I. Registration on social media platforms
On the social media platforms on which we present our company, it is possible for users to register by providing their personal data. The data is entered into an input mask and transmitted to the provider of the platform and stored. Registration on the respective social media platforms is voluntary on the part of the user. We would like to point out that each user uses our presence on social media platforms and their functions on their own responsibility. This applies in particular to the use of interactive functions, such as commenting, sharing or rating. When you visit our pages on social media platforms, the platform provider collects user information, such as the IP address, via the end device used by the user. Our company is not involved in the processing of personal data when using the interactive functions and during the registration process on the social media platforms. Information on the legal basis for data processing, purpose of data processing, duration of storage, requests for information, objection and removal options can be found in the data protection information of the respective platform providers.
For all other processing of personal data, joint responsibility applies in accordance with Art. 26 of the EU General Data Protection Regulation (EU GDPR). Please refer to points II to VI for the privacy policy relating to our company.
II Data protection information for companies
1. name and contact details of the person responsible
The controller is the body which alone – or jointly with others – determines the purposes and means of the processing of personal data. The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:
DDM GmbH & Co KG
Personally liable partner: Peter Arbes Verwaltungs GmbH, represented by the managing director Peter Arbes
Marie-Curie-Str. 8
36039 Fulda
Phone: +49 661 967 962-0
E-mail: info@ddm-sensors.de
III General information on data processing
1. scope of the processing of personal data
The controller collects and uses the personal data of its users (hereinafter also referred to as “data subject”, “person concerned” or “visitor”) only insofar as this is necessary for the provision of the social media site and for the interaction of the user. Your personal data is generally collected directly from you, e.g. when you contact us.
2. legal basis for the processing of personal data
Insofar as the controller obtains the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. For any transfer to a non-secure third country, processing is carried out on the basis of Art. 49 para. 1 sentence 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device, the data processing is also carried out on the basis of Section 25 (1) TDDDG.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which the controller is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of the controller or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.
If special categories of data are processed in accordance with Art. 9 para. 1 GDPR, one or more of the legal bases mentioned in this section in conjunction with one or more derogations from Art. 9 para. 2 GDPR shall apply as the legal basis. If data is processed on the basis of one of the legal bases mentioned here in conjunction with Art. Art. 9 para. 2 GDPR, a separate note can be found in the respective processing (text block).
3. data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply or consent given by the data subject is revoked or processing is objected to. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
4. necessity of the provision of personal data
The provision of your personal data is not required by law or contract. There is no obligation to provide it. However, failure to provide it may mean that you are unable to use functions and other processing on our social media pages. We recommend that you only provide personal data that is required, for example, to process your request.
IV. Rights of the data subject
If we process your personal data, you as the data subject have the following rights vis-à-vis us as the controller:
1. right to information, Art. 15 GDPR
Within the framework of the applicable legal provisions, you have the right to (free) information about your collected and stored personal data at any time. This also includes information about the purposes of processing, its origin and recipients, the storage period and the existence of various rights.
2. right to rectification, Art. 16 GDPR
You have a right to rectification (also in the sense of completion) of your data vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete for the purpose of processing. The controller must make the correction without delay.
3. right to erasure, Art. 17 GDPR
You can request the deletion of your personal data at any time under the conditions of Art. 17 GDPR, unless there are still circumstances that entitle or oblige the controller to continue processing your personal data (such as statutory retention obligations).
4. right to restriction of processing, Art. 18 GDPR
If the legal requirements are met, you can request a restriction on the processing of your personal data within the scope of Art. 18 GDPR.
5. right to information, Art. 19 GDPR
If your personal data has been processed by recipients to whom the controller has disclosed the data, the controller is obliged to inform them of your requests for rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You can request that the controller inform you about these recipients.
6. right to data portability, Art. 20 GDPR
If you have provided us with personal data and automated processing is carried out on the basis of your consent or on the basis of a contract, you have the right to transfer the data provided by you within the scope of Art. 20 GDPR, provided that this does not adversely affect the rights and freedoms of other persons. The data will be provided in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
7. right to object, Art. 21 GDPR
You have the right to object to the processing of your data at any time, provided that the processing is carried out on the basis of a balancing of interests. This is the case if the controller relies on the public interest or its legitimate interest for processing (see Art. 6 para. 1 sentence 1 lit. e and f). The prerequisite is that you assert reasons arising from your particular situation which outweigh the interests of the controller. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Art. 21 para. 2 GDPR contains a special, deviating regulation if the personal data concerning you is used for direct marketing. In this case, you have the right to object to the processing of your personal data at any time without further requirements. The personal data concerning you will no longer be processed for the purpose of direct marketing. If profiling is associated with direct advertising, you can also object to this.
In connection with the use of information society services, you have the option of exercising your right to object by means of automated procedures that use technical specifications.
8. automated decision in individual cases, Art. 22 GDPR
In accordance with Art. 22 GDPR, you have the right that decisions which produce legal effects concerning you or similarly affect you are not based solely on automated processing, including profiling. Exceptions may exist if appropriate measures for the protection of your person are guaranteed and there are necessary contractual regulations or a legal provision or you have expressly consented.
9. right to withdraw your consent, Art. 7 para. 3 GDPR
You have the right to revoke your declaration of consent under data protection law at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation. You can send the revocation by e-mail or by post to the controller.
10. right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority for data protection, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information. If you are in another federal state or not in Germany, you can also contact the data protection authority there.
V. E-mail contact
1. description and scope of data processing
On the social media pages we use and in our signatures, email addresses are provided that can be used to contact us. In this case, the user’s personal data transmitted with the email will be stored.
No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.
2. legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
3. purpose of data processing
The processing of personal data serves us solely to process the contact. Hence the necessary legitimate interest in processing the data.
4. duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
5. possibility of objection and removal
If a user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
VI Contact via a social media platform (contact form, chat)
On some of the social media platforms, it is possible to make contact internally via the service (e.g. via a contact form or chat). If a user makes use of this option, the data entered in the input mask will be processed in the systems of the respective service, transmitted to us and stored on the systems of the provider of the respective platform. The use of a social media platform to contact us is voluntary on the part of the user. The data protection regulations of the respective service apply to the processing of personal data that takes place in the course of contacting us via the systems of a social media platform.
1. description and scope of data processing
In order to process your request, it may be necessary for your personal data to be processed internally at DDM GmbH & Co. The following regulations apply to the internal processing of your message at DDM GmbH & Co:
2. legal basis for data processing
The legal basis for the processing of data for processing a user’s request is Art. 6 para. 1 sentence 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR; if the contact person is the contact person of a (potential) business partner (customer, supplier, partner), the legal basis for (pre-)contractual measures is Art. 6 para. 1 sentence 1 lit. f GDPR.
3. purpose of data processing
The internal processing of the personal data that we have received from the contact options of the social media platforms serves us solely to process the contact.
4. duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
5. possibility of objection and removal
If a user’s personal data is processed internally to process the inquiry, the user can object to the storage of their personal data by DDM GmbH & Co KG at any time. In such a case, the conversation cannot be continued. In this case, all personal data stored internally within the company in the course of making contact will be deleted.
VII Facebook (a product of Meta)
Name and address of the person responsible:
Jointly responsible for the operation of this Facebook page within the meaning of the EU GDPR are the:
Meta Platforms Ireland Limited (hereinafter “Facebook” or “Meta”)
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland
and Our Company (see II – 1.)
1. information about our Facebook page
We operate this website to draw attention to our company, our jobs and products and to get in touch with you. Further information about us and our activities, companies etc. can be found on our website.
As the operator of the Facebook page, we have no interest in the collection and further processing of your personal data for analysis or marketing purposes.
The operation of this Facebook page, including the processing of users’ personal data, is based on our legitimate interests in a contemporary and supportive information and interaction opportunity for and with our users and visitors in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
2. processing of personal data by Meta
Meta Platforms, Inc is the US parent company of Meta Platforms Ireland Limited. The headquarters of Meta’s parent company is located in a third country from a data protection perspective.
The European General Data Protection Regulation (GDPR) requires that the transfer of personal data that is already being processed or is to be processed after its transfer to a third country or an international organization is only permitted if a level of data protection comparable to the requirements of the GDPR is guaranteed.
Meta Platforms, Inc is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an (individual) agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA (existence of an adequacy decision by the EU Commission within the meaning of Art. 45 para. 1, 3 GDPR). Every DPF-certified company undertakes to comply with these data protection standards. The list of certified companies can be found at: https://www.dataprivacyframework.gov/list. There you can search for the provider name and view the certification directly.
Meta processes user data for the following purposes, among others: Advertising (analysis, creation of personalized advertising), creation of user profiles and market research. Meta uses cookies, i.e. small text files that are stored on users’ end devices, to store and further process this information. If the user has a Facebook profile and is logged in to it, the information is also stored and analyzed across devices.
If you have any questions about your rights vis-à-vis Facebook, please contact Facebook directly. Your general rights under the GDPR can be found in this privacy policy under point IV.
If requests for information are made to us as the site operator, we are obliged by the supplementary agreement with Meta to forward these requests – whether from private individuals or authorities – to Meta within 7 days. This also results from the above-mentioned Controller Addendum
If you no longer wish the data processing described here to take place in future, please remove the link between your user profile and our site by using the “I no longer like this page” function.
Meta’s privacy policy contains further information on data processing https://www.facebook.com/about/privacy/ and here you will find opt-out options: https://www.facebook.com/settings?tab=ads
3. statistical data (insights)
Facebook “Insights” are statistical data of different categories that are available to us. These statistics are generated and provided by Facebook. As the operator of the site, we have no influence on the generation and presentation of this data. This function cannot be deactivated to prevent the generation and processing of data. Facebook provides us with the following data about our Facebook page for a selectable period of time: Total number of page views, “Like” information, page activity, post interactions, reach, video views, post reach, comments, shared content, responses, proportion of men and women, origin based on country and city, language, views and clicks in the store, clicks on route planners, clicks on telephone numbers, data on linked Facebook groups.
We use this available data to make our Facebook page more attractive to users (e.g. distribution by age and gender for a customized approach, scheduling of our posts, visual optimization for end devices. In accordance with the Facebook terms of use, which every user has agreed to when creating a Facebook profile, we can identify the subscribers and fans of the page and view their profiles and other information shared by them.
VIII. LinkedIn
Name and address of the person responsible:
The joint controllers for the operation of this LinkedIn page within the meaning of the EU General Data Protection Regulation and other data protection regulations are the:
LinkedIn Corporation, (hereinafter “LinkedIn”)
1000 West Maude Avenue Sunnyvale
CA 94085 USA
and Our Company (see II. – 1.)
1. information about our use of LinkedIn
We operate this website to draw attention to our company, our jobs and products and to get in touch with you. Further information about us and our activities, companies etc. can be found on our website.
As the operator of the LinkedIn page, we have no interest in the collection and further processing of your personal data for analysis or marketing purposes.
The operation of this LinkedIn page, including the processing of users’ personal data, is based on our legitimate interests in a contemporary and supportive information and interaction opportunity for and with our users and visitors in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
2. processing of personal data by LinkedIn
LinkedIn Corporation is a company based in the USA, so that a transfer of your personal data to a third country is not excluded.
The European General Data Protection Regulation (GDPR) requires that the transfer of personal data that is already being processed or is to be processed after its transfer to a third country or an international organization is only permitted if a level of data protection comparable to the requirements of the GDPR is guaranteed.
LinkedIn is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an (individual) agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA (existence of an adequacy decision by the EU Commission within the meaning of Art. 45 para. 1, 3 GDPR). Every DPF-certified company undertakes to comply with these data protection standards. The list of certified companies can be found at: https://www.dataprivacyframework.gov/list. There you can search for the provider name and view the certification directly.
If you are logged into your LinkedIn account, you enable LinkedIn to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your LinkedIn account.
If you have any questions about your rights vis-à-vis LinkedIn, please contact LinkedIn directly. Your general rights under the GDPR can be found in this privacy policy under point IV.
Further information on the handling of user data can be found in LinkedIn’s privacy policy.