Data Protection Information for the Website and Social Media

The lawful and responsible handling of personal data is important for GMC-Instruments GmbH. In accordance with Article 13 of the General Data Protection Regulation (GDPR), this Data Protection Information describes how GMC-Instruments GmbH collects, uses, and transmits the personal data of users when they visit this website and use the social media channels and provides information about the rights of the data subjects.

Personal data are processed in accordance with the applicable data protection regulations, in particular, the GDPR and the German Data Protection Act (Bundesdatenschutzgesetz, BDSG).

1. Controller and data protection officer

Data processing controller in accordance with data protection regulations:

GMC-Instruments GmbH
Suedwestpark 15
90449 Nuremberg
Germany
Phone: +49 911 252661-0
Fax: +49 911 252661-881
E-mail: info@gmc-i.com

GMC-Instruments GmbH has appointed an external data protection officer:

Joachim Hader
secudor GmbH
Am Schulhof 1
91757 Treuchtlingen
Germany
Phone: +49 911 8602-642
E-mail: datenschutz@gossenmetrawatt.com

2. Provision of data

The user provides the data listed below when visiting the website or a social media channel. The user provides data beyond the technically and legally required data on a voluntary basis.

3. Website services: Processing purposes, recipients, and storage duration

• • Remarks

The controller and the recipients named below process personal data. Beyond this, data will only be transmitted to third parties if the user has consented to this or if the controller is obliged or authorised to do so due to legal requirements or a court or official order.

The controller processes the data for the storage period specified below, otherwise for as long as necessary to fulfil the respective purpose or in accordance with the respective statutory retention periods. If the storage of personal data is no longer required, in particular after the expiry of the statutory retention periods or when statutory periods for erasure are reached, the data will be deleted.

• Technically or legally required data for the provision of the website

Processing purposes and legal basis: This website uses cookies and other attributes and processes log files for the purpose of technically and legally ensuring the proper operation of the website (legitimate interest pursuant to Article 6(1)(f) GDPR). The following data is logged for this purpose:

• date and time of website visit (timestamp),
• IP address and host name of the visiting computer,
• website from which this website was accessed and websites that were accessed via this website,
• pages visited on this website,
• data volume transferred,
• information on whether the visit to this website was technically successful,
• information on the operating system, browser type, and version, and
• cookie content (query string).

Recipient: A processor commissioned by the controller within the meaning of Article 28 GDPR hosts the website.

Storage period: The log files are stored for as long as this is necessary for legitimate evaluation. If there are concrete indications of unlawful use of the website, server log files may be evaluated in accordance with the applicable legal requirements. The consent status concerning cookies is stored for a period of one year. Other cookies are stored for the duration of the visit to this website and then automatically deleted.

• Matomo

Processing purposes and legal basis: This website uses the Matomo web analysis service of the provider InnoCraft Ltd. in Wellington, New Zealand, for the purpose of statistical analysis of user behaviour for optimisation and marketing purposes (legitimate interest pursuant to Article 6(1)(f) GDPR). For this purpose, the service uses cookies, from whose data pseudonymised user profiles can be created and evaluated. The information in the pseudonymised user profile is not used to identify the individual user personally and is not combined with personal data about the bearer of the pseudonym.

Storage period: Depending on the respective cookies, the data is stored for a maximum of one year and then automatically deleted.

If the user does not consent to the storage and evaluation of this data from his/her visit to the website, he/she can object to the processing at any time. In this case, a so-called opt-out cookie is stored in the browser, which means that Matomo does not collect any session data. Please note that deleting all cookies means that the opt-out cookie will also be deleted and may have to be reactivated.

• Leadinfo

Processing purposes and legal basis: This website uses the Leadinfo lead generation service of the provider Leadinfo B.V. in Rotterdam, the Netherlands, for the purpose of recognising website visits by companies for evaluation and marketing purposes (legitimate interest pursuant to Article 6(1)(f) GDPR). When the website is visited, the service recognises companies on the basis of IP addresses and displays publicly available information, such as company names or business addresses. In addition, the service sets two first-party cookies to evaluate user behaviour on the website and processes domains from the user’s form entries to correlate IP addresses with companies and thus improve its services.

Further information on Leadinfo’s handling of user data is available from https://www.leadinfo.com/en/legal/gdpr/. Leadinfo’s opt-out option is available from https://www.leadinfo.com/en/legal/opt-out/.

Recipient: Leadinfo B.V. in Rotterdam, the Netherlands

Storage period: The data is stored for the duration of the website visit and then automatically deleted.

• YouTube

Processing purposes and legal basis: This website uses the YouTube video portal of the provider Google Ireland Limited in Dublin, Ireland, for the purpose of a user-friendly and appealing presentation of the online offering and to provide information about the company. When you visit a website with a YouTube video, a connection to YouTube’s servers is established. This requires the YouTube server to be provided with the technical data and information about which website was accessed. Videos are only loaded following the active consent of the user. In this context, personal data is transmitted to and processed by YouTube.

If users are logged in to their YouTube accounts while visiting the website, they enable YouTube and Google to assign their surfing behaviour directly to their personal profiles in accordance with YouTube’s and Google’s privacy policies. Users can prevent this by logging out of their YouTube account beforehand.

Further information on YouTube’s handling of user data is available from YouTube’s privacy policy at https://policies.google.com/privacy.

Recipient: Google Ireland Limited in Dublin, Ireland

Storage period: The data is stored for the duration of the website visit and then automatically deleted.

• Contact form

Processing purposes and legal basis: This website offers the user the opportunity to send messages to the controller, which the controller can read and respond to, in particular with regard to the initiation and implementation of business relationships (legitimate interest pursuant to Article 6(1)(f) GDPR). In the case of enquiries via the contact form, the user’s details from the enquiry form, including the contact data provided, at least to the extent of the mandatory fields, are stored for the purpose of processing the enquiry and for any follow-up questions. The data the user provides will be used exclusively in connection with the processing of the enquiry.

• Newsletter

Processing purpose and legal basis: This website offers the user the option to voluntarily subscribe to the controller’s newsletter (Article 6(1)(a) GDPR). In this context, users must provide a valid e-mail address and their correct first and last names. The data provided by the user will be used exclusively in connection with the newsletter mailing. Data subjects can withdraw their consent towards the controller at any time and informally with effect for the future.

• Registration on the website

Processing purpose and legal basis: This website offers users the option to voluntarily register in order to use additional functions and services (Article 6(1)(a) GDPR). The data provided by the user is processed exclusively in connection with the use of the respective offer or service and any changes thereto. Data subjects can withdraw their consent towards the controller at any time and informally with effect for the future.

• Meetings

Processing purpose and legal basis: This website uses the Microsoft Bookings service of the provider Microsoft Ireland Operations Limited in Dublin, Ireland, for the purpose of allowing the user to voluntarily arrange a meeting with the controller (Article 6(1)(a) GDPR). The connection to the service is only established when the user accesses the online booking function on the website. Data subjects can withdraw their consent towards the respective controller at any time and informally with effect for the future.

Recipient: Microsoft Ireland Operations Limited in Dublin, Ireland

The controller points out that users use this application and its function on their own responsibility. The provider’s terms of use and privacy policies apply. Information on what data the provider processes and for what purposes they are used can be obtained from Microsoft’s Privacy Policy at https://www.microsoft.com/en-gb/privacy/privacystatement.

4. Social media

Processing purposes and legal basis: The controller uses and links to social networks to inform users about the company, its services, and job vacancies and to read and respond to messages from users, which users voluntarily send directly to the controller via the respective service (legitimate interest pursuant to Article 6(1)(f) GDPR).

Personal data may be processed in the context of postings if the controller has the consent of the data subject (Article 6(1)(a) GDPR). Data subjects can withdraw their consent towards the controller at any time and informally with effect for the future.

The controller currently uses and links to the following services:

• YouTube of the provider Google Ireland Limited in Dublin, Ireland,
• Facebook and Instagram of the provider Meta Platforms Ireland Limited in Dublin, Ireland,
• LinkedIn of the provider LinkedIn Ireland Unlimited Company in Dublin, Ireland,
• XING of the provider New Work SE in Hamburg, Germany

The controller points out that users visit the websites of the above-mentioned providers, use their applications, or register with them on their own responsibility. The respective provider’s terms of use and privacy policies apply. Information on what data the respective provider processes and for what purposes it is used can be obtained from the respective privacy policies. The controller has no influence on the content and scope of use of the data collected by the respective provider.

5. Transfer to third countries

GMC-Instruments GmbH will only transfer data to third countries outside the EU if the requirements for this, according to Article 44 et seq. GDPR, are met.

6. Rights

• Subject to legal restrictions and any exceptions to the contrary, the data subject has the following rights towards the controller:

• • right to confirmation and right of access (Article 15 GDPR);
  • right to rectification (Article 16 GDPR);
  • right to erasure (Article 17 GDPR);
  • right to restriction of processing (Article 18 GDPR);
  • right to data portability (Article 20 GDPR),
  • right to object (article 21 GDPR);
  • right to withdraw any data protection-related consent (Article 7(3) GDPR)
  • right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR).
• Without prejudice to any other regulatory or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement if the data subject believes the processing of their personal data infringes the GDPR (Article 77(1) GDPR).

Accordingly, if data subjects have any concerns, questions or complaints, they have the possibility to contact the controller

GMC-Instruments GmbH
Suedwestpark 15
90449 Nuremberg
Germany
Phone: +49 911 252661-0
Fax: +49 911 252661-881
E-mail: info@gmc-i.com,

the data protection officer (see Section 1 above), or a data protection supervisory authority at any time. The data protection supervisory authority responsible for GMC-Instruments GmbH is

Bayerisches Landesamt für Datenaufsicht (BayLDA)
Promenade 18
Postfach 1349
91504 Ansbach
Germany
Phone: +49 981 180093-0
Fax: +49 981 180093-800
E-mail: poststelle@lda.bayern.de
Internet: www.lda.bayern.de

For a list of all German supervisory authorities, please refer to: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

For a list of all supervisory authorities of the EEA states, please refer to:
https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.

For the Swiss supervisory authority, please refer to:
https://www.edoeb.admin.ch/edoeb/en/home.html.

Further information on data protection at GMC-Instruments GmbH and the other group companies can also be obtained from the privacy policy of GMC-Instruments GmbH.

Nuremberg, 13 November 2024 (V02)
GMC-Instruments GmbH