Privacy policy


1. Privacy Statement for website


1.1 Introduction


Thank you very much for visiting our website. Your data privacy is important to us and we do our best to protect your personal data when you visit our website.


Personal data is all the information we receive about the personal and factual situation of a natural person. We will use any personal data collected on our website exclusively for our own purposes.


1.2 Legal basis for data processing


We process your data on the legal basis of Art. 6 of the EU General Data Protection Regulation. Depending on the context of processing your data, different legal bases may apply in the individual case.


Consent


As far as we asked you to give your consent to the processing of your personal data, we will process your data on the legal basis of Article 6 l a) GDPR. You can revoke your consent at any time with effect for the future.


Contract


Your personal data which was collected for the performance of a contract to which you are a party will be processed on the legal basis of Article 6 I b) GDPR. This also applies to processing necessary to take steps prior to entering into the contract.


Legal obligation


As far as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, we will process your data on the legal basis of Article 6 I c) GDPR.


Vital interests


If processing personal data is necessary to protect your vital interests or the vital interests of another natural person, we will process your data on the legal basis of Article 6 l d) GDPR.


Legitimate interest:


If processing is necessary for the purposes of the legitimate interests of our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, we will process your data on the legal basis of Article 6 I f) GDPR. Our company’s legitimate interest is the pursuit of our business activities.


Employment relation


According to Article 88 General Data Protection Regulation (GDPR) in connection with Section 26 German Data Protection Act (BDSG), employees’ personal data is processed in the employment context, in particular for the purposes of the recruitment, the performance of the contract of employment, including discharge of obligations laid down by law or by collective agreements, for the purposes of the exercise and enjoyment, on an individual or collective basis, of rights and benefits related to employment, and for the purpose of the termination of the employment relationship.


1.3 Rights of the data subject


In the frame of our data processing, we will process your personal data. You are entitled to the rights detailed in Chapter III of the GDPR vis-à-vis our company.


You have the right to


– information to be provided


– rectification


– erasure


– restriction of processing


– notification obligation regarding rectification, erasure, or restriction of processing


– data portability


– object


You furthermore have the right to lodge a complaint with a supervisory authority.


1.4 Web server logs


In the frame of your use of our internet presence, the information about the connection is saved to the server log files. 


This information comprises:


• IP address of the calling system


• Browser information, e.g. the operating system you are using, and your screen resolution


• Visited website


• Website from which the request for our website originated


• Time of call-up


The web server logs are processed for security purposes only.


We use the log data exclusively for statistical evaluations for the purpose of operation, security, and optimization of our website presence. However, we reserve the right to subsequent examination of the log data if there are concrete indications giving rise to justified suspicion of illegal use.


1.5 Cookies


This website uses cookies. Cookies are small text files that can be stored on your end device. When the website is called up, the cookies may be read out from the website, transmitted and changed. We only use cookies with random, pseudonymized identification numbers. These identification numbers are used to assess the way you are using our website. At no time is the user profile assigned to the name of a natural person. If you use special functions (e.g. the shopping cart or the “Remain logged in” function) on our website, cookies will be used for these functions as well. 


You can object against our placement of cookies at any time by changing your internet browser settings accordingly. Placed cookies may be deleted. Please note that you may no longer be able to fully use all functions of our website when cookies are disabled.


Please refer to the more detailed information in this Privacy Statement to learn about the functions of the different cookies.


Note: If you delete your cookies, the disabling cookie of the respective service will be deleted as well; you may have to enable it once more when you visit our website next.


1.6 Google Analytics


This website uses Google Analytics, a web analysis service by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files saved on your computer which allow for an analysis of your use of our website. The information generated by the cookie about how you use the website is usually transmitted to a Google server in the USA and stored there. In the member states of the European Union or in other contracting states of the Treaty on the European Economic Area, however, if the IP anonymization is enabled on this website, Google sets the last bits of your IP address to zero before sending it to the USA. Only in exceptional cases will Google transmit the full IP address to its server in the USA and set the last bits to zero there. Acting on the instructions of the operator of this website, Google will use this information to analyze your use of our website, to generate reports on the website activities, and to provide other services to the website operator related to the utilization of the website and the Internet. The IP address transmitted by your browser in the context of Google Analytics will not be combined with other Google data. You can prevent saving of the cookies by setting your browser software accordingly; however, please note that in this case you may not be able to fully use all the functions of our website.


 


The legal basis for our data collection using the Google Analytics software is your consent according to Article 6 para. 1 a) GDPR, which you can revoke at any time with effect for the future as described above.


Your data will be erased automatically after 14 months. Data whose retention period has been reached is automatically erased once a month.


For more information on Google Analytics and data protection, please go to:


policies.google.com/privacy


1.7 Contact form


Use the contact form to send us data of any kind. The data will be forwarded from our web server via mail to our company’s email inbox. Please note that communication via the contact form is not encrypted. For your own benefit, please be sure to use a secure channel to forward confidential communication.


Please also note the requirement of data minimization. It is only permitted to collect and process the data that is absolutely required. For this reason, mark the fields “Firm” and “Telephone” in your contact form as optional.


1.8 Contact via email or telephone


If you contact us via email or telephone, we will use the personal data you disclosed to us by means of making this contact only for replying to your inquiry. You can object at any time to the processing of your personal data. Please note that we will be unable to answer your inquiry in this case.


1.9 Newsletter and events


In case you have provided your personal data, such as your surname, first name, e-mail address, etc., for the purpose of receiving our newsletters or invitations to events, we will use the data to send you information in accordance with the registration.


With your log in or registration, we store your IP address and the date of registration. This storage serves as proof in the case that a third party misuses an e-mail address and registers without the knowledge of the authorized person.


You can unsubscribe from the newsletter at any time free of charge by using the unsubscribe link , which we enclose in every newsletter.


When sending the newsletter, we evaluate your user behaviour. For evaluation purposes, the e-mails sent contain so-called "web beacons". These are pixel-sized files that are retrieved from the server of our service provider when the newsletter is opened. For evaluation purposes, the above-mentioned access data and the web beacons are linked to your e-mail address and an individual ID.


The following data is collected:


• E-mail address


• Opening of the newsletter


• Time of opening the newsletter


• Opening of links provided in the newsletter


If you have voluntarily provided us with further data as part of your registration for the newsletter or by other means, this data will also be processed together with the above-mentioned data.


• Salutation


• First name


• Surname


• Company name


• Your telephone number


• IP Address


• Login and confirmation time


• Location


By requesting our newsletter, you consent to the above processing of your personal data.


Please note that we can only send you our newsletter with your explicit approval. If you do not agree to the processing of your data to the extent specified in the data protection information and do not give your consent, we will unfortunately not be able to send you our newsletter.


1.10 Online shop


Our website provides a shopping cart as a temporary place to store a list of your purchased items. As long as you stay on our website, a list of your selected items will be saved to a so-called session cookie. After you close the website in your browser, this cookie will be deleted automatically.


We use the "Parts Publisher” tracking software. It records interactions of the users with the web applications “Catalogue Online” and/or “Parts Publisher” and saves the event types to a special tracking database or separated tracking databases.


The analysis is only intended to draw conclusions from the user behavior, determine callup statistics for individual products, classify sales figures according to data, period of time, user or order number, and to take measures for sales promotion or increase of user acceptance if necessary.


The software can log the following data


Login: Allocation of logins per day, week, year


• Login: Distribution of the number of simultaneously logged-in users


• Login: Distribution of the session duration


• Login: List of failed access attempts


• Login: List of most frequently logged-in users


• Shopping cart: List of most frequently selected items


• Shopping cart: List of items most frequently removed from the shopping cart


• Shopping cart: History of the actions taken in respect of a shopping cart


• Shopping cart: Call-up at log-in of the shopping cart saved during the last session


• Shopping cart: Items of the shopping cart in the cart saved during the last session


• Organization: Frequency of aborted organization processes and their allocation to the users


• Order: Frequency of placed orders and their allocation to the users


• Order history: Retention period of orders which were not enabled


• Order history: Frequent archiving/re-archiving/deleting of orders


• Order history: Use of filters


• User management: Users Adding of which / how many new users Deleting which / how many users List of inactive users


• User management: Organization Adding of which / how many new organizations Deleting which / how many organizations


• User management: Addresses Adding / changing / deleting which address is assigned to whom


• User management: Rolls Adding / changing / deleting which roll with which rights


• User management: Rolls List of the organizations / users with the roll ‘xy’


• User management: User characteristics / organization characteristics List of all users/organizations for whom a certain characteristic (e.g. 'local’) has been changed


• Catalog: Assignment of the language selected at catalog call-up


• Catalog: Frequency of navigation via tree, hit list, parts list, drawing


• Catalog: List of most frequently selected modules


• Catalog: Frequency of search for name, parts number etc.; use of quick search


• Catalog: Assignment of number of hits per search


• Catalog: List of terms most frequently searched for


• Catalog: List of elements for which additional information was requested most frequently


• Catalog: List of most frequently indicated documents


• Miscellaneous: Number of navigations per session


• Miscellaneous: Number of researches per session


You can object at any time to the collection of this data.


1.11 Applications


You can apply online for any vacancies offered. In this context, we will process the personal data you disclose to us in your online application. We process this data on the legal basis of Article 88 GDPR in connection with Section 26 German Data Protection Act (BDSG).


Please note: When you click on the job description, a new window will open and you will be forwarded to the concrete job advertisement posted at the website of our service provider Haufe. Please upload your application at this website.


We concluded a contract with this service provider to act as our processor according to Article 28 GDPR.


1.12 Google Maps


For better orientation, our website offers an integrated map provided by Google Inc. via Google Maps API. If you choose to see the map, a connection with the Google server is established and, among other data, your IP address is transmitted to Google. Google may also assess the website visitor’s use of the Google Maps function. Furthermore, Google may write and read cookies. These cookies may be Google user cookies directly linked to you. For more information on Google Maps, refer to the Google privacy statement and terms of use: policies.google.com/privacy


1.13 YouTube videos


Our website offers videos and plugins provided by the service provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. headquartered in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.


As soon as our website shows a video, also a freeze image of a video only, a communication with the YouTube server is established which is used to transmit various data to the service provider. This data includes the IP address of your computer, any cookies already saved to your computer, and information saved during previous contacts with YouTube. If no data has been saved previously, the service provider will save cookies on your computer for the first time. When communication with YouTube is established, the service provider also receives information on a user account you may have with YouTube. Also other information collected during your interaction with the video, e.g. clicking the start, pause, or exit button, is transmitted to the service provider. You can exclude data processing by visiting a web page without videos and deleting all cookies from your computer.


For more information on data processing and on the YouTube privacy statement, go to policies.google.com/privacy


1.14 Video Conferences and Digital Events


We use video conferencing services as part of certain events and/or other services.
The legal basis for the data processing depends on the voluntary and informed consent of the participants of our events. The legal basis for the processing of personal data is then the consent according to Art. 6 I, lit. a) DS-GVO.
To the extent that we process personal data in the context of events, this processing may also be based on Art. 6 I, lit f) DS-GVO. For example, when we evaluate the participation of events with regard to the use of our offers.
We use the solutions of an external provider for the use of a video conferencing service. We have concluded a DS-GVO-compliant contract processing agreement with this provider. In this context, we have also specified that the data collected directly in the context of the online meetings (such as image, sound, conversation content) will be processed within the EU. Insofar as data going beyond this is processed in the USA, we cannot rule out the possibility that US secret services may access this data within the scope of their legal powers. Insofar as you give us your consent to the processing of your personal data in the context of video conferences and/or digital events, you also consent to any access to this data by US secret services.
As a participant of a video conference, you can decide yourself to what extent your audio and video data are processed. If you do not wish this, deactivate your camera and microphone functions on the device you are using to participate. You can also prevent the processing of your real name by using a pseudonym.
Unless you take these measures, when you participate in a video conference, the data you provide, such as your surname, first name, the e-mail address you provide, your company, a password for logging in, if you dial in via telephone - your telephone number, video, audio and text data (if you use the chat function), meeting start-duration-end, date/time of the meeting, IP address of the participating device, will generally be processed.


1.15 Controller


The controller in the sense of Art. 4 No. 7 GDPR is


TOP-WERK GmbH


Freier-Grund-Straße 123
57299 Burbach-Wahlbach, Germany
Telephone: +49 2736 4976 0
Fax: +49 2736 4976 620
Email: info(at)topwerk.com


Legal representatives


Robert Gruss, Jens Müller


Data Security Officer


Oliver Gönner
Rochusstraße 198
53123 Bonn
Phone: +49 228 28614060


Email: [dsb(at)sicoda.de]


Addition to privacy policy for the usage of HubSpot 


We use the integrated software solution HubSpot for our online marketing activities. This covers different aspects of our online marketing, including reporting and contact management.


Personal information will be stored on HubSpot servers and may be used by us to contact users of our website or digital platforms (for example, Virtual TOPWERK) and to determine which products and services of our group of companies may be of interest to visitors. The information that we collect is subject to this privacy policy. The use of this information is exclusively for the purpose of optimising our marketing and sales.


HubSpot is a U.S.-based software company with an office in Ireland and can be reached at 2nd Floor 30 North Wall Quay Dublin 1, Ireland, telephone: +353 1 5187500. HubSpot is certified under the terms of the "https://www.privacyshield.gov/welcome" and is subject to TRUSTe 's Privacy Seal as well as the "U.S. - Swiss Safe Harbor" Framework.


If HubSpot processes personal information outside of the European Union, it may be possible that this information can also be accessed by government agencies, such as secret services. This data access is then no longer under the protection of the General Data Protection Regulation. In particular, such access rights exist by secret services of the USA and other non-European states. If you agree to the processing of your data, this consent also applies to this processing.


More information about HubSpot´s privacy policy.


More information from HubSpot regarding EU data protection regulations.


You can find more information about the cookies used from HubSpot here and here.