Privacy policy

Name and contact of the controller according to Article 4(7) GDPR

Address: CEO Walter Gürtner, Karl-Rolle-Straße 88, D-84307 Eggenfelden, Germany
Phone: +49 (0) 8721 788-0
Email: info@neumayr.de

Data protection officer
The operational data protection officer at Neumayr High-Tech Fassaden GmbH can be contacted at the above address, for the attention of Mr. Gürtner, or at info@neumayr.de.

Security and protection of your personal data

We see it as our primary task to safeguard the confidentiality of the personal data you have provided and to protect it from unauthorized access. We therefore exercise the utmost diligence and apply the most up-to-date security standards in order to guarantee maximum protection for your personal data.

As a company under civil law, we are subject to the provisions of the General Data Protection Regulations of the EU (GDPR) and the regulations of the German Federal Data Protection Act (BDSG). We have taken technical and organizational measures to ensure that the data privacy regulations are observed both by us and by our external service providers.

Definitions

The legislation requires personal data to be processed lawfully, in good faith, and in a manner that the data subject can understand (“lawfulness; processing in good faith, transparency”).  To guarantee this, we provide you with information on the individual statutory definitions which are also used in this data privacy statement:

1. Personal data

“Personal data” includes all information that refers to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is considered identifiable if he or she can be identified directly or indirectly, particularly by correlation to an identifier such as a name, to an identification number, to location data, to an online identifier, or to one or more special criteria which are an expression of the physical, physiological, genetic, psychological, economic, cultural, or social identity of this natural person.

2. Processing

"Processing" includes any operation or set of operations performed in connection with personal data, with or without the assistance of automated processes, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or other form of provision, alignment or combination, restriction, erasure, or destruction.

3. Restriction on processing

A “restriction on processing” is the marking of stored personal data with the goal of restricting its processing in the future.

4. Profiling

“Profiling” is any form of automated processing that consists of this personal data being used to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning the person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

5. Pseudonymization

“Pseudonymization” is the processing of personal data in such a way that the personal data can no longer be associated with a specific data subject without requiring additional information, provided that this additional information is stored separately and subject to technical and organizational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.

6. File system

A “file system” is any structured collection of personal data that is accessible according to certain criteria, regardless of whether this collection is kept centrally or locally, or ordered according to functional or geographical aspects.

7. Controller

A “controller” is a natural or legal person, authority, institution, or other body that decides on the purposes and means of the processing of personal data, either alone or jointly with others; if the purposes and means of this processing are specified by the law of the European Union or the law of the Member States, the controller or the specific criteria for its nomination can be designated according to the law of the European Union or the law of the Member States.

8. Data processor

A “data processor” is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the controller.

9. Recipient

A “recipient” is a natural or legal person, authority, institution, or other body to whom or which personal data is disclosed, independent of whether this person or body is a third party or not. Authorities which may receive personal data in the context of a particular inquiry according to the law of the European Union or the law of the Member States do not, however, count as recipients; the authorities specified process this data in alignment with the applicable data protection regulations in accordance with the purposes of the processing.

10. Third party

A “third party” is a natural or legal person, authority, institution, or other body aside from the data subject, the controller, the data processor, and the persons authorized to process the personal data under the direct responsibility of the controller or data processor.

11. Consent

“Consent” by the data subject is any declaration of will submitted voluntarily in regard to the specific case in an informed and unmistakable manner in the form of a declaration or other indisputable, validating action whereby the data subject gives to understand that he or she agrees with the personal data concerning them being processed.

Lawfulness of the processing

The processing of the personal data is only lawful if there is a legal basis for the processing. According to Article 6(1) a – f GDPR, the legal basis for the processing could particularly be that:

a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which the controller is subject;

d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;

e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority which has been vested in the controller;

f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, particularly where the data subject is a child.

Information on the collection of personal data

(1) In the following, we provide information on the collection of personal data when you use our website. Personal data includes, for example, name, address, email addresses, and user behavior.

(2) If you contact us by email or using a contact form, we store the data you communicate (your email address, and also your name and telephone number where applicable) so that we can answer your questions. We erase the data accumulating in this connection once storage is no longer necessary, or restrict the processing if legal retention obligations apply.

 

Collection of personal data when you visit our website
If you only use the website for information purposes, i.e. if you do not register on it or do not otherwise send us information, we only collect the personal data transferred to our server by your browser. If you wish to look at our website, we collect the following data that is technically required in order for us to show you our website and to guarantee stability and security (the legal basis for this is Art. 6(1) sentence 1f) GDPR):

  • IP address
  • Date and time of the inquiry
  • Difference in time zone from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Data volume transmitted in each case
  • Website the request comes from
  • Browser
  • Operating system and its user interface
  • Language and version of browser software.

Use of cookies

(1) Cookies are also stored on your computer when you use our website in addition to the data mentioned above. Cookies are small text files that are stored on your hard drive assigned to the browser you are using, and which are used so that certain information can flow to the location that sets the cookie.  Cookies cannot run any programs or infect your computer with viruses. They serve to make the web offering more effective and user-friendly.

(2) This website uses the following types of cookies, whose scope and mode of operation are explained below:
transient cookies (see a.)
persistent cookies (see b.).

a) Transient cookies are automatically erased when you close the browser. This particularly includes session cookies. These cookies store what is called a session ID, which can be used to match the joint session to different requests by your browser. That way, your computer can be recognized again when you return to our website. The session cookies are erased when you log out or close the browser.

b) Persistent cookies are automatically erased after a prescribed period, which can vary depending on the cookie. You can erase the cookies in the security settings on your browser at any time.

c) You can configure your browser settings as you desire and refuse to accept third-party cookies or all cookies, for example. Third-party cookies are cookies set by a third party, and hence not by the actual website you are currently visiting. We advise you that you may not be able to use all of the functions of this website if you deactivate cookies.

d) The Flash cookies used are captured by your Flash plugin, not by your browser. Furthermore, we use HTML5 storage objects, which are stored on your end device. These objects store the necessary data independently of the browser you use, and do not have an automatic expiry date. If you do not want any processing by the Flash cookies, you need to install a suitable add-on, e.g., “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash cookie killer for Google Chrome. You can prevent HTML5 storage objects from being used by setting the private mode on your browser. We also recommend regularly deleting your cookies and browser history manually.

Using Matomo

Type and purpose of processing:

This website uses Matomo (formerly Piwik), an open-source software for the statistical evaluation of visitor hits. The Matomo software provider is InnoCraft Ltd., 150 Willis St., 6011 Wellington, New Zealand.
Matomo uses cookies – text files that are stored on your computer and enable an analysis of how you use the website.
The information created by the cookie concerning your use of the website is stored on a server.
The IP address is anonymized immediately after it is processed and before it is stored. You can prevent the cookies from being installed by changing the setting on your browser software. We advise you that if the setting is selected accordingly, not all of the functions on this website may still be available.
You can decide whether a unique web analytics cookie can be stored on your browser to enable the website operator to record and analyze different statistical data.
You can find more detailed information on privacy settings in the Matomo software by clicking on the following link: https://matomo.org/docs/privacy/.

Legal basis:

The data is processed based on the user’s consent (Art. 6(1) a) GDPR).

Recipients:

The recipients of the data may be data processors.

Storage period:

The data is erased as soon as it is no longer required for our recording purposes.

Retrieval mandatory or necessary:

Your personal data is retrieved voluntarily, purely based on your consent. If you refuse access, this may restrict functions on the website.

Withdrawal of consent:

You can prevent cookies from being installed by setting your browser software accordingly; however, we advise you that in this case you may not be able to use all functions on this website to the full extent.

Other functions and offerings on our website

(1) Apart from the use of our website purely for information purposes, we offer different services for you to use if you are interested. In this case, you are generally required to enter further personal data, which we use to perform the relevant service and to which the principles of data processing mentioned above apply.

(2) We use external service providers to process your data to some extent. We selected and commissioned these providers carefully. They are bound by our instructions and are monitored regularly.

(3) Furthermore, we can disclose your personal data to third parties when we collaborate with partners to offer the opportunity to participate in sales promotions, competitions, conclusion of contracts, or similar services. You can get more detailed information about this when you enter your personal data, or in the description of the offering below.

(4) If our service providers or partners are domiciled in a state outside the European Economic Area (EEC), we will inform you of the consequences of this situation in the description of the offering.

Children

Our offering is strictly aimed toward adults. Persons under 18 years of age should not transfer any personal data to us without the consent of their parents or legal guardians.

Rights of the data subject

(1) Withdrawal of consent

If the processing of the personal data is based on consent that has been granted, you have the right to withdraw this consent at any time. The withdrawal of the consent does not affect the lawfulness of the processing which was carried out based on the consent before this consent was withdrawn.

You can contact us at any time to exercise your right of withdrawal.

 

(2) Right to confirmation

You have the right to request confirmation from the controller as to whether we are processing personal data concerning you. You can request the confirmation using the above contact details at any time.

(3) Right to information

If personal data is processed, you can request information on this personal data and the following information at any time:

a) the purposes of the processing;

b) the categories of personal data concerned;

c) the recipients or categories of recipient to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations;

d) where possible, the envisaged period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that period;

e) the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning you, or to object to such processing;

f) the right to lodge a complaint with a supervisory authority;

g) where the personal data is not collected from the data subject, any available information as to its source;

h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR, and – at least in those cases – meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

If personal data is transferred to a third country or international organization, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer. We provide a copy of the personal data which is subject to the processing. We can request an appropriate fee based on the administrative costs for all further copies for which you apply. If you apply for this electronically, the information is to be provided in a commonly used electronic format unless otherwise specified. The right to receive a copy pursuant to subsection (3) must not encroach upon the rights or freedoms of other persons.

(4) Right to rectification

You have the right to request from us the immediate rectification of inaccurate personal data concerning you.  Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

(5) Right to erasure (“right to be forgotten”)

You have the right to request from the controller that the personal data concerning you be erased immediately, and we are obligated to erase personal data immediately if one of the following grounds applies:

a) The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

b) The data subject withdraws the consent on which the processing was based according to Article 6(1) a) or Article 9(2) a) GDPR, and there is no other legal basis for the processing.

c) The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.

d) The personal data has been processed unlawfully.

e) The personal data has to be erased to comply with a legal obligation according to the law of the European Union or the law of the Member States to which the controller is subject.

f)  The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If the controller has made the personal data public and is obliged to erase it pursuant to subsection (1), the controller, taking account of the available technology and the cost of implementation, shall take appropriate steps, including technical measures, to inform controllers responsible for data processing who or which are processing the personal data that a data subject has requested that they erase any links to, or copies or replications of that personal data.

The right to erasure (“right to be forgotten”) does not exist if the processing is necessary as follows:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing according to the law of the European Union or the law of the Member States to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority which has been vested in the controller;
  • for reasons of public interest in the area of public health in accordance with Article 9(2) h) and i),  and Article 9(3) GDPR;
  • for archiving purposes in the public interest, or for scientific, historical research, or statistical purposes in accordance with Article 89(1) in so far as the right referred to in subsection (1) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise, or defense of legal claims.

(6) Right to restriction of processing

You have the right to request that the controller restrict processing if one of the following conditions is met:

a) the accuracy of the personal data is contested by the data subject, and is contested for a period which enables the controller to verify the accuracy of the personal data;

b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;

c) the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise, or defense of legal claims;

d) the data subject has objected to the processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject.

If processing has been restricted in accordance with the abovementioned conditions, this personal data shall – with the exception of storage – only be processed with the consent of the data subject or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
To assert the right to restriction of the processing, the data subject can contact us at any time using the contact details mentioned above.

(7) Right to data portability

You have the right to receive the personal data concerning you which you have made available to us, in a structured, commonly used, and machine-readable format, and you have the right to transfer that data to another controller without hindrance from the controller to which the personal data has been made available provided that:

a) the processing is based on consent pursuant to Article 6(1) a), or Article 9(2) a), or on a contract pursuant to Article 6(1) b) GDPR; and

b) the processing is carried out by automated means.

In exercising the right to data portability pursuant to subsection (1), you have the right to have the personal data transferred directly from one controller to another where technically feasible. The exercising of the right to data portability does not affect the right to erasure (“right to be forgotten”). This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority which has been vested in the controller.

(8) Right to object

You have the right to object, on grounds arising from your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1) e) or f) GDPR; this also applies to profiling based on those provisions. The controller will no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means which use technical specifications.

Where personal data is processed for scientific, historical research, or statistical purposes pursuant to Article 89(1), you have the right to object to the processing of personal data concerning you on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

You may exercise your right to object at any time by contacting the respective controller.

(9) Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which develops legal effects concerning you or affects you significantly in a similar manner. This does not apply if the decision:

a) is necessary for entering into or performing a contract between the data subject and the controller;

b) is admissible based on the statutory provisions of the Union or Member State to which the controller is subject and which also lay down suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests; or

c) is made with the express consent of the data subject.

The controller will implement suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests, which at least include the right to have the controller effect human intervention, to express their own point of view, and to contest the decision.
The data subject may exercise their right to object at any time by contacting the respective controller.

(10) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your place of residence, place of work, or place of the alleged infringement if you are of the opinion that the processing of personal data relating to you infringes this Regulation.

(11) Right to an effective judicial remedy

Without prejudice to an available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR, you have the right to an effective judicial remedy if you are of the opinion that the rights to which you are entitled based on this Regulation have been infringed as a result of processing of your personal data which was not in line with this Regulation.