In this document we hereby inform you about the collection of personal data in the use of our website. Personal data are all data which are personally related to you, for example, name, address, email addresses, user behaviour. We have undertaken extensive technical and operational safeguards in order to protect your data from accidental or intentional manipulations, loss, destruction or from access by unauthorised persons. Our security procedures are reviewed regularly and adjusted to take any technological advances into account.
1 Controller for data processing
The controller pursuant to the General Data Protection Regulation (GDPR) Article 4 (7) is THIMM Group GmbH + Co. KG, Breslauer Str. 12, 37154 Northeim, Germany
Tel.: +49 5551 703 0
2 How to contact the data protection officer
You can contact our data protection officer at firstname.lastname@example.org or via our mailing address marked “The Data Protection Officer”.
3 Your rights
In relation to us you have the following rights regarding your personal data:
3.1 General rights
You have the right of access, rectification, erasure, of restriction of processing, of objection to the processing and of data portability. Provided that the processing is based on your consent, you have the right to withdraw consent from us with future effect.
3.2 Rights regarding data processing according to legitimate interest
You have the right pursuant to GDPR Article 21 (1) on grounds relating to your particular situation, to object at any time to processing of personal data concerning you which is based on GDPR Article 6 (1) (e) (data processing in the public interest) or on GDPR Article 6 (1) (f) (data processing to protect a legitimate interest) and this also applies to profiling based on these provisions. In the event of your objection, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
3.3 Rights relating to direct marketing
Where we process your personal data for direct marketing purposes, you shall have the right pursuant to GDPR Article 21 (2) to object at any time to the processing of personal data concerning you for such marketing purposes and this also applies to profiling to the extent that it is related to such direct marketing.
In the event that you object to the processing for direct marketing purposes, we shall no longer process your personal data for these purposes.
3.4 Right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with the responsible data protection supervisory authority about the processing of your personal data.
4 Collection of personal data in the use of our website
If you use our website for informational purposes only, in other words, if you do not register on the site or transfer information to us in any other way, we only collect the personal data that your browser transmits to our server. If you want to view our website we collect the following data which are required technically by us in order to display our website to you and to ensure the stability and security. The legal basis for this is GDPR Article 6 (1)(f).
IP address, date and time of the query, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, transferred data volume, referrer website of the enquiry, browser, operating system and its interface, language and version of the browser software.
The data are also deleted after a statistical evaluation and then only used to improve the attractiveness, content and functionalities of our websites.
5 Making contact by email or contact form
If you contact us by email or via a contact form the data that you share with us (your email address, if applicable your name, telephone number and your postal address) will be saved by us so that we can answer your questions. If we ask for inputs from you via our contact form which are not required solely for the purpose of making contact, we always mark these as optional. These details are used by us to learn more about your query and to improve our processing of your issue. The communication of these data is expressly voluntary and is provided with your consent as stated in GDPR Article 6 (1)(a). To the extent that here it is a question of information regarding communications channels (for instance, email address, telephone number) you also consent that we can also contact you via these communications channels in order to answer your issue. You can of course withdraw your consent for the future at any time. An email to the email address email@example.com suffices here.
We erase any data that occurs in this context once their storage is no longer required, or we restrict the processing in the case of statutory retention obligations.
6 Newsletter and press distribution list
6.1 General information
With your consent in accordance with GDPR Article 6 (1)(a), you can subscribe to our Newsletter and/or our press distribution list through which we inform you about our current offers, seminar dates and/or press releases.
For registration to our Newsletter or press distribution list we use the double opt-in procedure. This means that after your registration we send an email to you to the specified email address in which we request confirmation that you wish to be sent the Newsletter.
We also save the IP addresses you used and the times of the registration and the confirmation. The purpose of the procedure is to prove your registration and, if applicable, clarify a possible misuse of your personal data.
Mandatory inputs for the sending of the Newsletter are your salutation, name and email address. After your confirmation we save these data for the purpose of sending the Newsletter with a personal form of address. The legal basis for this is GDPR Article 6 (1)(a).
Mandatory inputs for participation in the press distribution list are your salutation, name and email address, your medium/editorial department and your business telephone number.
You can withdraw your consent for the sending of the Newsletter or the participation in the press distribution list at any time and deregister for the Newsletter or press distribution list. You can state the withdrawal by clicking on the link provided in every email or by sending an email to firstname.lastname@example.org.
7 Participation in prize draws
If you participate in prize draws we collect the data required to conduct the prize draw. Generally these data include an individual prize draw entry (e.g. a comment or a photo) as well as name and contact details. It could happen that we forward these data to our prize draw partners, e.g. for them to send you a prize. The data processing and data forwarding may vary depending on the prize draw and it is therefore described specifically in the respective participation conditions. Participation in a prize draw and the associated data collection is of course voluntary. The legal basis for the data processing is your consent in accordance with GDPR Article 6 (1)(a). Your data are erased after the completion of the prize draw.
8 Job applications
You may apply for a job with our company via electronic means, in particular via email or a web form. We shall of course only use your data to process your application and they shall not be forwarded to third parties. Please note that any emails sent unencrypted are not transmitted with access-protection.
If you have applied for a specific job and this position has already been filled or if we consider that another job is equally or even better suited to you, then we would be pleased to forward your application within the company. Please inform us if you do not consent to this forwarding.
Your personal data will be erased immediately upon completion of the application procedure, or after a maximum of 6 months unless you have expressly given your consent for a longer storage period for your data or if a contract has been concluded. The legal basis for this is GDPR Article 6 (1) (a)(b)(f) and the German Data Protection Act (BDSG) Article 26.
9 Use of social media plugins
This website uses social media plugs in of the provider(s)
As standard these plugins normally collect data from you and transmit these to the servers of the respective provider. In order to guarantee the protection of your privacy we have undertaken technical measures which ensure that your data cannot be collected by the operators of the respective plugins without your consent. When accessing a website where the plugins are incorporated they are initially deactivated. Only by clicking on the respective symbol are the plugins activated and you hereby give your consent that your data is transferred to the respective provider. The legal basis for the use of plugins is GDPR Article 6 (1) (a) and (f).
After activation these plugins also collect personal data such as your IP address and send these to the server of the respective provider where they are saved. When accessing the website concerned, the activated social plugins also set a cookie with a unique identifier. This also enables the providers to create profiles about your user behaviour. This also occurs if you are not a member of the social network of the respective provider. If you are a member of the social network of the provider and you are logged into the social network during your visit to this website, your data and information about the visit to this website can be linked with your profile on the social network. We have no influence on the specific extent of the data collected by the respective provider. Please consult the privacy policies of the respective social network providers for more information on the extent, type and purpose of the data processing and the rights and settings options for the protection of your privacy. These can be retrieved at the following addresses:
When you use our website cookies are saved on your computer. Cookies are small text files that are stored on your hard disk and assigned to the browser you use and through which information flows to the cookie setter. Cookies cannot run programs or transfer viruses to your computer. They serve to make our website more user-friendly and effective.
This website uses the following types of cookies and their extent and function are explained in more detail below:
10.1 Transient cookies
These cookies are deleted automatically when you close the browser. This cookie type includes session cookies in particular. These save a Session-ID through which different requests from your browser are assigned to the entire session. This means that your computer is recognised again when you return to our website. The session cookies are deleted when you log out or close the browser.
10.2 Persistent cookies
These cookies are automatically deleted after a specified period that can differ depending on the cookie. You can delete the cookies at any time in the safety settings of your browser.
10.3 Flash cookies
Flash cookies used are not collected by your browser but through your Flash plugin. We also use HTML5 storage objects which are stored on your device. These objects save the requisite data, regardless of the browser you used and they have no automatic expiry date. If you do not want processing by Flash cookies you must install the relevant Add-On, e.g. “Better Privacy” for Mozilla Firefox or the Adobe-Flash-Killer-Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by setting Private Mode in your browser. We also recommend that you manually delete your cookies and your browser history regularly.
10.4 Prevention of cookies
You can configure your browser settings according to your own wishes and for example you can reject acceptance of third-party cookies or all cookies. We do advise, however, that then you may not be able to use the full functionality of this website.
10.5 Legal bases and storage period
The legal bases for any possible processing of personal data and their storage periods vary and are stated in the sections below.
11 Website analyses
For the purposes of analysis and optimisation of our websites we use a range of services which are specified below. This enables us, for instance, to analyse how many users visit our site, which information is the most requested or how users find our website. We also collect data about the website from which a data subject arrived at a specific web page (known as referrer), which sub-pages of the website were accessed or how often and for what period a sub-page was viewed. This helps us to design and improve our website offers to be more user-friendly. The data collected here are not used to identify individual users personally. Anonymous or at most pseudonymous data is collected. The legal basis for this is GDPR Article 6 (1) (f).
11.1 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Usage includes the Universal Analytics operating mode. This enables data, sessions and interactions over several devices to be assigned to a pseudonymous User-ID and thereby to analyse the activities of a user across several devices.
13 Data transfer
Data is in principle not forwarded to third parties unless we are under a legal obligation to do so, or if the data forwarding is required for the execution of the contractual relationship or you have previously expressly consented to the forwarding of your data.
External service providers and partner companies such as online payment providers or the shipping company commissioned to make the delivery shall only receive your data to the extent they are required for handling your order. In these cases the extent of the transmitted data is restricted to the requisite minimum. If our service providers come into contact with your personal data, we ensure within the framework of contract data processing pursuant to GDPR Article 28 that they comply with data protection legislation in the same way. Please also observe the respective privacy notices of the provider. The respective service provider is responsible for the content of external services whereby to the extent that this is reasonable we undertake a verification of the services for compliance with statutory requirements.
14 Data Security
We have undertaken extensive technical and operational safeguards in order to protect your data from accidental or intentional manipulations, loss, destruction or from access by unauthorised persons. Our security procedures are reviewed regularly and adjusted to take any technological advances into account.
Status: May 2018