Privacy Statement
General information about data protection
1. Data protection
Thank you for your interest and for visiting our website. Grimmel Wassertechnik GmbH, the website provider, takes the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with statutory data protection regulations.
This privacy policy explains the type of personal data (hereinafter: data) we process and the scope and purposes of processing in connection with our website, its functions and content. Please refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR) for terms used in this document such as “personal data“, “processing” or “data controller“.
Grimmel Wassertechnik GmbH, as the data controller, has implemented numerous technical and organisational measures to ensure the most comprehensive possible protection of personal data that is processed via this website. However, please be aware that transferring data via the internet (for example when communicating via e-mail) may not be secure. It is therefore not possible to protect data without exception from third party access.
2. Data controller
The data controller pursuant to GDPR and other applicable national data protection laws and regulations is:
Grimmel Wassertechnik GmbH
Dieselstr. 3
D-61239 Ober-Moerlen
Tel.: +49 (6002) 9122-0
Fax: +49 (6002) 9122-29
Mail: info@grimmel-wt.de
3. Data protection officer
The data controller’s data protection officer is:
Jan Alkemade
Alkemade IT-Security e.K.
Egerländer Str. 9
61239 Ober-Mörlen
Germany
Tel.: +49 6002 939593
E-mail: jan.alkemade@alkemade-it.de
General information about data processing
Legal bases for the processing of personal data:
We are required under Article 13 GDPR to inform you of the legal bases for data processing. Where the legal basis is not specified in the privacy statement, the following applies:
If personal data is processed with the data subject’s consent, the legal basis is Article 6 (1) a GDPR.
If it is necessary to process personal data for the purpose of executing a contract with the data subject, the legal basis is Article 6 (1) b GDPR. This also applies to personal data which is processed to take steps prior to entering into a contract.
If the personal data is processed to comply with a legal obligation on the part of the data controller, the legal basis is Article 6 (1) c GDPR.
If processing is necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis is Article 6 (1) d GDPR.
If processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis is Article 6 (1) f GDPR.
Data erasure and duration of storage
The data subject’s personal data are erased or the processing is restricted when the purposes of processing no longer apply. Personal data may also be processed if this is necessary for the data controller to comply with European or national statutory requirements under EU directives, laws or other regulations. Data processing is restricted or the data is erased if a mandatory statutory retention period expires unless it is necessary to continue storing the data in order to enter into or execute a contract.
Use of cookies
Our website uses cookies. Cookies do no harm to your computer and do not contain viruses. They are small text files which are placed on your computer and stored in your browser. If you access a website a cookie can be stored in your operating system. This cookie contains a globally unique identifier (GUID), a randomly generated string of characters, which allows us to identify you when you visit the website again.
We use cookies to enhance the user experience on our website. Some elements of our website need to be able to identify your browser when you go from one web page to another.
The following data is stored and transferred in cookies:
- Language settings
- Login information
Cookies are technically necessary and we use them to simplify the user experience on our website. Some website functions cannot be provided without cookies. These are functions that need to recognise your browser when you go from one web page to another.
We use cookies for the following applications:
- Apply language settings
- Remember search terms
Data collected with technically necessary cookies are not used for profiling purposes.
The legal basis for the storage or processing of cookies is your consent in accordance with Article 6 (1) (a) GDPR. It is, if applicable, also in our legitimate interest to process this personal data pursuant to Article 6 (1) f GDPR. Insofar as other cookies (e.g. cookies for analyzing your surfing behaviour) are stored, the processing of your personal data is based on consent in accordance with Article 6 (1) (a) GDPR.
Cookies are stored on the user’s computer and transferred from there to our website. This means that, as user, you have full control over the use of cookies. You can change your browser settings to disable all or certain cookies. You can also erase cookies that are stored in your browser, either manually or automatically. If you disable cookies for our website you may not be able to use all the functions of the website to their full extent.
You cannot disable Flash cookies by changing your browser settings. To do that you have to change the settings in your Flash Player.
You can find more information here: Cookie settings.
Creation of log files
Each time you visit our website our system automatically collects data and information from your computer.
The following data (server log files) are automatically transferred by your browser and collected by us:
- Browser type (version used, language settings etc.)
- User’s operating system
- User’s IP address
- Date and time of access
- Referrer URL (website, search engine or link via which our website is accessed)
- URL of the website accessed by the user from our website
- Status information (e.g. error messages)
- Volume of data transmitted
The data are also stored in the log files in our system. They are not combined with other personal data concerning the user.
We reserve the right to subsequently check these data, or to have them checked, if there are concrete indications of unlawful use.
The legal basis for the temporary storage of data and log files is Article 6 (1) f GDPR.
Temporary storage of the IP address by the system is necessary to display website content on your terminal. The IP address of the user (visitor) is therefore stored for this purpose for the duration of the session. Log files are stored to optimise the website experience and to ensure the security of our information systems. No data is analysed for marketing purposes in this connection.
The data are erased when they are no longer necessary for the purposes for which they were collected. Data collected to enable the user to use the website are erased at the end of the session.
Data stored in log files are erased after seven days at the latest. It is possible to store them for longer (e.g. for security reasons, to clarify acts of abuse or fraud, or for evidentiary purposes). In this case the user’s IP address is erased or alienated to prevent identification of the originating client.
The collection of the data and the storage of the data in log files is necessary to operate the website. The user therefore has no right to object.
Contact form and E-mail contact
You can contact us via the contact form or at the e-mail address provided on our website. In that case the personal data contained in your e-mail or the contact form will be stored.
No data will be transferred to third parties in this connection. The data are exclusively used for the purpose of our correspondence with you. Grimmel Wassertechnik GmbH does not relay this data without your consent.
At the time the message is sent, the following data will also be stored:
- The IP address of the user
- Date and time of registration
Your consent will be obtained for the processing of the data as part of the sending process and reference will be made to this privacy statement. Alternatively, contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored. In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
The legal basis for processing the data is the user’s consent pursuant to Article 6 (1) a GDPR. Where processing e-mail data is concerned, Article 6 (1) f GDPR. If the purpose of the e-mail contact is to conclude a contract, the data is also processed on the legal basis of Article 6 (1) b GDPR.
The processing of the personal data from the input mask serves solely for the processing of the establishment of contact, and in the case of an establishment of contact by email, this is also the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected; for personal data from the contact form input form and data sent by e-mail, this is the case when the conversation with the user has ended; the conversation is terminated when it can be inferred from the circumstances that the matter in question has been finally clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
Users can revoke their consent to the processing of personal data concerning them at any time. Users who contact us by e-mail can object to the storage of their personal data at any time. In that case the correspondence with the user is terminated. Declarations of revocation of consent, requests for changes, rectifications and updates to data can be sent to Grimmel Wassertechnik GmbH in writing, by fax or by e-mail. In this case, all personal data stored in connection with the contact will be erased.
Transfers of personal data and collaboration with third parties
1. Collaboration with processors and third parties
If we disclose, transfer or grant access to your personal data to other persons and companies (processors or third parties), (e.g. transfer of data to a third party such as a payment services provider pursuant to Article 6 (1) b GDPR for the purpose of contractual performance), this is always on the basis of a legal premise such as your consent, a statutory obligation or in our legitimate interest (e.g. when we use agents, web hosting service providers etc.).
When we engage processors to process data the data is always processed on the basis of Article 28 GDPR.
2. Transfers to third countries
If we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) for processing or to use third party services or if we disclose or transfer data to third parties, we do so because it is necessary to fulfil our (pre-)contractual obligations, to meet a legal obligation, because you have provided your consent or because it is in our legitimate interest to process the data. Subject to statutory or contractual permissions, we only process data or have data processed in a third country if the special requirements of Article 44 et seq. GDPR are met. Therefore, the data are only processed on the basis of special guarantees such as an official EU assessment of the adequacy of the level of data protection offered or compliance with officially recognised special contractual obligations (so-called “standard contractual provisions”).
3. Incorporation of third party services and content
It is possible (i.e. in the interest of the analysis, optimisation and efficient operation of our website pursuant to Article 6 (1) f GDPR) to integrate third party content or services such as videos or fonts into our website (referred to in the following as “content”).
This is only possible with the third-party content provider’s knowledge of the user’s IP address, because without the IP address it would not be possible to send the content to the user’s browser. Without the IP address this content cannot be displayed. Whenever possible, we ensure that third-party content providers use only the IP address to provide the content. Some third-party content providers also use pixel tags (small blocks of code, also called web beacons) for statistical or marketing purposes. The pixel tags can evaluate information such as visitor traffic on our web pages. Other pseudonymous data can be stored in cookies on the user’s terminal and provide information about the user’s browser and operating system, referrer URLs, length of visit and other information about the use of our website and combine it with information from other sources.
4. Webhosting
We use hosting services to provide you with the following: infrastructure and platform services, processing capacity, storage space and database services, security services and technical maintenance services associated with the operation of this website.
We or our hosting services providers process inventory data, contact data, content data, contract data, usage data, meta data and communication data concerning customers, potential customers and visitors to this website. It is in our legitimate interest to process the data in order to provide an efficient and secure website pursuant to Article 6 (1) f GDPR in conjunction with Article 28 GDPR (conclusion of a contract with a processor).
5. Third party websites and data privacy
This website may contain links to third party websites. If you use one of the links to access a third-party website, please remember that we accept no responsibility or liability for third- party content or privacy policies. Please read the third-party providers’ privacy policies before transferring personal data to these websites. The operators of such linked websites are exclusively responsible for their content. When we programmed the links there was no indication that the content of the website accessed via the link failed to meet legal requirements or transgressed standards of public decency. Please inform us immediately if you access a third-party website via a link on our website which does not meet legal requirements or transgresses standards of public decency. The licence terms and term of use of the respective website operators apply.
Website analytics services and advertisement
This website uses Google Analytics functions. The service provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The legal basis for the use of Google Analytics is Article 6 (1) a GDPR.
Google Analytics uses cookies. These are small text files which are saved on your computer and enable an analysis of your use of the website. The cookie-generated information about your use of this website is transferred to a Google server in the USA and stored there.
If you activate the IP anonymisation function Google will truncate your IP address within the member countries of the European Union or in other countries that are members of the European Economic Community. The full IP address will only be transmitted to a Google server in the USA and truncated there in specific, exceptional cases. At the request of the operator of this website, Google will use this information to evaluate the way you use this website, to compile reports on website activity, and to provide additional services connected to website use and Internet use to the website operator. The IP address sent by your browser to Google Analytics is not combined with other Google data.
You can set your browser to prevent it from saving cookies, but we would like to point out that if you do this, you may not be able to use all the functions of this website to their full extent. You can also opt out by downloading and installing the browser add-on available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en) to prevent the cookie-generated data that discloses your use of the website (incl. your IP address) from being collected and transmitted to Google and prevent Google from processing this data. This browser add-on informs Google Analytics via JavaScript that no data or information on website visits may be transferred to Google Analytics. The installation of the browser add-on is recognised by Google as an opt out.
Alternatively to the browser add-on, or if you are using a mobile device browser, click the following link to set an opt-out cookie that will prevent Google Analytics from collecting data about you on this website in future. If you erase your cookies you will have to click on the link again.
Further information on the Google privacy statement can be found at www.google.de/intl/de/policies/privacy/ and www.google.com/analytics/terms/en.html. An explanation of Google Analytics is provided at the following link: https://www.google.com/intl/de_de/analytics/.
Google Web Fonts
This page uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google's servers. By doing so, Google gains knowledge that the website of Grimmel Wassertechnik GmbH was accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of the online bid of Grimmel Wassertechnik GmbH. This constitutes a legitimate interest within the meaning of Article 6 (1) f GDPR. The legal basis for the processing of the data is Article 6 (1) a GDPR if the user has given their consent.
If your browser does not support web fonts, a standard font will be used by your computer.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.
Data protection for applications and in the application procedure
The controller processes the personal data of job applicants only for the purpose of processing the application procedure and in accordance with the legal requirements and may also do so electronically, in particular if an applicant sends the relevant application documents to the controller by electronic means, for example by e-mail.
If the controller concludes an employment contract with an applicant, the data transmitted shall be stored for the purpose of processing the employment relationship in compliance with the legal provisions. 6 months after notification of the decision of refusal, if no employment contract is concluded between the controller and the applicant, the application documents shall be automatically deleted, provided that there are no other legitimate interests of the controller to the contrary or the applicant’s consent to further processing exists.
By submitting the application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the nature and scope set out in this data protection declaration.
The processing of the applicant data takes place in order to fulfil our (pre)contractual obligations within the application procedure within the meaning of Art. 6 para. 1 letter b GDPR, the application addressed to the person responsible takes place on a voluntary basis of the applicant within the meaning of Art. 6 para. 1 letter a GDPR.
Data subject rights
When personal data concerning you is processed you have the following rights as the data subject pursuant to GDPR.
1. Right to information
You can request confirmation from the data controller of whether personal data concerning you are being processed by us.
If personal data concerning you is being processed, you can request the following information from the controller:
- the purposes for which the personal data are being processed;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data has been or will be disclosed;
- the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
- the existence of the right to obtain from the controller rectification or erasure of personal data concerning you, the right to restriction of processing by the controller or the right to object to processing;
- the right to lodge a complaint with a supervisory authority;
- all available information about the origin of the data if the personal data were not collected from the data subject;
- the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to obtain information about whether the personal data concerning you is transferred to a third country or an international organisation. In this connection you can obtain appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer of personal data.
2. Right to rectification
You have the right to obtain the rectification of personal data or the supplementation of incomplete personal data concerning you from the data controller. The data controller will comply without undue delay.
3. Right to restriction of processing
When one of the following applies you have the right to obtain from the controller restriction of processing:
- If you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
- If the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- If the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims or;
- If you have objected to processing pursuant to Article 21(1) pending the verification of whether the legitimate grounds of the controller override your grounds.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing pursuant to the above the data controller will inform you before the restriction of processing is lifted.
4. Right to erasure
a) Obligation to erase personal data
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing is based according to Article 6 (1) a, or Article 9 (2) a GDPR, and where there is no other legal ground for the processing.
- You object to the processing pursuant to Article 21 (1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.
- The personal data concerning you have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
b) Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Article 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to obtain erasure does not apply if the processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with Article 9 (2) h and i as well as Article 9 (3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
5. Notification obligation
If you have exercised your right of any rectification or erasure of personal data or restriction of processing vis-a-vis the controller, the controller is required to communicate any rectification, erasure or restriction of processing of personal data to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to obtain information from the controller about such recipients.
6. Right to data portability
You have the right to receive your personal data which you have provided to a controller in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data had been provided, where
- the processing is based on consent pursuant to Article 6 (1) a GDPR or Article 9 (2) a GDPR or on a contract pursuant to Article 6 (1) b GDPR; and
- the processing is carried out by automated means.
In exercising this right to data portability you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This may not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right at any time to object, on grounds relating to your particular situation, to processing of personal data concerning you on the basis of Article 6 (1) e or f GDPR; this also applies to profiling based on those provisions.
The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data for such marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 202/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to revoke consent
You have the right to revoke your consent to the processing of your personal data. This does not affect the lawfulness of processing up to the time of revocation.
9. Automated, individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
- is necessary for entering into, or performance of, a contract between you and a data controller,
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
These decisions may not be based on special categories of personal data referred to in Article 9 (1) unless point a or g of Article 9 (2) applies and suitable measures to safeguard your rights, freedoms and legitimate interests are in place.
If the decision is not based on statutory provisions, the data controller implements suitable measures to safeguard your rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express an own point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Unless an administrative or judicial remedy provides otherwise, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State you live or work in, or at the place of the suspected contravention, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority where the complaint is lodged informs the complainant about the status and outcome of the complaint process, including the right to an effective judicial remedy pursuant to Article 78 GDPR.
The competent supervisory authority is:
The Commissioner for Data Protection and Freedom of Information in Hessen
Professor Dr. Alexander Roßnagel
Gustav-Stresemann-Ring 1
65189 Wiesbaden
datenschutz.hessen.de
SSL encryption
This website uses SSL encryption for reasons relating to security and data transmission protection, for example when you send us enquiries. You can identify a secure website by the URL in the browser changing form “http://“ to “https://“ and by the padlock symbol in your browser.
When SSL encryption is enabled, third parties cannot intercept and read the data you send to us.
Other information
1. Personal data concerning children and adolescents
Persons under the age of 14 should not send personal data to us without the consent of a parent or guardian. We never request, collect or transfer personal data from children or adolescents to third parties unless we have the explicit consent of a parent or guardian. If the website user is under the age of 16 and the personal data is processed with consent, that consent must be provided by the user’s parent or guardian or by the user with the parent or guardian’s consent.
2. Objection to marketing e-mails
We prohibit use of the data published in the mandatory legal notice and transmissions of unsolicited advertising and information materials. The website operator expressly reserves the right to take legal action in the event that unsolicited advertising information, such as spam mails, is received.
3. Changes to our privacy statement
We change our security and data protection measures if such changes are necessary for technical or legal reasons and adapt our privacy statement accordingly. Please therefore always read the most up-to-date version.
Privacy statement version of February 2022