Olet tässä

Sisältö

Data privacy statement

Thank you for your interest in our company. Data protection is very important to the management of Advancetec Oy (hereinafter referred to as “the company”).

Personal data, such as the name, address, e-mail address, or telephone number of the affected person, is always processed in line with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to the company. By means of this data privacy statement, our company would like to inform the public about the nature and scope of the personal data that we collect, use and process. Furthermore, this data privacy statement informs the affected persons of the rights to which they are entitled.

As the body responsible for processing, the company has implemented numerous technical and organisational measures to ensure the maximum possible protection for personal data processed through this website. However, internet-based data transfers can always have security loopholes, so absolute protection cannot be guaranteed. For this reason, all affected persons have the right to communicate personal data to us using alternative methods, for example by telephone.

1. Definitions

The company data privacy statement is based on the definitions used by the European directive and ordinance regulators in the General Data Protection Regulation (GDPR).  Our data privacy statement aims to be clear, legible and understandable, both for the public and for our customers and business partners.  In order to guarantee this, we would like to start by explaining the terms used.

In this data privacy statement, we use the following terms, among others:

  • a)    Personal data
    Personal data is all information relating to an identified or identifiable natural person (hereinafter “affected person”). A natural person is deemed to be identifiable if he can be directly or indirectly identified by means of assigning a code such as name, an identity number, location data, an online username or one or more particular features which are an expression of the physical, physiological, genetic, mental, economical, cultural or social identity of this natural person.
  • b) Affected person
    The affected person is any identified or identifiable natural person whose personal data is processed by the body responsible for processing.
  • c) Processing
    Processing is any process or series of processes carried out in conjunction with the personal data with or without automated procedures, such as recording, organising, filing, saving, adapting or changing, reading, querying, using, publishing by means of transmission, distribution or another form of publication, comparing or linking, restricting, deleting or destroying.
  • d) Restriction of processing
    Restriction of processing involves marking saved personal data with a view to restricting its future processing
  • e) Profiling
    Profiling is any kind of automatic processing of personal data which serves the purpose of using this personal data to evaluate specific personal aspects relating to a natural person, especially to analyse or predict aspects relating to work, financial situation, health, personal preferences, interests, reliability, behaviour, location or relocation for this natural person.
  • f) Pseudonymisation
    Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific affected person without the inclusion of further information, providing this additional information is stored separately and is subject to technical and organisational measures to guarantee that the personal data cannot be attributed to an identified or identifiable natural person.
  • g) Body responsible (for processing)
    The body responsible for processing is the natural or legal person, authority, facility or similar body which makes decisions on the purposes and means of processing of personal data, either alone or in conjunction with others. If the purpose and means of processing are defined by Union law or the law of the Member State, then the body responsible may be subject to specific appointment criteria in accordance with Union law or the law of the Member State.
  • h) Order processor
    The order processor is a natural or legal person, authority, facility or other body which processes personal data on behalf of the body responsible.
  • i) Recipient
    The recipient is a natural or legal person, authority, facility or other body to which personal data is disclosed, irrespective of whether it is a third party or not. However, authorities which receive personal data in line with a specific investigation order in accordance with Union law or the law of the Member State are not deemed as recipients.
  • j) Third parties
    A third party is a natural or legal person, authority, facility or other body apart from the affected person, the body responsible, the order processor and persons who are entitled to process personal data under the direct responsibility of the body responsible or the order processor.
  • k) Consent
    Consent is any agreement given freely by the affected person in an informed and unmistakable form as a declaration or other clear confirmation by which the affected person affirms that they are in agreement with the processing of the personal data relating to them.

2. Name and address of the body responsible for processing

In accordance with the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other data protection regulations, the body responsible is:

Advancetec Oy
Äyritie 12B
FI-01510 Vantaa
Finland

Phone: +358 207 199 430
E-Mail: tilaukset@remove-this.advancetec.fi

Website: www.advancetec.fi

3. Name and address of the data protection officer

The data protection officer for the body responsible for processing is:

Data protection officer
Äyritie 12B
FI-01510 Vantaa
Finland

Phone: +358 207 199 430

E-Mail: tilaukset@remove-this.advancetec.fi

All affected persons may contact our data protection officer directly at any time if they have any questions or suggestions regarding data privacy.

4. Recording of general data and information

The company website records a series of general data and information every time the website is accessed by an affected person or an automated system.  This general data and information is saved temporarily in logfiles on the server. The following data is recorded without your intervention and until it is automatically deleted: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the internet page from which an accessing system reached our website (known as the referrer), (4) the sub-pages of our website accessed by the device, (5) the date and time of the access to the website, (6) an Internet Protocol address (IP address), (7) the Internet Service Provider of the accessing device and (8) other similar data and information used to defend against risks in the event of attacks on our information technology systems.

The company cannot derive anything about the affected person from the use of this general data and information.  This information is required in order (1) to deliver the content of our website correctly, (2) to optimise the content of our website and advertising for it, (3) to guarantee the permanent functionality of our information technology systems and the technology of our website and (4) to provide the criminal investigation authorities with the information necessary for criminal investigation in the event of a cyber-attack.  This data and information, which is collected anonymously, is evaluated by the company for statistical purposes and with a view to increasing data protection and security within our company in order to guarantee an optimum level of protection for the personal data which we process.  The anonymous data in the server log files is stored separately from all personal data provided by an affected person.

The legal basis for this data processing is article 6, para. 1, clause 1, letter f, GDPR.

5. Registering on our website

The affected person has the option of registering on the website of the body responsible for processing by entering personal data.  The personal data transmitted to the body responsible for processing is captured by the input screen used for the registration process.  The personal data entered by the affected person is used exclusively for internal purposes at the body responsible for processing and collected and saved for its own purposes.  The body responsible for processing can authorise forwarding to one or more order processors, for example, courier companies, which also use the personal data exclusively for internal purposes of our body responsible for processing.

When the affected person registers on the website of the body responsible for processing, the IP address issued by their Internet Service Provider (ISP), and the date and time of registration are also saved. This data is saved as it is the only means of preventing misuse of our services and the data can be used to investigate criminal offences where necessary.  In this respect, it is necessary to save this data for security purposes for the body responsible for processing. This data is essentially not forwarded to third parties, unless there is a statutory obligation to do so or it is forwarded for criminal investigation purposes.

The registration of the affected person and voluntary provision of personal data allows the body responsible for processing to offer the affected person content or services which, by their nature, can only be provided to registered users.  Registered persons have the option of having the data they entered on registration modified or deleted completely from the systems of the body responsible for processing at any time.

On request, the body responsible for processing will provide information to any affected person at any time on what personal data it holds about the affected person.  . In addition, the body responsible for processing will correct or delete personal data on the request or instruction of the affected person, providing there are no statutory obligations for it to do otherwise.  The data protection officer named in this data privacy statement and all the employees of the body responsible for processing are available for the affected person to contact in this respect.

6. Use of the online catalogue

For the use of our online catalogue on our website http://www.schmersal.net, various additional data is requested in order for us to be able to process your enquiry and your order.  The following information is required:

  • Name
  • Address
  • Telephone number
  • E-mail address
  • Company

This data is processed by us for the following purposes:

  • to process the enquiry

The legal basis for this data processing is article 6, para. 1, clause 1, letter b, GDPR.

7. Subscribing to our newsletter

On the company website, users are given the option of subscribing to our company newsletter.  The personal data transmitted to the body responsible for processing when the newsletter is ordered is based on the input screen used for this purpose.

Providing they have given their explicit consent in accordance with art. 6, para. 1, clause 1, letter a GDPR, the company informs its customers and business partners about the company’s services at regular intervals via a newsletter.  Our company newsletter can only be received by the affected person if (1) the affected person has a valid e-mail address and (2) the affected person registers to be sent the newsletter.  For legal reasons, a double opt-in procedure with a confirmation e-mail is applied when the affected person first enters an e-mail address for the newsletter to be sent to.  This confirmation e-mail is used to check that the holder of the e-mail address has authorised the receipt of the newsletter as the affected person.

For a subscription to the newsletter, we also save the IP address issued by the Internet Service Provider of the affected person for the computer system used at the time of registration, and the date and time of registration.  The collection of this data is required in order to trace (potential) misuse of the e-mail address of an affected person at a later date and thus provides legal security for the body responsible for processing.

The personal data obtained in line with a newsletter subscription is used exclusively for sending our newsletter.  Newsletter subscribers can also be provided with information by e-mail where this is necessary for the provision of the newsletter service or registration is required in this respect, such as if there are changes to the newsletter service or the technical circumstances.  Personal data obtained for the provision of the newsletter service is not passed on to third parties. Affected persons can unsubscribe from our newsletter at any time.  The consent to the storage of personal data given by the affected person subscribing to the newsletter can be revoked at any time.  There is a link to revoke consent in every newsletter.  There is also the option of unsubscribing directly from the website of the body responsible for processing or informing the body responsible for processing using other means, for example by sending an e-mail to ufranke@remove-this.schmersal.com at any time.

8. Newsletter tracking

The company newsletter contains what are known as tracking pixels.  A tracking pixel is a miniature graphic which is embedded into e-mails sent in HTML format in order to enable logfile recording and analysis.  This enables a statistical evaluation of the success or failure of online marketing campaigns.  Using the embedded tracking pixel, the company can recognise whether and when an e-mail has been opened by an affected person and which links in the e-mail were clicked on by the affected person.

This personal data gathered by tracking pixels contained in the newsletters is saved and analysed by the body responsible for processing in order to optimise sending the newsletter and tailor the content of future newsletters better to the interests of the affected person.  This personal data is not passed on to any third parties.  Affected persons have the right to revoke their declaration of consent, which in this case is given separately via the double opt-in process, at any time.  Following a revocation, this personal data is deleted by the body responsible for processing.  Unsubscription from the newsletter is automatically treated as a revocation by the company.

9. Online contact option

Based on the statutory regulations, the company website contains information which allows fast electronic contact with our company and direct communication with us, including a general electronic mail or e-mail address.  If an affected person makes contact with the body responsible for processing via e-mail or using a contact form, the personal data transmitted by the affected person is saved automatically.  This personal data provided voluntarily by an affected person to the body responsible for processing is stored for the purposes of processing the enquiry or contacting the affected person.  This personal data is not passed on to third parties. Data processing for the purposes of making contact with us is in accordance with art. 6, para. 1, clause 1, letter a GDPR based on the consent you have provided voluntarily.

10. Routine deletion and blocking of personal data

The body responsible for processing only processes and stores personal data relating to the affected person for the period of time required to fulfil the purpose for which they are stored or if the European directive and ordinance regulator or other legislator requires their storage in laws or regulations which the body responsible for processing must comply with.

If the reason for storage no longer applies or a storage period stipulated by the European directive and ordinance regulator or another appropriate legislator expires, personal data is routinely blocked or deleted in accordance with legal requirements.

11. Forwarding of data

Apart from the purposes listed below, your personal data will not be passed on to third parties. We will only pass your personal data to third parties if:

  • You have given your explicit consent in accordance with art. 6, para. 1, clause 1, letter a GDPR,
  • Forwarding is required in accordance with art. 6, para. 1, clause 1, letter f GDPR for the exertion or defence of legal claims and there is no reason to assume that you have a predominant, proprietary interest in your data not being forwarded,
  • If forwarding is a statutory obligation in accordance with art. 6, para. 1, clause 1, letter c GDPR, or
  • It is permissible by law and required for the processing of contractual relationships with you in accordance with art. 6, para. 1, clause 1, letter b GDPR.

12. Rights of the affected person

  • a) Right to confirmation
    All affected persons are granted the right by the European directive and ordnance regulator to demand confirmation from the body responsible for processing as to whether personal data relating to them has been processed.  If an affected person wishes to exert this right to confirmation, they can contact our data protection officer or another employee of the body responsible for processing about this at any time.
  • b) Right to information
    In accordance with article 15 GDPR, all affected persons by processing personal data are granted the right by the European directive and ordinance regulator to obtain information from the body responsible for processing about the personal data held about them and receive a copy of this information free of charge. In addition, the European directive and ordinance regulator grants the affected person the right to the following information:

    • the purposes of processing
    • the categories of personal data which are processed
    • the recipient or categories of recipients to whom the personal data has been or will be disclosed, especially for recipients in other countries or international organisations
    • if possible, the planned period for which the personal data will be stored or, if this is not possible, the criteria for establishing this period
    • the existence of a right to correction or deletion of personal data relating to them, or to restriction of the processing by the body responsible for processing or the right to object to this processing
    • The existence of a right to complain to a regulatory body
    • If the personal data was not obtained from the affected person: all available information about the origin of the data
    • The existence of automated decision-making processes, including profiling, in accordance with art. 22, para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the range, plus the desired implications of such processing for the affected person

    In addition, the affected person has the right to information on whether personal data is forwarded to a foreign country or an international organisation. If this is the case, the affected person also has the right to obtain information about suitable guarantees in conjunction with this forwarding.
    If an affected person wishes to exert this right to information, they can contact our data protection officer or another employee of the body responsible for processing about this at any time.

  • c) Right to correction
    All persons affected by the processing of personal data have the right, as granted by the European directive and ordinance regulator in accordance with article 16 GDPR, to demand the immediate correction of any incorrect personal data relating to them.  In addition, the affected person has the right to demand the completion of incomplete personal data – and this can involve an additional explanation – taking the purposes of the processing into consideration.
    If an affected person wishes to exert this right to correction, they can contact our data protection officer or another employee of the body responsible for processing about this at any time.
  • d) Right to deletion (right to be forgotten)
    All persons affected by the processing of personal data have the right, as granted by the European directive and ordinance regulator in accordance with article 17 GDPR, to demand from the body responsible for processing that personal data relating to them is deleted immediately, providing one of the following reasons applies and processing is not required.

    • The personal data was gathered or otherwise processed for a purpose for which it is no longer required.
    • The affected person revokes the consent on which the processing in accordance with art. 6, para. 1, letter a GDPR or art. 9, para. 2, letter a GDPR relied, and there is no other legal basis for processing.
    • The affected person objects to the processing in accordance with art. 21, para 1 GDPR, and there are no overriding justified reasons for the processing, or the affected person objects to the processing in accordance with art. 21, para. 2 GDPR.
    • The personal data was processed illegally.
    • Deletion of the personal data is necessary in order to comply with the statutory obligation in accordance with Union law and the law of the Member State to which the body responsible for processing is subject.
    • The personal data was collected in relation to services offered by the information society in accordance with art. 8, para. 1 GDPR.

    If one of the above reasons applies and an affected person wishes to delete the personal data held by KAS, they can contact our data protection officer or another employee of the body responsible for processing at any time.  The KAS data protection officer or another employee will ensure that the deletion request is complied with immediately.
    If the personal data was made public by KAS and if our company as the body responsible for processing in accordance with art. 17, para. 1 GDPR is obliged to delete personal data, then KAS will take into consideration the available technology and implementation costs and take appropriate measures, including technical ones, to inform other bodies responsible for the processing of the disclosed personal data that the affected person has demanded that these other bodies responsible for data processing delete all links to this personal data or copies or replications of this personal data, providing processing is not required.  The KAS data protection officer or another employee will take the necessary steps on an individual basis.

  • e) Right to restriction of processing
    All persons affected by the processing of personal data have the right, as granted by the European directive and ordinance regulator in accordance with article 18 GDPR, to demand the restriction of processing by the body responsible for processing if one of the following conditions is fulfilled:

    • The correctness of the personal data is disputed by the affected person, restriction is then for a period of time which involves the body responsible for processing to verify the correctness of the personal data.
    • The processing is illegal, the affected person refuses deletion of the personal data and instead demands restriction of use of personal data.
    • The body responsible for processing no longer requires the personal data for the purposes of processing, but the affected person needs it for the exertion or defence of legal claims.
    • The affected person has objected to the processing in accordance with art. 21, para. 1 GDPR and it is not yet clear whether the justified reasons of the body responsible for processing outweigh those of the affected person.

    If one of the above conditions is fulfilled and an affected person wishes to restrict use of the personal data held by KAS, they can contact our data protection officer or another employee of the body responsible for processing at any time.  The KAS data protection officer or another employee will engineer the restriction of processing.

  •  f) Right to data transferability
    All persons affected by the processing of personal data have the right, as granted by the European directive and ordinance regulator, to receive the personal data relating to them, as provided by the affected person to a body responsible for processing, in a structured, standard machine-readable format.  They also have rights to transfer this data to another body without hindrance from the body responsible for processing to which the personal data was provided, providing processing is based on consent in accordance with art 6, para. 1, letter a, GDPR or art 9, para. 2, letter a, GDPR or on a contract in accordance with art 6, para. 1, letter b, GDPR and processing is carried out using automated methods, providing processing is not required for completion of the task which is in the public interests or the results of the exertion of public powers granted to the body responsible for processing.
    In exercising their right to data transferability in accordance with art. 20, para. 1, GDPR, the affected person also has the right to effect the direct transfer of the personal data from one body to another body responsible for processing, providing this is technically feasible and does not compromise the rights and freedoms of other people.
    In order to assert the right to data transferability, the affected person can consult the data protection officer appointed by KAS or any other employee at any time.
  • g) Right to object
    All persons affected by the processing of personal data at the right, as granted by the European directive and ordinance regulator, to object to the processing of personal data relating to them based on art. 6, para. 1, letter e or f, GDPR for    reasons relating to their personal situation.  This also applies to profiling based on these regulations.
    KAS will cease the processing of personal data in the event of an objection, unless we can provide evidence of urgent proprietary reasons for the processing which outweigh the interests, rights and freedoms of the affected person, or the processing serves to exert or defend legal claims.
    If KAS processes personal data in order to operate direct advertising, the affected person has the right to object to the processing of personal data for the purposes of such advertising at any time.  This also applies to profiling where it relates to direct advertising of this kind.  If the affected person objects to processing by KAS for the purposes of direct advertising, KAS will no longer process the personal data for these purposes.
    For reasons relating to their personal situation, the affected person also has the right to object to the relevant processing of personal information by KAS for scientific or historic research purposes or for statistical purposes in accordance with art. 89, para. 1 GDPR, unless this processing is required for the fulfilment of a task in the public interest.
    In order to assert the right to object, the affected person can consult the KAS data protection officer or any other employee directly.  In addition, the affected person is also free to exert their right to object using automated processes based on technical specifications in conjunction with the use of the services of the information society, irrespective of directive 2002/58/EU.
  • h) Automated decisions in individual cases, including profiling
    All persons affected by the processing of personal data have the right, as granted by the European directive and ordinance regulator, not to be subject to a decision-making process which relies exclusively on automated processing – including profiling – and which has a legal implication on them or similarly compromises them in a substantial way, providing the decision (1) is not required for the conclusion or fulfilment of the contract between the affected person and the body responsible for processing, or (2) there are legal regulations from the Union or Member States to which the body responsible for processing is subject which deem the processing authorised and these legal regulations include appropriate measures to preserve the rights and freedoms, and the justified interests of the affected person or (3) the processing takes place with the explicit consent of the affected person.
    If the decision is (1) necessary for the conclusion of the fulfilment of the contract between the affected person and the body responsible for processing or (2) taken with the explicit consent of the affected person, KAS will take appropriate measures to preserve the rights and freedoms and justified interests of the affected person, including at least the right to engineer the involvement of a person on behalf of the body responsible for processing, the right to present their own point of view and the right to object to the decision.
    If an affected person wishes to exert this right with respect to automated decisions, they can contact our data protection officer or another employee of the body responsible for processing about this at any time.
  • i) Right to revoke consent under data protection laws
    All persons affected by the processing of personal data have the right, as granted by the European directive and ordinance regulator in accordance with article 21 GDPR, to revoke their consent to the processing of personal data at any time.
    If an affected person wishes to exert this right to revoke their consent, they can contact our data protection officer or another employee of the body responsible for processing about this at any time. If you wish to exert your right to revoke consent or object, simply send an e-mail to advancetec@remove-this.advancetec.fi.

13. Data protection for job applications and application processes

The body responsible for processing collects and processes applicants' personal data for the purpose of completing the application process.  Data may also be processed electronically.  This is particularly the case if an applicant submits corresponding application documents by electronic means, such as e-mail or a form on the website, so that the person responsible can process them.  All personal data collected and processed in line with an application to the company is protected against unauthorised access and manipulation by means of technical and organisational measures.  If the body responsible for processing concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment contract in accordance with statutory regulations.  If the body responsible for processing does not conclude an employment contract with the candidate, the application documents will be automatically deleted six months after the decision to reject the candidate is notified, provided that deletion does not prejudice the other legitimate interests of the body responsible for processing.  Other legitimate interests in this respect include burden of proof in proceedings under the General Equal Treatment Act (AGG).  If you have provided explicit consent in accordance with art. 6, para. 1, clause 1, letter a GDPRa, we will use your personal data to process your application within our company and send you relevant messages.  Consent can be revoked at any time.  You can send a revocation by e-mail at any time to advancetec@remove-this.advancetec.fi.

14. Cookies

We use cookies on our website. These are small files which are automatically created by your browser and stored on your device (laptop, tablet, smartphone or similar) when you visit our website.  Cookies do not damage your device, they do not contain viruses, Trojans or other malware. The cookie saves information relative to the specific device used.  However, this does not mean that we can receive direct information about your identity.  One of the reasons for using cookies is to make using our services easier for you.  For example, we use what are known as session cookies to see which individual pages of our website you have already visited.  These are automatically deleted when you leave our website.

We also use temporary cookies in order to optimise user-friendliness, these are stored on your device for a specific period of time.

If you visit our website again in order to use our services, it is automatically detected that you have visited us before and what input and settings were provided, so that you do not need to repeat them.  We also use cookies in order to produce statistics about the use of our website and to evaluate our services to you in order to optimise them.  If you visit our website again, these cookies enable us to detect that you have visited before.  These cookies are automatically deleted after a defined period of time.

The data processed by the cookies is required for the above purposes and to preserve our justified interests and those of third parties in accordance with art. 6, para. 1, clause 1, letter f GDPR. 

Most browsers accept cookies automatically.  However, you can configure your browser not to save cookies on your computer or to always display a notification before saving a new cookie.  But disabling cookies completely may mean that you cannot use all the functions on our website.

15. Data privacy terms regarding the application and use of Facebook

The body responsible for processing has embedded components from Facebook on this website. Facebook is a social network.

The social network is a social meeting place on the internet, an online community which generally allows users to communicate among one another and interact within a virtual space.  A social network can serve as a platform for the exchange of opinions and experiences or enable the internet community to provide personal or company related information.  Among other things, Facebook allows users of the social network to set up private profiles, upload photos and network via friend requests.

The operator of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.  If an affected person lives outside the USA or Canada, the body responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Every time an individual page of the website operated by the body responsible for processing and including a Facebook component (Facebook plug-in) is accessed, the internet browser on the information technology system of the affected person is automatically triggered to download an image of the relevant Facebook component from Facebook.  An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. In line with this technical process, Facebook gains information on which specific sub-pages of our website are visited by the affected person.

If the affected person is also logged into Facebook at the same time, Facebook is also given information on which specific sub-pages of our website have been visited by the affected person every time our website is accessed by the affected person and throughout the duration of their visit. This information is collected by the Facebook component and assigned by Facebook to the relevant Facebook account of the affected person.  If the affected person actuates a Facebook button embedded on our website, for example the “Like” button, or if the affected person submits a comment, Facebook assigns this information to the personal Facebook user account of the affected person and saves this personal data.

The Facebook component always gives Facebook information about the fact that the affected person has visited our website if the affected person is also logged in to Facebook at the point at which they visit our website, this is irrespective of whether the affected person clicks on the Facebook component or not. If the affected person does not wish this kind of information to be transferred to Facebook, they can prevent it by logging out of their Facebook account before accessing our website.

The privacy guidelines published by Facebook at https://de-de.facebook.com/about/privacy/ provide information about the collection, processing and use of personal data by Facebook.  They also explain what settings options Facebook offers to protect the privacy of affected persons.  There are also various applications available which enable data transfer Facebook to be suppressed, for example, the Facebook Blocker from Webgraph, which can be bought from http://webgraph.com/resources/facebookblocker/. These applications can be used by the affected person to suppress data transfer to Facebook.

16. Data privacy terms regarding the application and use of Google Analytics (with anonymisation function)

The body responsible for processing has embedded components from Google Analytics (with anonymisation function) on this website.  Google Analytics is a web analysis service.  Web analysis is the gathering, collection and evaluation of data about visitor behaviour on websites.  Among other things, a web analysis records data on the website from which an affected person accesses a specific website (known as the referrer), which sub-pages of the website were accessed for how often and for how long a sub-page was viewed. Web analysis is primarily used to optimise the website and carry out cost to benefit analysis for Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The body responsible for processing uses the extension "_gat._anonymizeIp” for web analysis via Google Analytics.  This extension means that the IP address of the Internet connection of the affected person is truncated and anonymised by Google if our website is accessed from a Member State of the European Union or another country which is a signatory to the agreement on the European Economic Area.

The purpose of the Google Analytics components is to analyse visitor flows on our website.  Among other things, Google uses data and information obtained to evaluate the use of our website to put together online reports about activities on our website for us and in order to provide us with further services related to the use of our website.

Google Analytics sets a cookie on the information technology system of the affected person.  What cookies are has been explained above.  Setting the cookie allows Google to analyse the use of our website.  Every time an individual page of the website operated by the body responsible for processing and including a Google Analytics component is accessed, the internet browser on the information technology system of the affected person is automatically triggered by the relevant Google Analytics component to transfer data for the purposes of online analysis to Google.  As part of this technical process, Google becomes aware of personal data, such as the IP address of the affected person. This is then used by Google to derive the origin of the visitor and clicks and enable commission calculations as a result.

Cookies are used to save personal information, such as the access time, the location from which the website was accessed and the frequency of visits by the affected person.  Every time our website is visited, this personal data, including the IP address of the internet connection used by the affected person, is transmitted to Google in the United States. This personal data is saved by Google in the United States of America.  Under some circumstances, Google may pass this personal information, gained by means of the technical process, on to third parties.

As explained above, the affected person can prevent the saving of cookies by our website at any time by changing the relevant setting in the Internet browser they are using, thus permanently suppressing the saving of cookies.  Changing this setting in the Internet browser used will also prevent Google being able to save the cookie on the information technology system of the affected person.  A cookie which has already been saved by Google Analytics can also be deleted at any time by the internet browser or other software.

The affected person also has the option to object to or prevent the recording of data generated by Google Analytics about the use of this website or the processing of such data.  To do this, the affected person must download and install a browser add-on from https://tools.google.com/dlpage/gaoptout. This browser add-on uses JavaScript to inform Google Analytics that no data and information on website visits may be transmitted to Google Analytics.  Google interprets the installation of the browser add-on as an objection.  If the information technology system of the affected person is deleted, formatted or reinstalled at a later date, the affected person must reinstall the browser add-on in order to deactivate Google Analytics.  If the browser add-on is uninstalled or deactivated by the affected person or another person with the authority to do so, the browser add-on can be reinstalled or reactivated.

You will find more information on Google's applicable data privacy terms at https://www.google.co.uk/intl/eng/policies/privacy/ and https://www.google.com/analytics/terms/gb.html.  Google Analytics is explained in greater detail at https://www.google.com/intl/en_uk/analytics/#?modal_active=none.

17. Data privacy terms regarding the application and use of Google+

The body responsible for processing has embedded the Google+ button as a component on this website.  Google+ is what is known as a social network.  The social network is a social meeting place on the internet, an online community which generally allows users to communicate among one another and interact within a virtual space.  A social network can serve as a platform for the exchange of opinions and experiences or enable the internet community to provide personal or company related information.  Among other things, Google+ allows users of the social network to set up private profiles, upload photos and network via friend requests.

The operator of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Every time an individual page of the website operated by the body responsible for processing and including a Google+ button is accessed, the internet browser on the information technology system of the affected person is automatically triggered to download an image of the relevant Google+ button from Google.  In line with this technical process, Google gains information on which specific sub-pages of our website are visited by the affected person.  More detailed information about Google+ can be obtained from https://developers.google.com/+/.

If the affected person is also logged into Google+ at the same time, Google is also given information on which specific sub-pages of our website have been visited by the affected person every time our website is accessed by the affected person and throughout the duration of their visit.  This information is collected by the Google+ button and assigned by Google to the relevant Google+ account of the affected person.

If the affected person actuates one of the Google+ buttons embedded on our website to submit a Google +1 recommendation, Google assigns this information to the personal Google+ user account of the affected person and saves this personal data.  Google saves the Google+1 recommendation from the affected person and makes this publicly visible in line with the terms and conditions accepted by the affected person in this respect.  A Google +1 recommendation submitted by the affected person on this website is then stored and processed together with other personal data, such as the name of the Google +1 account used by the affected person    and the profile photo saved, this is then used in other Google services, for example Google search engine results, the Google account of the affected person or other places, for example on Internet pages or in conjunction with advertising. Google is also able to link the visit to this website to other personal data by Google.  Google also records this personal data for the purpose of improving or optimising the different Google services.

The Google+ button always gives Google information about the fact that the affected person has visited our website if the affected person is also logged in to Google+ at the point at which they visit our website, this is irrespective of whether the affected person clicks on the Google+ button or not.

If the affected person does not wish this kind of information to be transferred to Google, they can prevent it by logging out of their Google + account before accessing our website.

You will find more information on Google's applicable data privacy terms at https://www.google.co.uk/intl/eng/policies/privacy/. Further information from Google about the Google+1 button can be found at https://developers.google.com/+/web/buttons-policy.

18. Data privacy terms regarding the application and use of Google AdWords

The body responsible for processing has embedded Google AdWords into this website.  Google AdWords is an Internet advertising service which allows advertisers to display adverts in Google search engine results and on the Google advertising network.  Google AdWords enables advertisers to define specific keywords by which adverts are only shown in Google search engine results if the user has entered a search term relating to the keywords into the search engine. In the Google advertising network, the adverts are displayed by means of an automatic algorithm and distributed across subject-related websites based on previously defined keywords.

The operator of the Google AdWords service is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our website by displaying interest-related advertising on the website of third-party companies and in Google search machine results, and by showing external advertising on our website.

If an affected person reaches our website via a Google advert, the information technology system of the affected person stores what is known as a conversion cookie from Google.  What cookies are has been explained above.  A conversion cookie ceases to be valid after 30 days and cannot be used to identify the affected person.  If the cookie is still valid, the conversion cookie can be used to derive whether certain sub-pages, for example the shopping basket in an online shop system, are accessed on our website.  The conversion cookie allows both us and Google to see whether an affected person, who arrived at our web site via an AdWords advert, generated revenue, i.e. whether they completed or cancelled a purchase.

The data and information gathered through the use of the conversion cookie is used by Google to generate visit statistics for our website.  These visit statistics are used internally by us in order to determine the total number of users who are directed to us by AdWords adverts, i.e. to determine the success or failure of the relevant AdWords advert in order to optimise our AdWords adverts in the future.  Neither our company no other Google AdWords advertising customers obtain information from Google through which the affected person could be identified.

The conversion cookie saves personal information, for example the websites visited by the affected person.  Every time our website is visited, this personal data, including the IP address of the internet connection used by the affected person, is therefore transmitted to Google in the United States.  This personal data is saved by Google in the United States of America.  Under some circumstances, Google may pass this personal information, gained by means of the technical process, on to third parties.

As explained above, the affected person can prevent the saving of cookies by our website at any time by changing the relevant setting in the Internet browser they are using, thus permanently suppressing the saving of cookies.  Changing this setting in the internet browser used will also prevent Google being able to save a conversion cookie on the information technology system of the affected person.  A cookie which has already been saved by Google AdWords can also be deleted at any time by the Internet browser or other software.

In addition, the affected person has the option of refusing interest related advertising from Google.  To do this, the affected person must go to the link www.google.de/settings/ads from all Internet browsers they use and change the settings accordingly.

You will find more information on Google's applicable data privacy terms at https://www.google.co.uk/intl/eng/policies/privacy/.

19. Data privacy terms regarding the application and use of LinkedIn

The body responsible for processing has embedded components from the LinkedIn Corporation on this website.  LinkedIn is an Internet-based social network which allows users to connect to existing business contacts and establish new ones. LinkedIn has more than 400 million registered users in more than 200 countries.  This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

LinkedIn is operated by the LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA.  The contact details of data privacy issues outside the USA are LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

On every visit to a page of our website which has an embedded LinkedIn component (LinkedIn plug-in), the component triggers the browser used by the affected person to download an image of the component from LinkedIn.  Further information on the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins.  In line with this technical process, LinkedIn gains information on which specific sub-pages of our website are visited by the affected person.

If the affected person is also logged into LinkedIn at the same time, LinkedIn is also given information on which specific sub-pages of our website have been visited by the affected person every time our website is accessed by the affected person and throughout the duration of their visit.  This information is collected by the LinkedIn component and assigned by LinkedIn to the relevant LinkedIn account of the affected person.  If the affected person actuates one of the LinkedIn buttons embedded on our website, LinkedIn assigns this information to the personal LinkedIn user account of the affected person and saves this personal data.

The LinkedIn component always gives LinkedIn information about the fact that the affected person has visited our website if the affected person is also logged in to LinkedIn at the point at which they visit our website, this is irrespective of whether the affected person clicks on the LinkedIn component or not. If the affected person does not wish this kind of information to be transferred to LinkedIn, they can prevent it by logging out of their LinkedIn account before accessing our website.

At https://www.linkedin.com/psettings/guest-controls, LinkedIn provides the option of unsubscribing from e-mail messages, text messages and targeted advertising and managing advert settings.  LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua und Lotame, which can save cookies.  These cookies can.be blocked at https://www.linkedin.com/legal/cookie-policy.  The applicable data privacy terms from LinkedIn can be viewed at https://www.linkedin.com/legal/cookie-policy.  The cookie guidelines from LinkedIn can be viewed at https://www.linkedin.com/legal/cookie-policy.

20. Data privacy terms regarding the application and use of Xing

The body responsible for processing has embedded components from Xing on this website.  Xing is an Internet-based social network which allows users to connect to existing business contacts and establish new ones.  Individual Xing users can set up personal profiles.  Companies can, for example, set up company profiles or publish job adverts on Xing.

Xing is operated by XING AG, Dammtorstraße 30, 20354 Hamburg, Germany.

Every time an individual page of the website operated by the body responsible for processing and including a Xing component (Xing plug-in) is accessed, the internet browser on the information technology system of the affected person is automatically triggered to download an image of the relevant Xing component from Xing.  Further information on the Xing plug-ins can be found at https://dev.xing.com/plugins.  In line with this technical process, Xing gains information on which specific sub-pages of our website are visited by the affected person.

If the affected person is also logged into Xing at the same time, Xing is also given information on which specific sub-pages of our website have been visited by the affected person every time our website is accessed by the affected person and throughout the duration of their visit.  This information is collected by the Xing component and assigned by Xing to the relevant Xing account of the affected person.  If the affected person actuates one of the Xing buttons embedded on our website, for example, the “Share” button, Xing assigns this information to the personal Xing user account of the affected person and saves this personal data.

The Xing component always gives Xing information about the fact that the affected person has visited our website if the affected person is also logged in to Xing at the point at which they visit our website, this is irrespective of whether the affected person clicks on the Xing component or not.  If the affected person does not wish this kind of information to be transferred to Xing, they can prevent it by logging out of their Xing account before accessing our website.

The privacy guidelines published by Xing at https://www.xing.com/privacy provide information about the collection, processing and use of personal data by Xing.  Xing has also published data privacy instructions about the Xing share button at https://www.xing.com/app/share?op=data_protection

21. Data privacy terms regarding the application and use of YouTube

The body responsible for processing has embedded components from YouTube on this website.  YouTube is an Internet video portal which allows video publishers to upload video clips free of charge, and allows other users to view rate and comment on them, also free of charge.  YouTube allows the publication of all kinds of videos, which means that complete films and boxsets, music videos, trailers and videos produced by users themselves are all available to view on the Internet portal.

The operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.  YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Every time an individual page of the website operated by the body responsible for processing and including a YouTube component (YouTube plug-in) is accessed, the internet browser on the information technology system of the affected person is automatically triggered to download an image of the relevant YouTube component from YouTube.  Further information about YouTube can be found at https://www.youtube.com/yt/about/en/.  In line with this technical process, YouTube gains information on which specific sub-pages of our website are visited by the affected person.

If the affected person is logged into YouTube at the same time, and a sub-page containing a YouTube video is accessed, YouTube recognises which specific sub-page of our website the affected person is visiting.  This information assigned by Google and YouTube to the relevant YouTube account of the affected person.

The YouTube component always gives YouTube and Google information about the fact that the affected person has visited our website if the affected person is also logged in to YouTube at the point at which they visit our website, this is irrespective of whether the affected person clicks on the YouTube video or not.  If the affected person does not wish this kind of information to be transferred to YouTube and Google, they can prevent it by logging out of their YouTube account before accessing our website.

The privacy guidelines published by YouTube at https://www.google.de/intl/en/policies/privacy/ provide information about the collection, processing and use of personal data by YouTube and Google.

22. Legal basis for processing

Art. 6 I, letter a GDPR serves our company as the legal basis for all processing for which we obtain consent for a specific processing purpose.  If the processing of personal data is necessary for the fulfilment of a contract where the affected person is a contracting party, as is, for example, the case for processing for the supply of goods or the provision of services or counter-services, then processing is based on art. 6 I, letter b, GDPR.  The same applies for the processing required for the implementation of pre-contractual measures, such as enquiries about our products or services.  If our company is subject to statutory obligation which requires the processing of personal data, such as the fulfilment of tax obligations, then processing is based on art. 6 I, letter c, GDPR.  In rare cases, the processing of personal data can be necessary to protect the vital interests of the affected person or another natural person.  This would be the case if, for example, a visitor to our company were injured, and their name, age, health insurance details and other critical information needed to be passed on to a doctor, hospital or other third party.  Processing would then be based on art. 6 I, letter d GDPR.  Finally, processing can be based on art. 6 I, letter f GDPR.  This covers processing which is not covered by any of the above legal bases, if the processing is necessary to preserve the justified interest of our company party, providing this is not outweighed by the interests, basic rights and basic freedoms of the affected person.  This kind of processing is permitted in particular if it is mentioned specifically by the European legislator.  In this respect, it has expressed the view that a justified interest could be assumed if the affected person the customer of the body responsible for processing (consideration reason 47, clause 2 GDPR).

23. Justified interests in processing pursued by the body responsible processing or a third party

If the processing of personal data is based on art. 6 I, letter f GDPR, our justified interest is understood as the running of our business for the benefit of all our employees and our shareholders.

24. Period of time for which personal data is stored

The criterion for the duration of storage of personal data is the relevant legal basis.  If it ceases to apply, or the statutory storage period expires, the relevant data is deleted on a routine basis.

25. Statutory or contractual regulations on the provision of personal data;

requirement for contract conclusion; obligation of the affected person to provide the personal data;
potential consequences of non-compliance

We would like to point out that the provision of personal data is sometimes a statutory requirement (e.g. tax regulations) all a requirement under contractual terms (e.g. information on contract partner).  In order to conclude a contract, it may be necessary for the affected person to provide us with personal data which we then have to process.  For example, the affected person is obliged to provide us with personal data when our company concludes a contract with them.  Failure to provide the personal data would mean that the contract could not be concluded with the affected person.

26. Automated decision-making processes

As a responsible company, we do not use automated decision-making processes or profiling.

27. Data security

For all website visits, we use the widespread SSL process (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser.  As a rule, this is 256 bit encryption.  If your browser does not support 256 bit encryption, we use 128 bit v3 technology instead.  You can tell whether a single page of our Internet site is transmitted encrypted from the locked padlock or key symbol in the the status bar at the bottom of your browser.  We also apply suitable technical and organisational security measures to protect your data against accidental or malicious tampering, partial or complete loss, destruction or unauthorised access by third parties.  Our security measures are constantly improved in line with technological developments.

28. Currentness of and modifications to this privacy policy

This data privacy statement is now valid and was produced in May 2018.  It may become necessary to modify this data privacy statement in line with the further development of our website services or based on statutory or official requirements.  You can access and print out the most up-to-date version of the data privacy statement on the website at all times at http://www.schmersal.fi/tietosuoja/.