Privacy Policy of SUTO iTEC GmbH, D-79423 Heitersheim, Germany

We are very pleased about your interest in our company. Data protection is of a particularly high priority for the management of SUTO iTEC GmbH.

The processing of personal data shall always be in line with the European General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection provisions applicable to SUTO iTEC GmbH.

Personal data is any information relating to an identified or identifiable living person. Various pieces of information that, together can lead to the identification of a specific person also constitute personal data.

By means of this privacy policy, our company would like to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, data subjects are informed of their rights by this privacy policy.

As the controller, SUTO iTEC GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions can be subject to security vulnerabilities, so that absolute protection cannot be guaranteed.

1. Name and address of the controller

Controller, within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

SUTO iTEC GmbH
Managing directors: Thomas Gleissner, Simon Gleissner
Grißheimer way 21
79423 Heitersheim
Germany
Tel .: 0049 7634 504 88 00
Email: [email protected]
Website: www.suto-itec.com

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

If you have any questions about the collection, processing or use of your personal data or assertion of data subject rights, please contact us using the above contact details.

2. Collection of general data and information

The website of SUTO iTEC GmbH collects a series of technical data and information that your browser automatically transmits with each retrieval. This data and information is stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

This data is required in order to (1) correctly deliver the content of our website, (2) ensure the content of our website, (3) the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. The data of the server log files are stored separately from any personal data provided by a data subject.

The collection of the aforementioned data is based on the legitimate interest of the SUTO iTEC pursuant to Article 6(1)f GDPR.

3. Cookies and Plug-Ins

On our website, we generally only use cookies and other technologies that are absolutely necessary – in your and our interest – to move around the website, to use basic functions and to ensure the security of the website. These cookies do not collect information about you for marketing purposes, nor do they store which web pages you have visited. If we also use technologies that are not absolutely necessary for the use of the website, this will only be done with your consent (Section 25(1) TTDSG, Article 7 GDPR).

Cookies are small text files that are assigned to the browser you are using and stored on your hard drive by means of a characteristic string of characters, and through which certain information flows to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer as a whole more user-friendly and effective, i.e. more pleasant for you.

Cookies can contain data that makes it possible to recognize the device used. In some cases, however, cookies only contain information about certain settings that are not personally identifiable. However, cookies cannot directly identify a user. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

You can find more information about the cookies we set in our Consent Management Tool. You can also make your individual settings there. We specifically use the following tools:

Google services: We use functions of the web analytics service Google Analytics. The provider is Google Ireland Ltd. Google Inc, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Analytics is used to analyze and regularly improve the use of the website. The statistics obtained can be used to improve the offer and make it more interesting for users. For more information on how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245.

We also use the Google Tag Manager. With the Google Tag Manager, we can manage so-called website tags. However, the Tag Manager itself, which deploys the tags, works without cookies and does not collect any personal data. The Tag Manager merely ensures that other tags are triggered, which in turn may collect data. For more information on how Google Tag Manager works, see https://support.google.com/tagmanager/answer/2772432?hl=de&topic=2574304&ctx=topic.

We use “Google Ads” on our website, an advertising service from Google, which enables us to draw attention to our offer with the help of external advertising media on external websites and to determine the success of individual advertising measures. For this purpose, cookies and pixel tags are set that process the following parameters: IP address, browser information, usage data, date and time of visit, location information, cookie ID. The legal basis for this is your consent, which you can revoke at any time. The data is deleted as soon as it is no longer required for processing. The log data is usually anonymized after nine months, and the cookie information is anonymized after 18 months. We ourselves do not collect or process any personal data as part of the advertising measures. We only receive statistical evaluations from Google. You can obtain further information from Google on data processing at https://policies.google.com/privacy?hl=en, on the options for objecting at https://safety.google/privacy/privacy-controls/ and on Google’s cookie policy at https://policies.google.com/technologies/cookies?hl=en.

In order to protect our website from abusive automated spying and spam, we also use the Google tool “reCAPTCHA”. This is done on the basis of legitimate interests (Article 6(1)f GDPR). For further information on “reCAPTCHA”, please see https://policies.google.com/privacy?hl=en.

Vimeo: We have integrated Vimeo videos into our online offer, which are stored on http://www.vimeo.com and can be played directly from our website. By visiting the website, Vimeo receives the information that you have called up the corresponding sub-page of our website. In addition, the data is transmitted, which is processed when visiting any website. This occurs regardless of whether Vimeo provides a user account through which you are logged in or whether no user account exists. For more information about Vimeo privacy, please visit https://vimeo.com/privacy.

LinkedIn: With your consent, we use the conversion tracking technology and the retargeting function of LinkedIn Corporation on our website. With the help of this technology, we can play personalized ads on LinkedIn to users of our website and receive anonymized evaluations of the performance of the ads. For this purpose, the LinkedIn Insight tag is embedded on this website, which establishes a connection to the LinkedIn server. For more information, please visit www.linkedin.com/legal/privacy-policy.

Microsoft Bing Ads: We use Bing Ads, provided and operated by Microsoft. Microsoft sets a cookie on your end device if you have reached our website via a Microsoft Bing Ad. This enables Microsoft and us to recognize that someone has clicked on an ad, been redirected to our website and reached a previously determined target page. We only learn the total number of users who clicked on a Bing Ad and were then redirected to the landing page. Microsoft uses the cookie to process information from which usage profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior and are used to display advertisements. The legal basis for the use of Bing Ads is your consent. Further information is available at https://www.microsoft.com/en-gb/servicesagreement/.

4. Newsletter

With your consent, you can subscribe to our newsletter, with which we inform you about our current offers. For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be deleted after seven days. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

The only mandatory information for sending the newsletter is your e-mail address. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis is Article 6(1)a GDPR. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

5. Contact possibility via the website

If a data subject contacts SUTO iTEC by e-mail or via a contact form, the personal data you provide will be stored automatically. Such personal data transmitted on a voluntary basis will be stored exclusively for the purpose of processing or contacting you. This personal data will not be passed on to third parties.

6. Routine deletion and blocking of personal data

The data processed by SUTO iTEC will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. The deletion of the data is carried out in accordance with the statutory provisions.

7. Rights of the data subject

You have the following rights with respect to SUTO iTEC under the respective legal conditions regarding the personal data concerning you:

• Right of access;
• Right to rectification or erasure;
• Right to restriction of processing;
• Right to object to processing;
• Right to data portability.

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

8. Notes to business partners

We collect personal data (usually names, contact details, billing and payment data) about our (potential) business partners or the contact persons there in order to be able to identify business partners and correspond with them in order to provide our contractual services and for invoicing purposes. The legal basis for this is Article 6(1)b GDPR. Failure to provide certain data may mean that a contract cannot be concluded or performed.

We will only disclose your personal data to third parties if and to the extent that there is a legal permission for this within the meaning of Article 6(1) GDPR. This includes in particular the disclosure to payment service providers and to public bodies and institutions in the event of a legal or official obligation to disclose.

Insofar as we use external service providers to process personal data relating to business partners, these service providers have been carefully selected, commissioned in writing and are bound by our instructions. The service providers will not pass this data on to third parties, but will delete it once the contract has been fulfilled and legal storage periods have been completed, unless consent has been given to store it beyond this.

We store your personal data for as long as required by legal storage and documentation obligations (Article 6(1) c GDPR) (usually ten years), unless there is consent for storage beyond this or there are legitimate interests that make storage beyond this necessary.

9. Data protection during applications and the application process

The controller collects and processes the personal data of applicants for the purpose of handling the application procedure. The processing may also take place electronically. This is the case, in particular, when an applicant submits relevant application documents to the controller by electronic means, for example, by e-mail or via a web form located on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act.

10. Duration for which the personal data are stored

The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract.

11. Existence of automated decision-making

As a responsible company, we refrain from automatic decision-making or profiling.

12. Data security

Personal data is protected by us by means of suitable technical and organizational measures in order to ensure an appropriate level of protection and to safeguard the personal rights of the persons concerned. The measures taken serve, among other things, to prevent unauthorized access to the technical equipment used by us and to protect personal data from unauthorized disclosure by third parties. In particular, this website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as your contact requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. Nevertheless, we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of data against access by third parties is therefore not possible.

13. Updating the privacy notice

Since this data protection notice may change from time to time as a result of legal changes or new functions within the scope of our offer, we recommend that you check it regularly.

Last update: October 2023