Privacy policy

Table of contents

Introduction

Data controller and Data Protection Officer

Terminology

Information on data processing

Automated data processing (log files, etc.)

Use of cookies (general, functionality, opt-out links, etc.)

Web analysis and optimisation

Google Analytics

Online marketing

Google Tag Manager

Google AdWords and conversion measurement

Social media presence

Instagram

Facebook

Twitter

YouTube

Online conferences, meetings and webinars

Microsoft Teams

Newsletter and broad-based communication

Emarsys eMarketing Systems AG

Competitions and prize draws

Information obligations customers and suppliers

Contact

Online shop

Data transmission

Storage duration

Automated decision-making

Legal basis

Rights of data subjects

Revocation

External links

Modifications

Introduction

Thank you for visiting our website. SPAX International GmbH & Co. KG (hereinafter referred to as "SPAX", "SPAX International", "we" or "us") places great importance on the security of users' data and compliance with data protection regulations. Below, we would like to inform you about the processing of your personal data on our website.

Data controller and Data Protection Officer

Data controller:
SPAX International GmbH & Co. KG
Kölner Straße 71-77
58256 Ennepetal
Tel.: +49 2333 799-0
E-mail: info@spax.com

External Data Protection Officer:
DDSK GmbH
Mr Stefan Fischerkeller
Tel.: +49 7542 949 21 - 01
E-mail: datenschutz@spax.com

Terminology

The technical terms used in this privacy statement are to be understood as is legally defined in Art. 4 GDPR.

Information on data processing

Automated data processing (log files, etc.)

Our website can be visited without the active entry of personal details by users. However, every time our website is accessed, we automatically store access data (server log files), such as the name of the Internet service provider, operating system used, the website from which the user visits us, the date and duration of the visit or the name of the requested file, as well as the IP address of the end device use for security reasons, such as to detect attacks on our website, for a period of 7 days. This data is only evaluated for the improvement of our offer and does not allow any conclusions to be drawn about the identity of the user. This data is not merged with other data sources. The legal basis for the processing of this data is Art. 6 Para. 1 f) GDPR. We process and use the data for the following purposes: 1. Website provision, 2. The improvement of our websites and 3. The prevention and detection of errors/malfunctions and misuse of the website. Processing is carried out to pursue legitimate interests in ensuring the functionality and error-free and secure operation of the website as well as adapting the website to the requirements of users.

Use of cookies (general, functionality, opt-out links, etc.)

In order to make visiting our website an attractive experience and to enable the use of certain functions, we use so-called cookies on our website. The use of cookies serves our legitimate interest in making your visit to our website as pleasant as possible and is based on Art. 6 Para. 1 f) GDPR. Cookies are a standard Internet technology used to store and retrieve login and other usage information for all users of the SPAX website. Cookies are small text files that are stored on your end device. Among other things, they enable us to save user settings so that our web pages can be displayed in a format tailored to your device. Some of the cookies used by us are deleted once the browser session has ended, in other words, after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies to recognise your browser on your next visit (so-called permanent cookies).

The browser can be set to inform the user about the setting of cookies to enable them to decide individually whether to accept or exclude them, both in specific cases and in general. Cookies can also be deleted afterwards in order to remove data that the website has stored on the user's computer. Deactivating cookies (opting out) may lead to some restrictions in the functionality of our website.

Data subject categories:

Website visitors, online service users

Opt out:

- Internet Explorer:

https://support.microsoft.com/de-de/help/17442

- Firefox:

https://support.mozilla.org/de/kb/cookies-informationen-websites-auf-ihrem-computer?redirectlocale=en-US&redirectslug=Cookies

- Google Chrome:

https://support.google.com/chrome/answer/95647?hl=de

- Safari:

https://support.apple.com/de-de/HT201265

Legal basis:

Consent (Art. 6 Para. 1 a) GDPR); legitimate interests (Art. 6 Para. 1 f) GDPR)

The relevant legal basis in each case is specifically provided with the corresponding tool.

Legitimate interests:

Storage of opt-in preferences, website presentation, ensuring website functionality, maintaining user status throughout entire website, recognition for next website visitor, user-friendly online provision, ensuring chat function

Web analysis and optimisation

In order to enable us to evaluate visitor flows on our website, we use tools for web analysis and reach measurement. For this purpose, we collect information about the behaviour, interests and demographics of our visitors, such as age, gender, etc. This helps us to identify when our online provision, its functions or content are most visited or invite repeat visits. We can also use the information collected to determine whether our online offering requires optimisation or adaptation.

The information collected for this purpose is stored in cookies or used in similar procedures and is used for range measurement and optimisation. The data stored in the cookies may include the content viewed, websites visited, settings and the functions and systems used. However, no clear user data is processed for the purposes described. In this case, the data is modified in such a way that the actual identity of users is not known to us or the provider of the tool used. Data modified in this way is often stored in user profiles.

Data subject categories:

Website visitors, online service users

Data categories:

User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), contact details (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, videos)

Purposes of processing:

Website analysis, reach measurement, utilisation and evaluation of website interaction, lead evaluation

Legal basis:

Consent (Art. 6 Para. 1 a) GDPR)

Legitimate interests:

Optimisation and further development of the website, profit increase, customer loyalty and acquisition

Google Analytics

Service used:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy:

https://policies.google.com/privacy

Opt-out link:

https://tools.google.com/dlpage/gaoptout?hl=de

Legal basis:

Consent (Art. 6 Para. 1 a) GDPR)

Online marketing

In order to continuously increase our reach and enhance awareness of our online provision, we process personal data within the framework of online marketing, in particular with regard to potential interests and the measurement of the effectiveness of our marketing measures.

For the purpose of measuring the effectiveness of our marketing measures and identifying potential interests, relevant information is stored in cookies or similar procedures are used. The data stored in the cookies may include the content viewed, websites visited, settings and the functions and systems used. However, no clear user data is processed for the purposes described. The data is modified in such a way that the actual identity of users is not known to us or the provider of the tool used. Data modified in this way is often stored in user profiles.

If user profiles are stored, the data may be read out, supplemented and added to on the server of the online marketing provider when another online provision that uses the same online marketing procedure is visited.

We can determine the success of our adverts using summarised data made available to us by the online marketing provider (so-called conversion measurement). These conversion measurements help us to understand whether a marketing measure led to a purchase decision by a visitor to our online provision. This evaluation serves to analyse the success of our online marketing.

Data subject categories:

Website visitors, online service users, interested parties, communication partners, business and contractual partners

Data categories:

User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), location data, contact details, content data (e.g. text entries, photographs, videos)

Purposes of processing:

Marketing (partly also interest-based and behavioural), conversion measurement, target group formation, click tracking, marketing strategy development and campaign efficiency improvement

Legal basis:

Consent (Art. 6 Para. 1 a) GDPR); legitimate interests (Art. 6 Para. 1 f) GDPR)

Legitimate interests:

Optimisation and further development of the website, profit increase, customer loyalty and acquisition

Google Tag Manager

Service used:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy:

https://policies.google.com/privacy

Opt-out link:

https://tools.google.com/dlpage/gaoptout?hl=de

Legal basis:

Legitimate interest (Art. 6 Para. 1 f) GDPR)

Legitimate interests:

Coordination of various tools, management, ease of use and presentation

Google AdWords and conversion measurement

Service used:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy:

https://policies.google.com/privacy

Opt-out link:

https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Legal basis:

Consent (Art. 6 Para. 1 a) GDPR)

Social media presence

We maintain an online presence on social networks and careers platforms in order to exchange information with the registered users there and enable simple contact with us.

Some user data on social networks is used to conduct market research and thus pursue advertising purposes. User behaviour, such as the specification of interests, can be used to create and use user profiles in order to adapt adverts to the interests of target groups. For this purpose, cookies are regularly stored on users' end devices, partly regardless of whether they are registered users of the social network.

Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This may result in risks for users, for instance, because it makes the enforcement of their rights more difficult.

Data subject categories:

Registered users and non-registered users of the social network

Data categories:

Master data (e.g. name, address), contact details (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interests, access times), meta and communication data (e.g. device information, IP address)

Purposes of processing:

Range expansion, networking

Legal basis:

Legitimate interests (Art. 6 Para. 1 f) GDPR), consent (Art. 6 Para. 1 a) GDPR)

Legitimate interests:

Interaction and communication on social media, profit increase, target group insights

Instagram

Service used:

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Privacy policy:

https://help.instagram.com/519522125107875 and https://www.facebook.com/about/privacy

Opt-out link:

https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/

Facebook

Service used:

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Privacy policy:

https://www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/page_controller_addendum

Opt-out link:

https://www.facebook.com/settings?tab=ads

Twitter

Service used:

Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland

Privacy policy:

https://twitter.com/de/privacy

Opt-out link:

https://help.twitter.com/de/rules-and-policies/twitter-cookies#privacy-options

YouTube

Service used:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy:

https://policies.google.com/privacy?hl=de&gl=de

Opt-out link:

https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Online conferences, meetings and webinars

We make use of the possibility to hold online conferences, meetings and/or webinars. For this purpose, we use the services of other carefully selected providers.

When actively using such provisions, data from communication participants is processed and stored on the servers of the third parties used, insofar as this data is required for the communication process. Usage and meta data may also be processed in this procedure.

Data subject categories:

Participants in the corresponding online provision (conference, meeting, webinar)

Data categories:

Master data (e.g. name, address), contact details (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, videos), meta and communication data (e.g. device information, IP addresses)

Purposes of processing:

Processing queries, increasing efficiency, promoting cross-company and cross-location collaboration

Legal basis:

Consent (Art. 6 Para. 1 a) GDPR)

Microsoft Teams

Service used:

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Privacy policy:

https://privacy.microsoft.com/de-de/privacystatement

Opt-out link:

https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings

Legal basis:

Consent (Art. 6 Para. 1 a) GDPR)

Newsletter and broad-based communication

Our online provision offers users the option of subscribing to our newsletter or any notifications via various channels (hereinafter referred to as newsletters). Within the scope of legal regulations, we only send newsletters to recipients who have consented to receiving the newsletter. We use a carefully selected service provider to send our newsletter.

An e-mail address is required in order to subscribe to one of our newsletters. If necessary, we collect additional data, such as the recipient's name, in order to personalise the address in our newsletter.

Our newsletter is only sent after the so-called double opt-in procedure has been completed. If visitors to our online provision decide to subscribe to our newsletter, they will receive a confirmation e-mail, which serves to prevent the misuse of false e-mail addresses and exclude the possibility of newsletter subscription through accidental clicking. You can unsubscribe from our newsletter at any time with future effect. An opt-out link is provided at the bottom of every newsletter.

We are also obliged to provide proof that our subscribers want to receive the newsletter. For this purpose, we collect and store the IP address and time of subscription and unsubscription.

User categories:

Newsletter subscribers

Data categories:

Master data (e.g. name, address), contact details (e.g. e-mail address, telephone number), meta and communication data (e.g. device information, IP address), usage data (e.g. interests, access times)

Purposes of processing:

Marketing, customer loyalty and new customer acquisition

Legal basis:

Consent (Art. 6 Para. 1 a) GDPR)

Emarsys eMarketing Systems AG

Service used:

Emarsys eMarketing Systems AG, Hans-Fischer-Strasse 10, 80339 Munich, Germany

Privacy policy:

https://emarsys.com/de/datenschutzrichtlinie/

Competitions and prize draws

We use our online presence to hold prize draws and/or competitions. As part of this, we process participants' data as required for the implementation of the corresponding promotion. This also includes data which we require in order to inform the winner and send the prize.

Depending on the type of promotion, participants' entries or information about them may be published, for instance, when reporting on the corresponding promotion or if the competition involves voting on participant entries. The data we process in individual cases depends on the specific promotion and the data we receive from the participant.

Data subject categories:

Promotion participants

Data categories:

Master data (e.g. name, address), contact details (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, videos)

Purposes of processing:

Competition execution incl. prize distribution and announcement of winner via various media channels

Legal basis:

Consent (Art. 6 Para. 1 a) GDPR)

Information obligations customers and suppliers

Source of Data Collection

We process personal data that we have collected directly from you.

Insofar, as this is necessary for the provision of our services, we process personal data that has been legitimately obtained from other companies or other third parties (e.g. credit agencies, address publishers). In addition, we process personal data that we have legitimately collected, received or acquired from publicly available sources (such as telephone directories, trade and association registers, population registers, debtor registers, land registers, press, Internet and other media).

Data Categories

Relevant categories of personal data may include, in particular:

  • Personal data (e. g. name, occupation/industry and similar data)
  • Contact data (address, e-mail address, telephone number and similar data)
  • Data about your use of the telemedia offered by us (e.g.time of accessing our websites, apps or newsletters, our pages/links clicked on or entries and similar data)
  • Creditworthiness data

Purposes and Legal Basis for Processed Data

We process personal data in accordance with the provisions/regulations of the General Data Protection Regulation (GDPR), the new version of the Federal Data Protection Act of Germany (BDSG-neu) and other applicable data protection regulations (details below). Which data are processed in detail and how they are used depends largely on the services requested or agreed/settled in each case. Further details or additions for the purposes of data processing can be found in the respective contractual documents, forms, a declaration of consent and/or other information provided to you (e.g in the context of the use of our website or our general terms and conditions).

Purposes for the Performance of a Contract or Pre-Contractual Measures (Art. 6 (1) b GDPR)

The processing of personal data takes place to fulfill our contracts with you and to carry out your orders as well as measures and activities within the framework of pre-contractual relationships, e. g. with interested parties. This essentially includes: contract-related communication with you, the corresponding billing and associated payment transactions, the traceability of orders and other agreements as well as quality control through appropriate documentation, measures to monitor and optimize business processes and to fulfill general duties of care, control and monitoring by affiliated companies; statistical evaluations for corporate control, cost recording and controlling, reporting, internal and external communication, emergency management, accounting and tax assessment of operational services, risk management, assertion of legal claims and defence in the event of a legal dispute; guarantee of IT security (e.g. system or plausibility tests) and general security, securing and exercising the right of admission (e.g. through access controls); guarantee of integrity, authenticity and availability of data, prevention and investigation of criminal offences and monitoring by supervisory bodies or control bodies (e.g. audit).

Purposes Within the Scope of a Legitimate Interest of Us or Third Parties (Art. 6 (1) f GDPR)

Beyond the actual performance/fulfilment of the contract or preliminary contract, we process your data to pursue our own legitimate interests or those of a third party, in particular for purposes of

  • advertising or market and opinion research, provided that you have not objected to the use of your data;
  • the testing and optimisation of needs analysis procedures
  • the further development of services and products as well as existing systems and processes
  • the enhancement of our data, including through the use or researching of publicly accessible data
  • statistical evaluations or market analysis; benchmarking
  • the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship
  • the prevention and investigation of criminal offences, if not exclusively for the fulfilment of legal requirements
  • building and system security (e. g. through access controls), if this goes beyond the general duty of care
  • internal and external investigations as well as security checks
  • the preservation and maintenance of certifications of a private law or official nature
  • securing and exercising the right of admission through appropriate measures (such as video surveillance) and to secure evidence of criminal offences and to prevent such
  • the effective and resource-saving conduct of web meetings through the use of Internet-based communication tools.

Purposes in the Context of Your Consent (Art. 6 (1) a GDPR)

Your personal data may also be processed for certain purposes with your consent (e. g. use of your e-mail address for marketing purposes). Regularly, you can withdraw this consent at any time. This also applies to the withdrawal of consents issued to us prior to the GDPR coming into force, i. e. before May 25th, 2018. You will be informed separately of the purpose and consequences of your withdrawal or non-issuance of consent in the corresponding consent text. The withdrawal of consent is generally only effective for the future. Processing that took place before the withdrawal, is not affected, and remains lawful.

Purposes for the Fulfillment of Legal Requirements (Art. 6 (1) c GDPR) or in the Public Interest (Art. 6 (1) e GDPR)

Like everyone who participates in economic activities, we’ re also subject to a large number of legal obligations/regulations. These are primarily statutory requirements (e. g. commercial and tax laws), but also, regulatory or other official requirements. The purposes of the processing may include the fulfilment of fiscal control and reporting obligations, the archiving of data for the purposes of data protection and data security, and the examination by fiscal and other authorities. Furthermore, the disclosure of personal data within the framework of official/judicial measures may become necessary for the purpose of collecting evidence, criminal prosecution or enforcement of civil law claims.

Automated Individual Decision-Making (Including Profiling) (Art. 22 GDPR)

We do not use sole automated decision-making procedures. Nevertheless, if we should use such a procedure in individual cases in the future, we will inform you separately, if this is prescribed by law.

Consequences of Failure to Provide data

In the context of the business relationship, you must provide the necessary personal data for the establishment, execution and termination of the legal transaction and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will not be able to execute the legal transaction with you.

Recipients of Data

Within the EU

Within our institution, the internal departments or organisational units that receive your data are those which require these to fulfil our contractual and legal obligations or within the context of the processing and execution of our legitimate interest. Within our group, your data will be transmitted to certain companies to undertake central data processing tasks (e. g. accounting, disposal of documents, IT support).

Your data will only be passed on to external bodies 

  • in connection with the execution of the contract
  • for the purpose of fulfilling legal requirements according to which we are obliged to provide information, to report or pass on data, or the passing on of data is in the public interest (see Section 2.4)
  • if external service providers process data on our behalf as processors or function providers (e.g. data centres, support / maintenance of EDP/IT applications, archiving, document processing, call centre services, compliance services, controlling, data validation or plausibility checks, data destruction, purchasing / procurement, customer administration, letter shops, marketing, research, risk controlling, billing, telephony, website management, auditing services, credit institutes, print shops or companies for data disposal, courier services, logistics)
  • on the basis of our legitimate interest or the legitimate interest of the third party for the purposes mentioned (e. g. to authorities, credit agencies, debt collectors, lawyers, courts, experts, subsidiaries and bodies and control bodies)
  • if you have given us your consent for transmission to third parties

In addition, we will not share your data with third parties. If we commission service providers as part of the order processing, your data there are subject to the same security standards. Recipients may only use the data for the purposes for which they were provided to them.

Outside the EU

Data is not transferred to bodies in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries).

Storage Periods

We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

In addition, we are subject to various storage and documentation obligations pursuant to, inter alia, the German Commercial Code (HGB) and the German Tax Code (AO). The deadlines for storage and / or documentation specified therein are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship to the end of the calendar year.

Furthermore, special legal regulations may require a longer storage period, e. g. the preservation of evidence within the framework of the legal statute of limitations. Pursuant to Paragraph 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years, but limitation periods of up to 30 years may also apply.

If the data is no longer required for the fulfilment of contractual or legal obligations and rights, they are deleted on a regular basis, unless their – limited – further processing is necessary to fulfil the purposes for a higher legitimate interest. Such an overriding legitimate interest also exists, for example, if erasure is not or only possible with a disproportionate amount of effort due to the special nature of the storage, and processing for other purposes by suitable technical and organizational measures is excluded.

Your Rights

Under certain conditions, you can assert your data protection rights against us.

  • You have the right to receive information from us about your data stored by us pursuant to the rules of Art. 15 GDPR (possibly with restrictions pursuant to Section 34 Federal Data Protection Act of Germany (BDSG-neu))
  • If you so request, we will correct the data stored about you pursuant to Art. 16 GDPR if they are inaccurate or incorrect.
  • If you so desire, we will erase your data pursuant to the principles of Art. 17 GDPR, provided that other legal regulations (e. g. legal storage obligations or the restrictions pursuant to Section 35 Federal Data Protection Act of Germany (BDSG-neu)) or an overriding interest on our part (e. g. to defend our rights and claims) do not oppose this.
  • You may ask us to restrict the processing of your data, taking into account the requirements of Art. 18 GDPR.
  • Furthermore, you may object to the processing of your data pursuant to Art. 21 GDPR, which requires us to stop processing your data. However, this right to object only applies in the event of very special circumstances regarding your personal situation, whereby our company’s rights may conflict with your right to object.
  • You also have the right to receive your data in a structured, common and machine-readable format under the conditions of Art. 20 GDPR or to transmit them to a third party.
  • In addition, you have the right to withdraw the consent to the processing of personal data you granted at any time with future effect (see Section 2.3).
  • You also have a right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

The data protection supervisory authority responsible for us is:

Die Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44, 40102 Düsseldorf
Kavalleriestraße 2-4, 40213 Düsseldorf
Tel.: 0211/384 24 – 0
Fax: 0211/384 24 – 10
E-Mail: poststelle@ldi.nrw.de
Internet: www.ldi.nrw.de 

  • If possible, your applications for the exercising of your rights should be addressed in writing or by e-mail to the above address or directly in writing or by e-mail to our Data Protection Officer.

Contact

On our online provision, we offer users the possibility to contact us directly or request information via various forms of contact.

If a user contacts us, we process their data to the extent necessary to answer or process their request. The processed data may vary depending on how you contact us.

Data subject categories:

Enquirers

Data categories:

Master data (e.g. name, address), contact details (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address)

Purposes of processing:

Query processing

Legal basis:

Consent (Art. 6 Para. 1 a) GDPR), contract fulfilment or initiation (Art. 6 Para. 1 b) GDPR)

Online shop

We offer our customers access to our products via our online shop. Our online shop provides an overview of our product portfolio and offers you the possibility to add your desired products to your shopping basket. The shopping basket function enables you to select a sales partner. By selecting a sales partner, you will be taken to their online shop, where your selection of SPAX products will appear in the shopping basket.

Data subject categories:

Shop visitors

Data categories:

Meta and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interests, access times)

Purposes of processing:

To fulfil contact initiation and execution between shop visitors and sales partners

Legal basis:

Contract initiation and execution (Art. 6 Para. 1 b) GDPR), legitimate interests (Art. 6 Para. 1 f) GDPR)

Legitimate interests:

Simplification of workflows, resource-efficient fulfilment

Data transmission

No transfer of personal data pertaining to visitors of our online provision takes place.

Storage duration

We only store data pertaining to our online visitors for as long as is necessary for the provision of our service or as stipulated by the European Directive legislator or regulator or another legislator of laws or regulations to which we are subject. In all other cases, we delete the personal data after the purpose has been fulfilled, with the exception of data that we must continue to store in order to comply with legal obligations (e.g. if we are obliged to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).

Automated decision-making

We do not use automated or profiling in accordance with Art. 22 GDPR.

Legal basis

The relevant legal basis predominantly results from the GDPR. This is supplemented by national laws of the Member States which may be applicable together with or in addition to the GDPR.

Consent:

Art. 6 Para. 1 a) GDPR serves as the legal basis for processing for which we have obtained consent for a specific processing purpose.

Contract fulfilment:

Art. 6 Para. 1 b) GDPR serves as the legal basis for processing that is required for the fulfilment of a contract to which the data subject is party or for the execution of pre-contractual measures that are implemented at the request of the data subject.

Legal obligation:

Art. 6 Para. 1 c) GDPR serves as the legal basis for processing that is necessary for compliance with a legal obligation.

Vital interests:

Art. 6 Para. 1 d) GDPR serves as the legal basis for processing that is necessary to protect the vital interests of the data subject or another natural person.

Public interest:

Art. 6 Para. 1 e) GDPR serves as the legal basis for processing that is necessary for the performance of a task that is in the public interest or for the execution of a public authority assigned to the data controller.

Legitimate interest:

Art. 6 Para. 1 f) GDPR serves as the legal basis for processing that is necessary to protect the legitimate interests of the data controller or a third party insofar as such interests do not override the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

Rights of the persons concerned

Right to information:

In accordance with Art. 15 GDPR, data subjects have the right to request confirmation of whether we process data that relates to them. They may request information about this data as well as the further information detailed in Art. 15 Para. 1 GDPR and a copy of their data.

Right of deletion:

In accordance with Art. 17 of the GDPR, data subjects have the right to request the immediate deletion of any data relating to them. Alternatively, in accordance with Art. 18 GDPR, they may request that we restrict the processing of their data.

Right to data portability:

In accordance with Art. 20 GDPR, data subjects have the right to request that the data they have provided to us be made available and transferred to another data controller.

Right of complaint:

In accordance with Art. 77 of the GDPR, data subjects also have the right to complain to the supervisory authority responsible for them.

Right of objection:

Insofar as personal data is processed based on legitimate interests pursuant to Art. 6 Para. 1 Sentence 1 f) GDPR, data subjects have the right to object to the processing of their personal data as per Art. 21 GDPR if there are reasons that arise from their particular situation or the objection is to direct advertising. In the latter case, data subjects have a general right of objection, which will be executed by us without specification of a special situation.

Revocation

Some data processing procedures are only possible with the express consent of data subjects. You may revoke any consent already given at any time. To do this, an informal e-mail message to us at datenschutz@spax.com is sufficient. The legality of data processing already carried out before the revocation remains unaffected.

External links

Our website contains links to the online presences of other providers. We hereby emphasise that we have no influence on the content of any linked online provisions or their providers' compliance with data protection regulations.

Modifications

We reserve the right to adapt this data privacy statement at any time in the event of changes to our online provision and in compliance with the applicable data protection regulations in order to ensure that it meets legal requirements

This privacy statement was created by DDSK GmbH

Newsletter

Newsletter

Melden Sie sich jetzt zum SPAX Newsletter an und Sie erhalten in Zukunft aktuelle Neuigkeiten zu SPAX per E-Mail.

Subscribe now

Contact

Kontakt

Nehmen Sie mit uns Kontakt aus.
Gerne beantworten wir Ihre Fragen.

Contact form