Coronavirus: SIBA keeps delivering. More information ….

Privacy policy

I. Name and address of the controller

The controller for the purposes of the General Data Protection Regulation, other national data protection laws of the Member States and other data protection provisions is:

SIBA GmbH
Borker Strasse 20-22
44534 Lünen
Germany

Phone: +49 2306 7001-0
Email: info@siba.de

II. Data protection officer

We have appointed a data protection officer for our company:

TÜV SÜD Akademie GmbH
Westendstraße 160
80339 München / Munich
Germany

E-Mail: datenschutz@siba.de

III. General information on data processing

1. Extent of the processing of personal data

We generally process our users’ personal data only where necessary to provide a functioning website and supply our content and services. We generally do not process a user’s personal data without his or her prior consent unless there are objective reasons why we cannot obtain prior consent and the data processing is permitted under the law.

2. Legal basis for the processing of personal data

The legal basis for processing is General Data Protection Regulation (GDPR) Article 6(1) point (a) if we obtain the data subject’s consent to the processing of personal data.

Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, the legal basis for processing is GDPR Article 6(1) point (b). This also includes processing operations that are necessary in order to take steps prior to entering into a contract.

Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis for processing is GDPR Article 6(1) point (c).

Where the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis for processing is GDPR Article 6(1) point (d).

Where the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for processing is GDPR Article 6(1) point (f).

3. Data erasure and retention period

The personal data of the data subject is erased or blocked once the purpose of the processing ceases to be relevant. The data may be stored for longer if required by regulations, laws or other rules contained in Union or Member State law to which the controller is subject. The data is also blocked or erased upon the expiration of a retention period prescribed by one of the above standards unless continued retention of the data is required in order to enter into or perform a contract.

IV. Website provision and log file creation

1. Description and extent of the data processing

Every time our website is accessed, our system automatically collects data and information from the computer system of the requesting computer.

The following data is collected:

(1)  Information about the browser type and version used

(2)  User’s operating system

(3)  User’s internet service provider (access provider) if this information is transmitted by the provider

(4)  User’s IP address

(5)  Date and time of access

(6)  Websites from which the user’s system reached our internet site (referrer URL)

(7)  Websites accessed by the user’s system from our website

The data is also stored in our system’s log files. We do not store the data together with the user’s other personal data. Unless there is a legal reason, such as a misuse of your site, e.g. the attempt to hack it, the data will be erased automatically after 30 days.

The log data is used exclusively for statistical analyses for the purpose of operating, securing and optimising our website. However, we reserve the right to review the log data at a later date if there are legitimate reasons to suspect illegal use based on concrete evidence. Our legitimate interest is established by the data collection purposes specified above. Under no circumstances do we use the collected data to draw inferences about you.

2. Legal basis for the processing of data

The legal basis for the temporary storage of the data and log files is GDPR Article 6(1) point (f).

3. Purpose of the data processing

The system needs to store the IP address temporarily so that it can deliver the website to the user’s computer. The user’s IP address must be stored for the duration of the session.

The data is stored in log files to ensure the website remains functional. The data also helps us optimise the website and keep our IT systems secure. The data is not analysed for marketing purposes in this connection.

These purposes constitute our legitimate interest in the data processing pursuant to GDPR Article 6(1) point (f).

4. Duration of storage

The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. If the data is collected for the purpose of providing the website, it will be erased when the session is done.

If the data is stored in log files, it will be erased after no more than seven days. It may also be stored for a longer period, however. In this case, the users’ IP addresses will be erased or masked so that they can no longer be traced back to the requesting client.

5. Objection and removal option

We are required to collect the data used in providing our website and to store the data in log files in order to operate the website. The user, in other words, cannot object to our collection and storage of the data.

V. Use of cookies

1. Description and extent of the data processing

Our website uses cookies. Cookies are text files stored in and by the internet browser on the user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a special character string that makes it possible to uniquely identify the browser when it accesses the website again.

We use cookies to make our website more user-friendly. Some elements of our website require us to identify the accessing browser after the user changes pages.

The cookies store and transmit the following data:

(1)  Language settings

(2)  Log-in information

Furthermore, we use cookies on our website that enable us to analyse how users navigate our website.

This may result in the following data being transmitted:

(1)  Search terms entered

(2)  Frequency of page views

(3)  Use of website functions

User data collected in this manner is automatically pseudonymised. Pseudonymisation makes it impossible to trace the data back to the requesting user. This data is not stored together with users’ other personal data.

When users access our website, an info banner informs them that we use cookies for analytical purposes and refers them to this privacy policy. The banner also tells users how to prevent cookies from being installed in their browser settings.

2. Legal basis for the processing of data

The legal basis for the processing of personal data with cookies is GDPR Article 6(1) point (f).

3. Purpose of the data processing

Technically necessary cookies are used to make it easier for users to use websites. Some of our website’s functions cannot be provided without cookies. These functions require the browser to be identified after users change pages.

We need cookies for the following applications:

(1)  Applying language settings

(2)  Remembering search terms

User data collected by technically necessary cookies is not used to create user profiles.

Analytical cookies are used to improve the quality of our website and its content. They tell us how our website is used and enable us to continually improve it.

These purposes constitute our legitimate interest in processing the personal data pursuant to GDPR Article 6(1) point (f).

4. Duration of storage, objection and removal option

Cookies are stored on the user’s computer and are sent by the computer to our server. That means you, the user, have full control over how cookies are used. You can disable cookies or restrict how they are shared in your web browser settings. Cookies already on your computer can be deleted at any time either manually or automatically. However, if you disable cookies for our website, you may not be able to use our website’s full functionality.

VI. Newsletter

1. Description and extent of the data processing

If you provide your e-mail address when purchasing goods or services from us, we may use this e-mail address later to send you a newsletter. The newsletter will only contain direct marketing for similar goods or services that we provide.

We do not transmit data to third parties in connection with data processing for newsletter distribution. The data is only used to send out the newsletter.

2. Legal basis for the processing of data

The legal basis for sending out the newsletter following the sale of goods or services is German Unfair Competition Act [UWB] § 7(3).

3.      Purpose of the data processing

The user’s e-mail address is collected for the purpose of delivering the newsletter.

4. Duration of storage

The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. The user’s data, in other words, will be stored for as long as the newsletter subscription is active.

5. Objection and removal option

A newsletter subscriber can cancel his or her subscription at any time. There is an unsubscribe link in every newsletter.

VII. E-mail contact

1. Description and extent of the data processing

We can be contacted using the e-mail addresses [Hv1] we have provided. We will store any personal data of the user that is transmitted with his or her e-mail.

We do not share the data with third parties in this context. The data is only used to process the conversation.

2. Legal basis for the processing of data

The legal basis for the processing of data is GDPR Article 6(1) point (a) as long as the user’s consent has been obtained.

The legal basis for the processing of data transmitted with an e-mail is GDPR Article 6(1) point (f). If the e-mail is sent for the purpose of entering into a contract, the additional legal basis for the processing is GDPR Article 6(1) point (b).

3. Purpose of the data processing

We process personal data entered in the contact form solely for processing the initial contact. If we are contacted by e-mail, this will constitute our necessary legitimate interest in processing the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to keep our IT systems secure.

4. Duration of storage

The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. Personal data entered in the contact form or provided with an email is no longer needed for this purpose when the conversation with the user is over. The conversation is over when the circumstances indicate that the matter has been finally settled.

Personal data that was additionally collected during the sending process will be deleted after no more than seven days.

5. Objection and removal option

Users may withdraw their consent to the processing of their personal data at any time. If a user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. We cannot continue the conversation in this case.

You can notify us of your withdrawal at any time by sending us a letter in the post or by sending an e-mail to info@siba.de.

All the personal data stored when we were contacted will then be deleted.

VIII. Web analytics by Matomo (formerly PIWIK)

1. Extent of the processing of personal data

Our website uses Matomo (formerly PIWIK), an open source software tool to analyse how users navigate websites. The software stores a cookie on the user’s computer (see above for cookies). If the user accesses individual pages of our website, the cookie stores the following data:

(1)  Two bytes of the IP address of the user’s requesting system

(2)  The website that was accessed

(3)  The website from which the user accessed the website (referrer)

(4)  The pages that were accessed on the website

(5)  Length of stay on the website

(6)  Frequency of visits to the website

The software runs exclusively on our website servers. Users’ personal data is only stored on these servers. The data is not transmitted to third parties.

The software is set to not store the IP addresses completely but to mask 2 bytes of the IP address (e.g.  192.168.xxx.xxx). This makes it impossible to trace the truncated IP address back to the requesting computer.

2. Legal basis for the processing of personal data

The legal basis for the processing of the users’ personal data is GDPR Article 6(1) point (f).

3. Purpose of the data processing

Processing the users’ personal data enables us to analyse how users navigate our website. By analysing the data, we can gather information on how individual components of our website are used. This helps us to constantly improve our website and make it more user-friendly. These purposes constitute our legitimate interest in processing the data pursuant to GDPR Article 6(1) point (f). The users’ interest in the protection of their personal data is given due regard by anonymising the IP address.

4. Duration of storage

The data is erased as soon as it is no longer required for our record keeping purposes, i.e. after 24 months in our case.

5. Objection and removal option

Cookies are stored on the user’s computer and are sent by the computer to our server. That means you, the user, have full control over how cookies are used. You can disable cookies or restrict how they are shared in your web browser settings. Cookies already on your computer can be deleted at any time either manually or automatically. However, if you disable cookies for our website, you may not be able to use our website’s full functionality.

We give website users the ability to opt out of analytics by clicking this link. This stores another cookie on your system that instructs our system not to store the user’s data. If the user deletes this cookie from his or her own system, the opt-out cookie must be set again.

Click the following link for more information about privacy settings in Matomo: https://matomo.org/docs/privacy/.

IX. Rights of the data subject

The following is a list of all the rights that data subjects have under GDPR. Rights of no relevance to our website do not need to be named. The list may be shortened for that reason.

Any time that your personal data is processed, you are a data subject for the purposes of the GDPR and have the following rights with respect to the controller:

1. Right of access

You have the right to have the controller confirm whether we are processing personal data relating to you.

If we are processing this data, you can request the following information from the controller:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data concerned;

(3) the recipients or categories of recipient to whom the personal data relating to you has been or will be disclosed;

(4) the envisaged period for which the personal data relating to you will be stored, or, if this is not possible, the criteria used to determine that period;

(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data relating to you or to object to such processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) any available information as to the source of the personal data where the data is not collected from the data subject;

(8) the existence of automated decision-making, including profiling, referred to in GDPR Article 22(1) and (4) and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to ask whether your personal data is being transferred to a third country or international organisation. If so, you may demand to be informed about the appropriate safeguards set out in GDPR Article 46 relating to the transfer.

2. Right to rectification

You may demand that the controller rectify or complete incorrect or incomplete personal data relating to you. The controller must rectify the data without undue delay.

3. Right to restriction of processing

You may demand that the processing of your personal data be restricted under the following circumstances:

(1) you contest the accuracy of your personal data, for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but you need the data for the establishment, exercise or defence of legal claims;

(4) you have objected to processing pursuant to GDPR Article 21(1) pending the verification whether the legitimate grounds of the controller override your legitimate grounds.

Where processing of the personal data relating to you has been restricted, such data must – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If restriction of processing has been obtained pursuant to the above requirements, you will be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Duty of erasure
You have the right to obtain from the controller the erasure of personal data relating to you without undue delay and the controller has the obligation to erase such data without undue delay where one of the following grounds applies:

(1) the personal data relating to you is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

(2) you withdraw consent on which the processing is based according to GDPR Article 6(1) point (a) or Article 9(2) point (a) and where there is no other legal ground for the processing;

(3) you object to the processing pursuant to GDPR Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to GDPR Article 21(2);

(4) the personal data relating to you has been unlawfully processed;

(5) the personal data relating to you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(6) the personal data relating to you has been collected in relation to the offer of information society services referred to in GDPR Article 8(1).

b) Information provided to third parties
Where the controller has made the personal data relating to you public and is obliged pursuant to GDPR Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.

c) Exceptions
The right to erasure does not exist where processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with GDPR Article 9(2) point (h) and (i) and Article 9(3);

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with GDPR Article 89(1) in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) for the establishment, exercise or defence of legal claims.

5. Right to be informed

Where you have exercised the right to request from the controller rectification or erasure of data or restriction of processing, the controller shall communicate any rectification or erasure of data or restriction of processing to each recipient to whom the personal data relating to you has been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to obtain information regarding these recipients from the controller.

6. Right to data portability

You have the right to receive the personal data relating to you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

(1) the processing is based on consent according to GDPR Article 6(1) point (a) or GDPR Article 9(2) point (a) or on a contract in accordance with GDPR Article 6(1) point (b) and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others shall not be adversely affected hereby.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data relating to you which is based on GDPR Article 6(1) point (e) or (f), including profiling based on those provisions.

The controller shall no longer process the personal data relating to you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data relating to you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data relating to you shall no longer be processed for such purposes.

In the context of the use of information society services – and notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects relating to you or similarly significantly affects you. This shall not apply if the decision

(1) is necessary for entering into, or performance of, a contract between you and the controller;

(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests; or

(3) is made with your explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in GDPR Article 9(1) unless GDPR Article 9(2) point (a) or (g) applies and suitable measures to safeguard your rights and freedoms and your legitimate interests are in place.

In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to GDPR Article 78.

X Plug-ins und Tools

1. Leadinfo

We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP-addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services. For additional information, please visit www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo”.