Pivacy Policy
1. Introduction
Thank you for visiting our website. We take privacy very seriously and strive to protect your personal information as part of our website offering. By personal information, we mean all data relating to the personal and factual circumstances of an individual. Personal information collected on our website is used for our own purposes only.
2. Controller and Privacy Contact
Controller of the data processing pursuant to Art. 4 No. 7 GDPR is
Top-Werk GmbH
Freier-Grund-Straße 123
57299 Burbach-Wahlbach, Germany
Phone: +49 2736 4976 0
Fax: +49 2736 4976 620
E-Mail: info(at)topwerk.com
Legal representative
Robert Gruss, Jens Müller
Data Protection Officer
Oliver Gönner
Rochusstraße 198
53123 Bonn
Phone: 0228 / 28614060
E-Mail: [dsb(at)sicoda.de]
3. Legal basis for data processing
The legal basis for data processing under the EU General Data Protection Regulation is Art. 6 GDPR. Depending on the situation in which we process your data, different legal bases may apply.
Consent
To the extent that your consent has been obtained for the processing of personal data, Article 6 I a) GDPR is the legal basis for the data processing. Any consent given may be revoked at any time with effect for the future. Contract Article 6 I b) GDPR is the legal basis for the processing of personal data collected for the performance of a contract to which you are a party. This also applies to processing operations necessary for the performance of pre-contractual measures.
Legal obligation
To the extent that the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6 I c) GDPR serves as the legal basis. vital interests In the event that the vital interests of you or another natural person require the processing of personal data, Article 6 I d) GDPR is the legal basis.
Legitimate interest
If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 I f) GDPR serves as the legal basis for the processing. Our company's legitimate interest is to conduct our business.
Employment relationship
In accordance with Art. 88 of the General Data Protection Regulation (GDPR) in conjunction with § 26 of the Federal Data Protection Act (BDSG), personal data of employees are processed for the purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship or, after the establishment of the employment relationship, for its implementation or termination or for the exercise or fulfilment of the rights and obligations of the representation of employees' interests arising from a law or a collective agreement, works agreement or service agreement (collective agreement).
4. Rights of data subjects
Your personal data will be processed as part of our data processing operations. You are entitled to the rights of Chapter 3 of the GDPR against our company.
You have the right to:
• access
• rectification
• erasure
• restriction of processing
• Notification obligation regarding rectification or erasure of personal data or restriction of processing
• data portability
• objection You also have the right to lodge a complaint with the competent data protection supervisory authority.
5. Web server logs
When you use our website, the connection information is stored in the server log files.
This information includes:
• IP adress pf your system
• Browser information, such as operating system used and screen resolution
• visited website
• Original website
• Time of site visit Web server logs are processed for security purposes only.
We only use the log data for statistical purposes for the operation, security and optimisation of the website. However, we reserve the right to review log data retrospectively if we have reasonable grounds to suspect unlawful use. The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR.
6. Contact form
You can use the contact form to send us any information you wish. The data is forwarded by email from our web server to our company's email inbox. Please note that communication via the contact form is not encrypted. In your own interest, please use a secure channel for confidential communications.
We will only use your personal information to respond to your request. The legal basis for the processing of your personal data in the context of the contact form is Art. 6 par. 1 lit. b) GDPR, insofar as your request is related to the execution or initiation of a contract with us. If the legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a) GDPR, you have the right to revoke this consent at any time with effect for the future without giving reasons. Please note that in this case we will not be able to process your request.
7. Contact via e-mail or telephone
If you contact us by email or telephone, we will only use the personal information you provide as part of your enquiry for the purpose of responding to your enquiry. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR, insofar as your request is related to the execution or initiation of a contract with us. The legal basis for all other requests is your consent according to Art. 6 para. 1 lit. a) GDPR. If the legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a) GDPR, you have the right to revoke this consent at any time with effect for the future without giving reasons. Please note that in this case we will not be able to process your request.
8. Log-In
Certain areas of our Virtual Topwerk require a login. In order to log in to certain areas with the required login, you must first register for that area. To register, we need the following information from you: • Form of Address • Family Name • First Name • Company name • Job title • E-mail address You also have the option to voluntarily provide us with additional information, such as your telephone number or academic degree. This information is only processed as part of the registration and login process. Where information is collected as part of a user's registration, it will only be used to provide that service. Analyses are only carried out to ensure the comfortable and safe operation of the system. The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR.
9. Newsletters and invitations to events
If you have provided us with personal information such as your name, first name, email address etc. in order to receive our newsletter or invitations to events, we will use this information to send you information in accordance with your registration. In this case, the legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. When you log in or register, we store your IP address and the date of registration. This storage is used as evidence in the event that a third party misuses an email address and logs in without the knowledge of the authorised person. You can unsubscribe from the newsletter at any time free of charge by using the unsubscribe link provided in each newsletter. We evaluate your user behaviour when sending the newsletter. The emails sent contain 'web beacons' for measurement purposes. These are pixel-sized files that are retrieved from our service provider's server when the newsletter is opened. For the purposes of analysis, the above access data and 'web beacons' are linked to your email address and a unique ID.
The following data will be recorded:
• E-mail address
• Opening the newsletter
• Time of opening the newsletter
• Opening links provided in the newsletter
If you have voluntarily provided us with additional information when registering for the newsletter or otherwise, this will also be processed in conjunction with the above information.
• Form of Address
• Family Name
• First Name
• Company name
• Phone number
• IP address
• Registration and confirmation time
• Location
By subscribing to our newsletter, you consent to the processing of your personal data as described above. Please note that we can only send you our newsletter and event invitations with your express consent. If you do not agree to the processing of your data to the extent described in the privacy policy and do not give your consent, we will unfortunately not be able to send you our newsletter and invitations to events.
10. Applications
You can apply online for advertised positions. In this context, we process the personal data you provide as part of the online application. The legal basis for the processing is Art. 88 GDPR in conjunction with § 26 BDSG. Please note: Clicking on the job description will take you to our careers page. All further information regarding the processing of your personal data can be found on the careers page or at: https://recruitingapp-5620.de.umantis.com/Vacancies/459/DataProtection/1. We work with a service provider as part of our career management programme. We have entered into an additional data processing agreement with this company in accordance with Art. 28 GDPR.
11. Video conferences and digital events
We use video conferencing services as part of certain events and/or other services we offer. In this context, personal data relating to you will also be processed. In this case, the legal basis for the processing of personal data is the consent of the participant pursuant to Art. 6 para. 1 lit. a) GDPR. We use solutions from an external provider to use a video conferencing service. We have a GDPR compliant data processing agreement with this company. In this context, we have also decided that the data collected directly during online meetings (such as images, sound, content of conversations) will be processed within the EU. If additional data is processed in the US, we cannot rule out the possibility that US intelligence agencies may access this data under their legal powers. By giving us your consent to process your personal data in the context of videoconferencing and/or digital events, you also consent to any access to this data by US intelligence services. As a videoconference participant, you can decide how much of your audio and video is processed. If you do not want to do this, turn off the camera and microphone on the device you are using to participate. You can also prevent your real name from being processed by using a pseudonym. If you do not take these measures, the data you provide, such as your family name, first name, the e-mail address you provide, your company, a password for logging in, if you dial in by telephone - your telephone number, video, audio and text data (if you use the chat function), the start and end of the meeting, the date/time of the meeting, the IP address of the participating device, will generally be processed when you participate in a videoconference. Insofar as we process personal data in connection with events, this processing may also be based on Art. 6 para. 1 lit. f) GDPR. For example, when we analyse attendance at our events in terms of what we offer.
12. Cookies
This website and all its sub-sites use cookies and other similar tracking technologies such as tracking pixels or local storage objects (LSO). Cookies are text files that are stored on your device. Cookies can be read, transferred and modified by the website when the website is accessed. We use both 'first party cookies', which are cookies controlled by the company that operates the domain on which the cookies are set, and 'third party cookies'. The latter are controlled by third parties and help us to analyse the impact of our website content and the interests of our visitors, to measure the performance of our website or to display relevant advertising and other content on our or other websites. Most of the cookies we use are session cookies. They are automatically deleted at the end of your visit or browser session (so-called temporary cookies). Other cookies remain on your device for a set period of time or until you delete them (persistent cookies). These cookies allow us to recognise your browser on your next visit. We only use cookies with random, pseudonymous identification numbers. These identification numbers are used to evaluate your use of our website. At no time is the user profile linked to the name of a natural person. If you use special functions on our website (such as the shopping basket or 'stay logged in'), cookies are also used for these functions. Web beacons are tiny graphic files used to collect information from your device, such as your device type, operating system, IP address or time of visit. Local Storage Objects (LSO) work in a similar way to cookies. However, the information is stored locally on your browser. Insofar as cookies and other technologies are technically necessary for the operation of the website, the legal basis for their use and the associated processing of your personal data is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. In particular, our legitimate interests include providing you with a technically optimised, user-friendly website that meets your needs and ensuring the security of our systems. The use of cookies and other technologies that are not technically necessary for the operation of the site and that are primarily used for analysis and marketing purposes, as well as the associated processing of your personal data, is carried out in accordance with Art. 6 para. 1 lit. a) GDPR only if you have given us your express consent. When you first access our website or any of its sub-pages, a cookie banner will inform you of the cookies and other technologies used on the website and give you the opportunity to choose which of the cookies and other technologies requiring your consent you wish to accept. You can also use the cookie banner at any time to find out more about how cookies work or to view our full privacy policy by clicking on the 'Privacy Policy' button. Once you have given your consent, you can revoke it at any time.
13. Consent Management
We use the Consent Management Tool of iubenda s.r.l., Via San Raffaele, 1 - 20121 Milan, Italy on our website to inform you about the cookies and third party services used on our website and to comply with our legal obligation to obtain your consent for the use of cookies and third party services that are not necessary for the operation of the website. The following data will be collected and transmitted to iubenda as part of the recording of your consent: • anonymised IP address • Date and time of the visit • Device and browser information • Information about your consent preferences. The legal basis for the processing of your personal data in the context of consent management is our legal obligation to obtain your consent for the use of cookies and third party services that are not necessary for the operation of the website, in accordance with Art. 6 para. 1 lit. c) GDPR. Iubenda processes your data on our behalf as a data processor. We have concluded an additional data processing agreement with Iubenda in accordance with Art. 28GDPR.
14. Google Analytics
This website uses Google Analytics 4, a web analytics service provided by Google Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The cookies contain information about interactions that are tracked as the site is used. The information generated by the cookie about your use of this website is usually transferred to and stored by Google on servers in the United States. US intelligence agencies may have access to this data as part of their broad legal surveillance powers. According to Google, your IP address will be shortened by Google within the European Union or in other countries that are signatories to the European Economic Area Agreement by means of automatic IP anonymisation before it is processed in the USA. However, your full IP address may be transmitted to a Google server in the United States and may be made available to US law enforcement authorities. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
In addition, Google's own processing, which is not further defined by Google, is intended to provide and protect the Analytics service. However, we have not made any data available to Google for its own processing using the data sharing settings.
If you have consented to the use of Google Analytics, we will track the following events:
• First visit
• Start a Session
• User engagement (the website is in focus for at least one second)
The following parameters are recorded by default for each event:
• language,
• page_location,
• page_referrer,
• page_title und
• screen_resolution.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also disable Google Analytics through your cookie settings. The legal basis for our data collection using the Google Analytics software is your consent pursuant to Art. 6 para. 1 a) GDPR, which you can revoke at any time with effect for the future using the procedure described above. Your data will be automatically deleted after ... months. Data that has reached the end of its retention period is automatically deleted once a month.
More information about Google Analytics and privacy can be found on the website: policies.google.com/privacy
15. Google Maps
For better visualisation, we include a map on our website that is provided by Google Inc. via the Google Maps API. When you view the map, a connection is made to the Google server, which includes transmitting your IP address to Google. Google will be able to analyse the use of the Google Maps function by visitors to the website. Google also has the ability to write and read cookies. These cookies may be Google user cookies that are directly linked to your person. The legal basis for the use of Google Maps is your consent according to Art. 6 para. 1 lit. a) GDPR. For more information about Google Maps, please see the Google Privacy Policy and Terms of Use: policies.google.com/privacy
16. Youtube
The website uses videos and plugins provided by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is legally represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When a video is viewed on our site, even in a still image, a communication link is established with the YouTube server through which the service receives various data. This information includes the IP address of your computer, any cookies already stored on your computer, and information stored from previous interactions with YouTube. If you do not already have a cookie on your computer, the Service will place a cookie on your computer for the first time. When you interact with YouTube, the Service also receives information about any account you may have with YouTube. Other information is also sent to the provider when you interact with the video, such as when you click the start, pause or end buttons. You can prevent this by visiting a page without a video and deleting all cookies from your computer. The legal basis for the use of YouTube videos is your consent pursuant to Art. 6 para. 1 lit. a) GDPR.
For more information about YouTube's data processing and privacy policies, please visit: policies.google.com/privacy
17. Hubspot Analytics
We use HubSpot Analytics Tracking on our website, an analytics service provided by HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA. The use of HubSpot Analytics Tracking involves the use of a measurement pixel. The information generated by the measurement pixel about the use of our website is generally transmitted to and stored on a HubSpot server in the United States. The data is shared with HubSpot to gain insight into our advertising campaigns, to measure the impact of our ads, and to continually improve the content and technical features of the site based on demand. The legal basis for the use of HubSpot Analytics Tracking is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. You may revoke your consent at any time with immediate effect.
More information about privacy and cookies from HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA: legal.hubspot.com/privacy-policy
18. Zreality Analytics
As part of Virtual Topwerk, we use the service of Zreality Analytics GmBH, Zollamtstr. 11, 67663 Kaiserslautern, Germany, based on the open source software tool Matomo to analyse the surfing behaviour of our users. If you only visit our website and not our Virtual Topwerk, you are not affected by this data processing. The following information is collected when Zreality is used: • approximate location • Operating system, browser • Number of visits • which site was visited • how long the visitor was on this site • what was clicked on the site. The software runs exclusively on servers operated by our service provider Zreality in the European Union. This data is only stored there and is not passed on to other third parties. The software is set so that IP addresses are not stored in full, but the last two bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer. No other personal information is collected. No methods are used to recognise users for analysis purposes (e.g. cookies). However, if you do not agree to the use of this service, you can opt-out of tracking by visiting analytics.zreality.com/index.php. Rechtsgrundlage für den Einsatz von Zreality ist gem. Art. 6 Abs. 1 lit. f) Ds-GVO unser berechtigtes Interesse.
The legal basis for the use of Zreality is our legitimate interest according to Art. 6 para. 1 lit. f) GDPR.
19. Google Tag Manager
On this website we use Google Tag Manager, a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to control which scripts are executed on our website. The Google Tag Manager allows to manage website tags through a user interface, but only implements tags that do not use cookies or collect personal information. Google Tag Manager triggers other tags that can be used to collect data without Google Tag Manager having access to that data. In order to monitor the stability and performance of our system, Google Tag Manager collects some aggregate data from tag-triggering events. However, this information does not include user IP addresses or user-specific IDs, so it cannot be associated with any particular individual. However, if you use Google Tag Manager, personal information such as your IP address may be transferred to Google in the USA. For this reason, we only use Google Tag Manager with your express consent. The legal basis for the processing of your personal data in connection with the use of the Google Tag Manager is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. You have the right to revoke your consent at any time without giving reasons.
For more information about Google Tag Manager, visit www.google.com/intl/de/tagmanager/use-policy.html
20. Social media presence
As part of our social media presence, we maintain a company page on the following social media platforms: • LinkedIn If you visit our company page on the relevant social media platform, your personal data may be processed. LinkedIn We are joint controllers with LinkedIn Ireland Unlimited Company ("LinkedIn"), Wilton Plaza, Gardner House 4,5,6 2 Dublin, Ireland for the processing of personal data on our LinkedIn page. If you visit our LinkedIn page and respond to our content, we may process your personal information, such as your username, the content you post on LinkedIn, and your reactions to our company's content, so that we may respond to your reactions or mention your account or your content in content we post. LinkedIn Ireland Unlimited Company (‘LinkedIn’), Wilton Plaza, Gardner House 4,5,6 2 Dublin, Ireland is responsible for the further processing of personal data in the context of the use of LinkedIn. Among other things, LinkedIn processes the information you voluntarily provide when using your LinkedIn account, such as your name, username, email address and phone number. When you publish and share content on LinkedIn, LinkedIn can analyse it to find out what topics you are interested in in order to provide you with information about similar content and possibly advertising. In addition, LinkedIn also collects log information such as your IP address, browser type, operating system, the website you came from and the pages you visited, your location, mobile operator, the device you are using, search terms you use and cookie information. Please note that this information will be processed by LinkedIn even if you do not have a LinkedIn account. If you have a LinkedIn account, you may be able to restrict the processing of your personal data by LinkedIn through your LinkedIn account settings.
We have no knowledge of, and no control over, the scope and nature of LinkedIn's processing and use of your personal information. For more information about LinkedIn's data processing practices, please visit: de.linkedin.com/legal/privacy-policy
We expressly note that the use of LinkedIn may involve the transfer of personal data to a country outside the EU/EEA, a so-called third country, which may not provide the level of protection of personal data as required by the GDPR.