days |
li_oatml |
This cookie is used to identify LinkedIn members outside of LinkedIn for advertising and analysis purposes outside the designated countries and, for a limited time only, for advertising purposes in the designated countries. |
Marketing |
30 days |
lms_ads |
This cookie is used to identify LinkedIn members outside of LinkedIn in the designated countries for advertising purposes. |
Marketing |
30 days |
lms_analytics |
This cookie is used to identify LinkedIn members in the designated countries for analysis purposes. |
Marketing |
30 days |
li_fat_id |
This LinkedIn cookie is an indirect member identifier used for conversion tracking, retargeting and analytics. |
Marketing |
30 days |
li_sugr |
This cookie is used to identify probabilistic matches of a LinkedIn user's identity outside the designated countries. |
Marketing |
90 days |
U |
This cookie is a browser identifier for LinkedIn users outside the designated countries. |
Marketing |
3 months |
_guid |
This cookie designates LinkedIn members for advertising via Google Ads. |
Marketing |
90 days |
BizographicsOptOut |
This cookie is used to determine opt-out status for tracking by third parties. |
Marketing |
10 years |
visitor_id |
This cookie measures the performance of ads and campaigns. |
Marketing |
10 years |
pi_opt_in |
This cookie is set when tracking has been rejected. |
Marketing |
10 years |
lpv |
This cookie is for measuring the performance of ads and campaigns. |
Marketing |
10 years |
Consent to cookies that are not required for technical reasons can be viewed and changed at any time online on the platform’s consent management platform (CMP).
9. Capture and processing of utilization data
We capture data on use of this website for statistical purposes, for improving our service, for identifying and diagnosing problems with or misuse of our online offering or telecommunications services and systems, and for marketing purposes. What we actually do with this data is described in greater detail in the following sections.
10. Embedded YouTube videos
Videos stored at YouTube are embedded in our website. The provider of the YouTube service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube"). Among other things, YouTube uses cookies to maintain the integrity of video statistics and improve the usability of cookies. Videos stored at YouTube are embedded in our website in “extended data protection mode”. Cookies are only placed on your computer by YouTube if you play a video that is stored at YouTube and embedded in our website. The effect of “extended data protection mode” is that YouTube only saves cookies on your computer that contain no personally identifiable data. You can completely prevent the use of cookies by disabling them in your browser settings.
To the extent that personal data are processed by YouTube, this is done on the basis of a balancing of interests pursuant to Art. 6, Paragraph 1 (f) of the GDPR (with a legitimate interest in appropriately designing our website to meet needs) and/or on the basis of your consent in accordance with Art. 6, Paragraph 1 (a) of the GDPR.
More information on data protection and the use of cookies by YouTube is available in the data privacy policy of YouTube at https://policies.google.com/privacy?hl=en. You can also manage your cookie-related settings there.
11. Social plugins
Our website uses social plugins, i.e. plugins of social media of the provider AddToAny.
For better protection of your data when visiting our website, these plugins are not fully integrated. Instead, they are only inserted with the aid of HTML links (a so-called “Shariff solution”). This prevents a connection being made to the servers of a social media network when you open a page of our website. If you click on one of the buttons, a new window opens in your browser and calls a page of the other service provider’s website, on which you can then (possibly after entering your login data) click the “like” or “share” button, for example.
To the extent that personal data are processed in connection with the use of social plugins, this is done on the basis of a balancing of interests in accordance with Art. 6, Paragraph 1 (f) of the GDPR (with our legitimate interest in designing our website to meet needs).
For information on the purpose and scope of data capture and further processing and use of captured data by other providers on their websites and your rights and possibilities for safeguarding your privacy by changing settings, please consult the data privacy policies of AddToAny (https://www.addtoany.com/privacy) and the social media providers concerned:
12. Google Analytics
12.1 Data capture and its purpose
Our websites use Google Analytics, a web analysis service provided by Google Ireland Limited (https://marketingplatform.google.com/about/analytics/terms/us/) at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). In this context, pseudonymized utilization profiles are created and cookies (see "Cookies") used. Information captured by cookies on your use of this website, such as
- browser type/version,
- operating system,
- referring URL (the previously visited page),
- host name of the accessing computer (IP address), and
- time of the server request,
is transmitted to a Google server in the USA and stored there. The information is used to evaluate use of the website, compile reports on website activity, and provide other services associated with the use of this website and the Internet for market research purposes and for designing these pages to comply with requirements. This information may also be provided to third parties if this is required by law or in order for them to process these data at our request.
We have enabled IP anonymization on this website. This means that Google crops your IP address in member states of the European Union or European Economic Area before sending it to the USA. Only in exceptional cases will the entire IP address first be transmitted to a Google server in the USA and then cropped there. At our request, Google uses this information to evaluate your use of the website, compile reports on website activity, and provide us with other services related to use of this website and the Internet. The IP address transmitted by your browser within the scope of Google Analytics is not merged with any other Google data.
12.2 Opting out of Google Analytics
You may opt out of the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website. These operations will only be carried out if you have provided your explicit consent in accordance with Art. 6, 1 (a) of the General Data Protection Regulation (GDPR).
In addition, you can prevent the data generated by the cookie on your use of the website (incl. your IP address) from being processed by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
Additional information on safeguarding your data in connection with Google Analytics is available on the Google Analytics help page at https://support.google.com/analytics/answer/6004245?hl=de.
12.3 Legal basis
To the extent that personal data are processed in connection with the use of Google Analytics, this is done on the basis of a balancing of interests in accordance with Art. 6, Paragraph 1 (f) of the GDPR (with our legitimate interest in designing our website to meet needs).
13. Google Ads
13.1 Method and purpose of data capture
To measure the success of ads that we place with Google (“Google Ads”, formerly called “Google Adwords”), we use Google Conversion Tracking, an analysis service of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Ads places a “conversion cookie” on your computer if you reach our website via a Google ad. These cookies expire after 30 days and cannot be used to personally identify you. They merely register the fact that you have clicked on one of our ads and consequently been redirected to our website. This tells us the total number of users that have clicked on an ad of ours and been routed to our website. We do not receive any information that could be used to personally identify users.
The personal data that Google captures in this way are also stored and processed on servers in the United States. For more information on data protection at Google, see https://policies.google.com/privacy?gl=de&hl=en.
If you don’t want to participate in this tracking process, you can disable it using the ad settings manager at https://adssettings.google.com/anonymous?hl=en. You can also disable cookies for conversion tracking by setting your browser to block cookies of the “googleadservices.com” domain.
13.2 Legal basis
The legal basis for processing your data is Art. 6, Paragraph 1(f) of the GDPR (a weighing of interests based on our legitimate interest in being able to measure and thus also improve the effectiveness of our online advertising).
14.Google Tag Manager
14.1 Method and purpose of data capture
Our website uses the Google Tag Manager of Google Inc. (Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, "Google"), a cookieless domain that does not capture any personal data.
This tool can be used to implement "website tags" (i.e. tracking code sections that are embedded in the website) and manage them via an interface. The tool also triggers other tags that may in turn also capture data. Google Tag Manager does not access these data. If you opt out of the domain or cookie, this opt-out will also apply to all tracking tags subsequently implemented with Google Tag Manager. These processing activities are only carried out if you have explicitly consented to them in accordance with Art. 6, 1 (a) of the General Data Protection Regulation (GDPR).
To the extent that personal data are processed in connection with the use of Google Analytics, this is done on the basis of a balancing of interests in accordance with Art. 6, Paragraph 1 (f) of the GDPR (with our legitimate interest in designing our website to meet needs).
15. LinkedIn Insight Tag
15.1 Method and purpose of data capture
The so-called Insight Tag of the LinkedIn social network are used on our website. It is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (in the following, “LinkedIn”). The LinkedIn Insight Tag is a short piece of JavaScript code that we have added to our website.
The LinkedIn Insight Tag makes it possible to capture data on visits to our website, including the URL, referring URL, IP address, device and browser attributes, a time stamp and page views. These data are encrypted, anonymized within seven days, and the anonymized data subsequently deleted within 90 days. LinkedIn does not share any data on specific users with us; instead, it provides summarized reports on the website target group as a whole and the performance of ads. LinkedIn also performs retargeting for website visitors, allowing us to use this information to display targeted advertising outside our website without identifying specific members. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
The LinkedIn Insight Tag is used for the purpose of compiling detailed campaign reports and generating information on visitors to our website to support our advertising and marketing activities. As a customer of LinkedIn’s marketing solution, we deploy the LinkedIn Insight Tag to trace conversions, retargeting visitors to our website, and capture additional information on LinkedIn members who view our ads.
For more detailed information on data capture (purpose, scope, further processing and use) and your rights and possibilities for changing settings, please consult the privacy policy of LinkedIn at https://www.linkedin.com/legal/privacy-policy.
15.2 Legal basis for data processing
The legal basis for processing these personal data is Art. 6, Paragraph 1 (f) of the GDPR, and we therefore have a legitimate interest doing so for the above-mentioned purposes.
15.3 Duration of storage
These data are encrypted, anonymized within seven days, and the anonymized data subsequently deleted within 90 days.
16. Usercentrics Consent Management Platform
16.1 Data capture
We are obliged to obtain each website visitor’s consent for setting cookies that are not required for technical reasons. To do this, we make use of a so-called cookie consent tool from the company of Usercentrics.
When you visit our website, a cookie banner is displayed in which you may make checkmarks to consent to cookies or cookie-based applications. No cookies requiring consent are set on your device unless you consent to them.
So that a consent or revocation of consent can be unambiguously associated with a given user, the following information is recorded and relayed to Usercentrics for storage:
- Device information
- Browser information
- An anonymized IP address
- Opt-in and opt-out data
- Date and time of the visit to our website
16.2 Purpose and relay to additional recipients
The purpose of this processing is to obtain the user’s effective consent for cookies and cookie-based applications for which such consent is required. We use the tool of Usercentrics GmbH, Senlinger Strasse 7, 80331 Munich, Germany for this. Usercentrics is active for us as a contract processor, and we have concluded a formal agreement with Usercentrics in which it pledges to treat your data confidentially. To read the data privacy policy of Usercentrics, click on this link: https://usercentrics.com/privacy-policy/ No data of yours are provided to any other recipients or sent to any third countries or international organizations.
16.3 Legal basis
To the extent that cookies are set for technically required data processing for operating our website, this is done on the basis of our legitimate interest in designing our website to meet needs. Any processing of your personal data in connection with providing or revoking your consent takes place on the basis of a legal obligation as per Art. 6, Paragraph 1, Point (c) of the GDPR.
16.4Duration of storage
Consent-related data (on both consent and revocation of consent) are stored for three years.
17. Salesforce
17.1 Data capture and purpose
We use the CRM platform of the provider http://salesforce.com Germany GmbH at Erika-Mann-Strasse 31, 80636 Munich, Germany.
Salesforce is a cloud-based solution for managing customer relationships. Among other things, this enables a structured approach to concluding contracts and documenting this process. In this context, Salesforce receives full access to customer data that are processed by us and stored in the cloud. These data can contain names, addresses, email addresses, and telephone numbers.
We process these data in order to administer and respond to queries by interested parties that contact us, to manage and provide customized digital information offerings, and to serve customers in accordance with their needs. Salesforce works for us as a contract processes and we have concluded an order processing agreement with Sales for this purpose. Salesforce has committed itself to treating your data confidentially.
To the extent that consent has been given to process these data, this is done exclusively on the basis of Art. 6, Para. 1 (a) of the European General Data Protection Regulation (GDPR). The legal basis for our use of Salesforce within the scope of contractual relationships is Art. 6, Para. 1 (b) of the GDPR. In all other cases, the legal basis for processing your personal data is Art. 6, Para. 1 (f) of the GDPR. In the latter case, our legitimate interests are to effectively coordinate internal and external communications and manage customer relationships.
For more information, see Salesforce's privacy policy: https://www.salesforce.com/company/privacy/.
17.2 Legal basis
To the extent that personal data are processed in connection with their use by Salesforce, this is done on the basis of a balancing of interests in accordance with Art. 6, Paragraph 1 (f) of the GDPR (with our legitimate interest in processing requests from interested parties and meeting customers’ needs).
17.3 Duration of storage of personal data
The above-mentioned data are erased as soon as they are no longer required for the purpose for which they were captured. With regard to data captured during the steps preliminary to concluding a contract carrying out precontractual actions, this is the case when the data concerned are no longer needed to fulfill the contract. Also after concluding a contract, it can be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations (e.g. the requirement to retain documents and information of relevance to taxation). We may store data relevant to invoices for up to 10 years. Data are also stored within the scope of the consent you have provided in order to use our digital information services (please refer to the corresponding section) in compliance with the relevant laws.
18. Map services
18.1 Data capture and purpose
This website uses Google Maps: a map service that visually depicts geographical information. Google Maps is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps collects, processes or uses personal data according to its own criteria, and SPINNER GmbH therefore accepts no responsibility for the capture, processing or use of data by Google Maps. Please refer to the terms of use of Google Maps at https://www.google.com/intl/en/help/terms_maps/ and the data privacy policy of Google Maps (Google) at https://policies.google.com/privacy?hl=en. SPINNER GmbH does not receive any data from Google Maps or data that may arise from the use of Google Maps.
18.2 Legal basis
To the extent that personal data are processed by SPINNER in connection with the use of Google Maps or relayed to Google, this is done on the basis of a balancing of interests in accordance with Art. 6, Paragraph 1 (f) of the GDPR (with our legitimate interest in designing our website to meet needs) and/or on the basis of your consent in accordance with Art. 6, Paragraph 1 (a) of the GDPR.
19.Video surveillance at the SPINNER sites in Westerham, Munich and Lauenstein
Some parts of our company’s facilities are continuously monitored by video cameras. The monitored areas are clearly designated by unambiguous signs.
19.1 Purposes for which your personal data are processed and the legal basis for this processing
“Personal data” refers to all information relating to an identified or identifiable natural person. In order to carry out video surveillance, we process personal data of yours for the purposes named in the following on the indicated legal grounds: Exercising legitimate interests for the following purposes: to protect property, defend domiciliary rights, ensure plant security, clarifying cases of theft and incidents relevant to security, using and use recordings as evidence in judicial and extrajudicial proceedings.
The legal basis for video surveillance is Art. 6, Paragraph 1 (f) of the GDPR in conjunction with Section 4, Paragraph 1, Nos. 2 and 3 of the German Federal Data Protection Act.
The monitored areas are clearly designated by unambiguous signs. No automated decision-making with profiling takes place on the basis of your personal data.
19.2 Categories of recipients of personal data
We do not provide or grant access to your personal data to any external parties unless this is necessary to fulfill the purposes for which your personal data are processed or we have contracted other parties to perform certain tasks or provide certain services that require access to these personal data or, at leastas a minimum, if the possibility that they may require such access cannot be ruled out. Currently the external recipients of personal data are the following (at the Westerham site): Bayern Corporate Services GmbH, Arnulfstrasse 50, 80335 Munich, Germany.
In addition, your personal data are communicated to government offices or authorities to the extent that we are required to provide such information by law, by order of a government authority, or by a court decision in order to investigate criminal acts perpetrated against us. In such a case, the legal basis for processing your personal data is the prosecution of criminal acts in the sense of Section 4, Paragraph 3 of the German Federal Data Protection Act.
19.3 Relaying data to recipients in third countries or to an international organization
Your personal data will not be relayed to any recipients in third countries or any international organizations.
19.4 Duration of storage of personal data
Your personal data will only be stored for as long as they are required for purposes for which they were captured. Depending on the site, this can be up to 120 hours. Your personal data will only be kept stored for longer than that if we are required to do so by law, by order of an authority, or by a court decision in order to investigate criminal acts. In such a case, the legal basis for processing your personal data is the prosecution of criminal acts pursuant to Section 4, Paragraph 3 of the German Federal Data Protection Act.
20. Protection of your personal data
SPINNER GmbH protects your personal data from unauthorized access, use or publication. For this purpose, SPINNER GmbH takes appropriate technical precautions based on the current state of the art in technology. If you need to enter account or credit card information in order to make payment, this is stored exclusively with the contracted PCI-DSS-certified payment service provider and not with us. However, SPINNER GmbH calls your attention to the fact that data transmission over the Internet (e.g. when communicating by email) may suffer from security issues. It is therefore not possible to guarantee that all of your personal data will be absolutely safe from unauthorized access by third parties.
Apart from this, we strongly advise you to also protect yourself, for example by keeping your passwords secret.
21. Your rights
As a “data subject” in the sense of the GDPR, you have the following rights:
- Right of access as per Art. 15 of the GDPR:You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed and, if this is the case, access to the personal data and other information concerning them.
- Right to rectification as per Art. 16 of the GDPR:You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you.
- Right to erasure as per Art. 17 of the GDPR: You have the right to obtain from the controller the erasure of personal data concerning you without undue delay.
- Right to restriction of processing as per Art. 18 of the GDPR: You have the right to obtain from the controller the restriction of processing of personal data concerning you.
- Right to access as per Art. 20 of the GDPR: You have the right to receive from the controller the personal data concerning you that have been processed via our website in a structured, commonly used and machine-readable format.
- Right to withdrawal as per Art. 7, Paragraph 3 of the GDPR: You have the right to non-retroactively withdraw, at any time and free of charge, the consent you that have given under Art. 6, Paragraph 1 (a) of the GDPR to process personal data of yours that have been obtained via our website. This will not retroactively affect the lawfulness of any processing of your personal data that has taken place with your consent prior to exercising your right of withdrawal.
- Right to object as per 21 of the GDPR: If data are processed on the basis of Art. 6, Paragraph 1 (e) or (f) of the GDPR, you have the right to object at any time against the processing of your personal data for reasons arising from your particular situation.
Exercising your rights to erasure, restriction of processing, objection or withdrawal can prevent you from fully taking advantage of our website.
You can directly exercise any of your above-mentioned rights as a data subject by writing a letter to SPINNER GmbH, Erzgiessereistrasse 33, 80335 Munich, Germany or sending an email to . We will then immediately confirm in writing that you have done so and comply with your wishes. It is not sufficient to notify us by phone.
- The right to lodge a complaint with a supervisory authority in accordance with Art. 77 of the GDPR: if you as an affected individual consider that the processing of personal data relating to you via our website violates the GDPR, you have the right to lodge a complaint with the responsible supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
Responsible supervisory authority in Bavaria: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27, 91522 Ansbach, Germany, phone: +49 (0) 981 18 00 93-0, fax: +49 (0) 981 18 00 93-800, email: poststelle(at)lda.bayern(dot)de.
Please note that these rights only apply if certain other legal prerequisites are met.
This data protection information reflects the situation as of June 2022.