Legal

Data Protection Declaration

A. Website Privacy Statement

B. Data Protection Directive for Social Media Appearances

C. Data Protection Information for Applicants

 

A. Website Privacy Statement

We process personal data (hereinafter referred to as “data“) of the user only for the purpose of hosting a functional and convenient website and disclosing our contents and services.

The term “process“ shall include collect, use, disclose and/ or store. In principal, “personal data” – pursuant to the General Data Protection Regulation (hereinafter referred to as “GDPR”) – shall be considered as all data enabling the identification of a natural person. The precise definitions of the terminology are set out in Article 4 GDPR.

The text presented below constitutes in particular the nature, extent, purpose, duration and the legal basis for processing personal data whereby the purpose and the means of processing personal data is determined by us alone or jointly with others as is the usage of possible third-party components which are applied for optimization and improvement of quality in use – the respective third parties process data solely on their own responsibility.

_________________________________________

I. Information on the responsible entity
II. Rights of the user
III. Information relating to data processing
_________________________________________

I. Information on the responsible entity

Pursuant to the GDPR and other national member states` laws of data protection respectively any other legal protection regulation, the responsible entity (hereinafter referred to as “provider“) is:

 

Uebler GmbH
Daimlerstraße 22
91301 Forchheim
Deutschland

Phone: +49 (0) 9191 7362-0
Fax: +49 (0) 9191 7362-77
E-Mail: info@uebler.com

 

The external data protection officer of the responsible entity is:

Killian Hedrich
c/o DatCQ GbR
Alexander F. Bräuer, Killian Hedrich
and Frank Weiß
Katharinenstraße 16
73728 Esslingen

Phone: +49 (0)711/ 93277955
Fax: +49 (0)711/ 93277956
E-Mail: dsb@datcq.de

 

II. Rights of the user

With regard to the processing of personal data, reproduced below by the provider, the user shall obtain the following rights:

1. The right to obtain confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, detailed information on these data as well as further information and copies of the data in accordance with Article 15 GDPR.

2. The right to obtain rectification of inaccurate personal data concerning him or her respectively the right to have incomplete personal data completed without undue delay in accordance with Article 16 GDPR.

3. The right to obtain the erasure of personal data concerning him or her without undue delay in accordance with Article 17 GDPR respectively, if further processing is necessary, as laid out in Article 17 GDPR paragraph 3, the user shall have the right to obtain restriction of data processing in accordance with Article 18 GDPR.

4. The right to receive the personal data concerning him or her which he or she has provided in accordance with Article 20 GDPR as well as the right to transmit those data to other responsible entities.

5. The right to lodge a complaint with the supervisory authority in accordance with Article 77 GDPR, in case the users considers that the processing of their personal data by the provider infringes the General Data Protection Regulation.

6. The right to object, at any time, to the future processing of their personal data by the responsible entity which is based on point (f) of Article 6 (1) in accordance with Article 21 GDPR. This objection may in particular be raised to the processing of their data for the purpose of direct marketing.

7. Furthermore the provider is obliged to communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 (1) and Article 18 GDPR to each recipient to whom the personal data has been disclosed. This obligation does not exist if it proves impossible or involves disproportionate effort. The customer shall be informed on disclosures of these recipients.

 

III. Information relating to data processing

Where detailed information on data processing has not been provided hereafter, the user data being processed by the provider shall be erased or locked as soon as the purpose of storing is no longer available and where there is no other legal ground for retaining the respective data.

Server data

Among others, the following data which is submitted to the provider respectively the webspace provider by the internet browser of the user is collected for communications and safety reasons during a visit to the website (so-called server log files):

– Browser type and version;
– Used operating system;
– Website from which the user visited the providers website (Referrer URL);
– Website which is visited by the user;
– Date and time of access;
– Internet protocol (IP) address of the user.

Furthermore, the data are temporarily stored. The data are not retained in combination with other personal data of the user. The legal basis for the temporary storage is Article 6 paragraph 1 (f) GDPR being based on the legitimate interest in improving the stability, functionality and safety of the website.

The data are deleted after a period of no more than seven days. Data which need to be retained due to the purpose of providing proof are excluded from erasure until the incident has finally been clarified.

 

Cookies

1. Cookies

The provider uses so-called cookies on his website. Cookies are small text files or other storage technologies which are placed on the terminal device and stored by the user’s internet browser. These cookies process, within an individually defined scope, certain information from the user, such as browser and location data as well as IP address values.

The processing allows the provider to operate his website in a more user-friendly, effective and safer manner.

“Persistent“ cookies are used by the website to recognize the users via their browser when they are promptly revisiting the website for not having to redisplay the already given information respectively setting.

The processing is justified by the legitimate interest of the provider to optimize the functionalities of the website as well as by regulatory compliance and is based on Article 6 paragraph 1 (f) GDPR.

The “session” cookies are deleted as soon as the users close their browser. The “persistent” cookies are automatically deleted after 12 months. This period varies depending on the respective cookie, but will not exceed a period of 12 months.

 

2. Third-party cookies

The provider`s website may also use third-party cookies. These third-parties are partner companies of the provider with the objective of cooperating with regard to arising advertising, analysing or functionality tasks of the website. If this is the case, the purpose and legal basis of the respective processing is cited in the following provisions.

 

3. Erasure possibilities

The user may prevent or restrict the installation of cookies via a respective setting of the browser. Already stored cookies may also be deleted at any time. The settings which are required for this purpose depend on the respective browser. If flash cookies are used, processing cannot be prevented via browser settings but via the respective flash player setting. If the user prevents or restricts the installation of the cookies, the user may not be able to completely utilize all functions of the website.

 

Contact requests

If the user wishes to establish a contact with the provider – via contact form or e-mail – the personal data which is entered by the user on this occasion is used for processing the request. Entering the data is necessary for replying to inquiries, if the data are not entered, the reply will either be impossible or only to a limited extent.

If the purpose of the contact request is to fulfill a contract or to implement pre-contractual measures, the legal basis shall be Article 6, paragraph 1 (f) GDPR.

The data of the user are deleted without undue delay once the inquiry of the user has been conclusively replied to and deletion is not prevented by the legal obligation to retain it for other purposes, such as subsequent contract administration.

The legal basis may also be the user’s consent in accordance with Article 6, paragraph 1 (a) GDPR. In the context of the contact form the user may be asked to express consent to the aforementioned processing and reference shall be made to this data protection declaration.

The users shall have the right to withdraw their consent to creating a customer account at any time by notifying the provider in accordance with Article 7, paragraph 3 GDPR. The personal data processed in this context are deleted as soon as processing is no longer necessary.

 

Google Maps

The provider uses the component “Google Maps” of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”, for providing directions to the site respectively displaying nationwide dealers.

When visiting a site with the “Google Maps” component, a connection to a server at Google is established for displaying the map. Through this connection, Google can recognize from which website a request is sent and to which IP address the display of the directions is transmitted.

The legal basis shall be in accordance with Article 6 paragraph 1 (a) GDPR. The users can revoke their consent for the future at any time by changing the settings of the cookies on the website according to Article 7 paragraph 3 GDPR.

However, data protection authorities currently don’t consider the USA to have an adequate level of data protection. Though, so-called standard contractual clauses exist between the provider and Google:

privacy.google.com/businesses/compliance/

However, these are private law agreements and therefore have no direct impact on the access possibilities of the authorities in the USA.

The use of “Google Maps” and the information obtained via “Google Maps” is subject to the Google Conditions of Use as well as the additional terms and conditions for Google Maps.

Google provides further information, in particular on the options for preventing the use of data, under the following links:

https://policies.google.com/privacy

 

 

Google Tag-Manager

The provider uses the Google Tag Manager for the integration of various functions on the website. The Google Tag Manager is a product of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.
The sole function of the Google Tag Manager is to import certain contents onto the provider’s website and to enable the provider to manage these functions on an interface provided by Google.
When visiting the website, these functions are therefore loaded by a Google server, which may also be located in the USA. The server must process the IP address of the user in order to transmit these functions.
The corresponding functions are listed below in the provider’s privacy policy. Any consent not granted by the user for these functions will also be observed when using the Google Tag Manager.

However, data protection authorities currently don’t consider the USA to have an adequate level of data protection. Though, so-called standard contractual clauses exist between the provider and Google:

privacy.google.com/businesses/compliance/
However, these are private law agreements and therefore have no direct impact on the access possibilities of the authorities in the USA.

The legal basis shall be in accordance with Article 6 paragraph 1 (f) GDPR. The legitimate interest of the provider is justified by the optimization and economical operation of the website.

 

 

Social Media Integration

On the website the provider uses a link to the social networks listed below. The legal basis is laid out in Article 6, paragraph 1 (f) GDPR. The legitimate interest of the provider is justified by improving the quality in use of the website.

The plugins are integrated via a linked graphic. The users are only redirected to the service of the respective social network if they click on the corresponding graphic.
After the customer has been redirected, information about the user is collected by the respective network. First of all, this is data like the IP address, date, time and visited page. If the user is logged into the user account of the respective network, the network operator may be able to assign the collected information of the specific visit of the user to the personal account of the user. If the user interacts via a “Share” button of the respective network, this information can be stored in the user’s personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to its user account, the user must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.

The following social networks are linked by the provider:

Facebook – Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Privacy policy: https://www.facebook.com/policy.php

 

YouTube

For displaying video sequences on this website, the provider uses a tool of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.
The legal basis is laid out in Article 6, paragraph 1 (a) GDPR. The user can revoke the consent to this for the future at any time by setting the cookies on the website in accordance with Article 7, paragraph (3) GDPR. The provider uses YouTube with the “extended data protection mode” option offered by YouTube.

When visiting a website with an embedded video, a connection to the Google servers in the USA is established which then instruct the user’s browser to display the content on the internet. For this purpose, Google processes at least the user’s IP address, date and time as well as the visited website. This also leads to a connection with the Google Double-Click advertising network. If the user is logged-in to YouTube at the same time, the connection information is assigned to the user’s member account at YouTube.

However, data protection authorities currently don’t consider the USA to have an adequate level of data protection. Though, so-called standard contractual clauses exist between the provider and Google:

privacy.google.com/businesses/compliance/
However, these are private law agreements and therefore have no direct impact on the access possibilities of the authorities in the USA.

According to Google, there is no information about users stored on the website if you are in the “enhanced privacy mode” unless they watch the embedded video.
If the users want to prevent the direct allocation of the collected information to their user account by Google, the users need to log-out of YouTube before visiting the provider’s website. In addition, there is the option of configurating the user account accordingly.
Google uses permanent cookies in order to be able to allow functionality and analysis.

In case the user does not consent to the processing, the user may prevent the installation of these cookies via a respective setting of the browser. For more details, please refer to the aforementioned chapter “cookies”.

More information on the exaltation and usage of the data through Google, as well as the respective rights and possibilities for protecting the user’s privacy can be found in the privacy statements of Google:
https://policies.google.com/privacy

 

B. Data Protection Directive for Social Media Appearances

So-called social media platforms are used by us for endorsing our products and services as well as for communicating with interested parties or costumers.

The text presented below provides you in particular with information regarding the nature, scope, purpose and duration as well as the legal ground for the processing of personal data during a visit to one of our company presentations on a social media platform or in case you are contacting us via such a platform.

The term “processing” shall specifically include the collection, use, distribution and/ or storage. Pursuant to the General Data Protection Regulation (hereinafter referred to as “GDPR”) the term “personal data” shall in principle include all data which may be used for the identification of a natural person.

The precise definitions of the terminology are set out in Article 4 GDPR.

_________________________________________

I. Information on the joint responsible entity
II. Rights of the user
III. Information on data processing
_________________________________________

I. Information on the joint responsible entity

The joint entity responsible for all below mentioned social media platforms shall be

Uebler GmbH
Daimlerstraße 22
91301 Forchheim
Deutschland

Tel: +49 (0) 9191 7362-0
Fax: +49 (0) 9191 7362-77
E-Mail: info@uebler.com
– hereinafter referred to as “provider –

together with the respective below mentioned platform operator in accordance with Article 26 GDPR.

 

The external data protection officer of the responsible entity is:

Killian Hedrich
c/o DatCQ GbR
Alexander F. Bräuer, Killian Hedrich
and Frank Weiß
Katharinenstraße 16
73728 Esslingen

Tel. +49 (0)711/ 93277955
Fax: +49 (0)711/ 93277956
E-Mail: dsb@datcq.de

_________________________

Facebook and Instagram

With respect to the social media platform facebook and instagram the provider shall share joint responsibility with

Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland

The data protection supervisor of facebook may be reached via a contact form

www.facebook.com/help/contact/540977946302970

The joint responsible entities have defined the respective obligations regarding the GDPR in an agreement which can be obtained via the following link:

www.facebook.com/legal/terms/page_controller_addendum

_________________________

II. Rights of the user

Notwithstanding the details of this agreement, you may assert your rights in accordance with the framework of the GDPR towards each individual responsible entity.

With regard to the processing of personal data, reproduced below by the responsible entity, the user shall obtain the following rights:

1. The right to obtain confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, detailed information on these data as well as further information and copies of the data in accordance with Article 15 GDPR.

2. The right to obtain rectification of inaccurate personal data concerning him or her respectively the right to have incomplete personal data completed without undue delay in accordance with Article 16 GDPR.

3. The right to obtain the erasure of personal data concerning him or her without undue delay in accordance with Article 17 GDPR respectively, if further processing is necessary, as laid out in Article 17 GDPR paragraph 3, the user shall have the right to obtain restriction of data processing in accordance with Article 18 GDPR.

4. The right to receive the personal data concerning him or her which he or she has provided in accordance with Article 20 GDPR as well as the right to transmit those data to other responsible entities.

5. The right to lodge a complaint with the supervisory authority in accordance with Article 77 GDPR, in case the users considers that the processing of their personal data by the provider infringes the General Data Protection Regulation.

6. The right to object, at any time, to the future processing of their personal data by the responsible entity which is based on point (f) of Article 6 (1) in accordance with Article 21 GDPR. This objection may in particular be raised to the processing of their data for the purpose of direct marketing

7. Furthermore the provider is obliged to communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 (1) and Article 18 GDPR to each recipient to whom the personal data has been disclosed. This obligation does not exist if it proves impossible or involves disproportionate effort. The customer shall be informed on disclosures of these recipients.

III. Information on data processing

The below-mentioned social media platforms are used by the provider for endorsing its products and services as well as for communicating with interested parties or costumers.

The legal ground for processing the respective personal data on the below-mentioned social media platforms shall be Article 6 paragraph 1 (f) GDPR and shall apply to each reproduction. The legitimate interest of the provider is justified by the analysis, communication, sale and promotion of its products and services.

The consent of a user which is given to the platform operator in accordance with Article 6 paragraph 1 (a) GDPR may also be the legal ground for personal data processing. The users shall have the right to withdraw their consent with future effect at any time by notifying the platform operator in accordance with Article 7 paragraph 3 GDPR.

Facebook and Instagram

When visiting the online presentation of the provider which is appearing on a facebook and instagram platform, Facebook Ireland Ltd., as the provider of both platforms in the EU, processes user data (such as personal information, IP address etc.).

These user data allow the provider to obtain statistical information on the visits of his company presence on facebook and instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as for creating user profiles. These profiles can then, for example, be used by Facebook Ireland Ltd to provide customer-based advertisement on and off facebook and instagram. If the users are logged in to their facebook or instagram account during a visit, Facebook Ireland Ltd may furthermore link the data with the respective user account.

If the user contacts the provider via facebook or instagram, the respectively communicated personal user data are used to process the query. The data of the user are deleted by the provider without undue delay as soon as the query is conclusively answered and deletion is not prevented by the legal obligation to retain it for other purposes, such as subsequent contract administration.

Facebook Ireland Ltd might also use cookies for data processing.

In case the user does not consent to the processing, the user may prevent the installation of these cookies via a respective setting of the browser. Already stored cookies may also be deleted at any time. The settings which are required for this purpose depend on the respective browser. If flash cookies are used, processing cannot be prevented via browser settings but via the respective flash player setting. If the user prevents or restricts the installation of the cookies, the user may not be able to completely utilize all facebook or instagram functions.

Detailed information on data processing, measures to prevent data processing and deleting data which are processed by Facebook Ireland Ltd may be found in the privacy policy guidelines of facebook or instagram:

www.facebook.com/privacy/explanation

help.instagram.com/519522125107875

It cannot be excluded that processing by Facebook Ireland Ltd. or by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 also takes place in the USA.

 

C. Data Protection Information for Applicants

_________________________________________

I. Information on the responsible entity
II. Rights of the user
III. Information relating to data processing
_________________________________________

I. Information on the responsible entity

The responsible entity for data collection and data processing relating to job applications is:

Uebler GmbH
Daimlerstraße 22
91301 Forchheim
Germany

Tel: +49 (0) 9191 7362-0
Fax: +49 (0) 9191 7362-77
E-Mail: info@uebler.com

 

The external data protection officer of the responsible entity is:

Killian Hedrich
c/o DatCQ GbR
Alexander F. Bräuer, Killian Hedrich
and Frank Weiß
Katharinenstraße 16
73728 Esslingen

Tel.: +49 (0)711/ 93277955
Fax: +49 (0)711/ 93277956
E-Mail: dsb@datcq.de

 

II. Rights of the user

Any person concerned shall have the right to have access to the personal data concerning them, the right of rectification of inaccurate data as well as the right of erasure, based on reasons in accordance with Article 17 GDPR if, for example, further processing of the data is no longer necessary for the pursued objective. Furthermore, the user shall have the right to obtain restriction of data processing if one of the conditions set out in Article 18 GDPR is fulfilled as well as the right to transmit those data to other responsible entities in accordance with Article 20 GDPR.

In addition, the concerned entity shall have the right to object, at any time, to the future processing of personal data – in particular if the objection is based on a legitimate interest in accordance with point (f) of Article 6 (1) GDPR. An informal notification of opposition mailed to info@uebler.com is sufficient. The data of the user are deleted without undue delay once the notification of opposition is received and deletion is not prevented by the legal obligation to retain it for other purposes or by the legitimate interest in an appropriate legal defense.

Any person concerned shall have the right to file a complaint with the relevant regulatory authority if they hold the opinion that the processing of their data violates any data protection regulations. This right of appeal shall in particular be asserted before the regulatory authority of the member state of the concerned person’s residence or workplace or place of suspected infringement.

III. Information relating to data processing

 

Application process

The recruiters (human resources department, head of department) process the data of the applicant which are required for the application and which are made available for this purpose by the applicant. This includes contact details, all data being relevant to the application (curriculum vitae, certificates, qualifications, responses to questions etc.) and any other data referring to bank details (for reimbursing travel expenses), if applicable. These data shall be collected and processed solely for the purpose of application management.

The legal basis shall be § 26 paragraph 1 S. 1 BDSG in accordance with Article 88, paragraph 1 GDPR.

The application data are treated confidentially.

Service providers who might, for example, assist in the areas of personnel selection, IT or archiving and deleting documents and who are bound by instructions might be employed under certain circumstances on the basis of separate contracts.

The data are deleted once it is no longer necessary to store the data, respectively once the legitimate interest in storing data has lapsed – if the deletion is not prevented by the legal obligation to retain it for other purposes.

If no employment contract is concluded, the deletion takes place at regular intervals, at the latest six months after the application procedure is completed.

In some cases, individual data are stored for a longer period of time (e.g. for reimbursing travel expenses).

The duration of the data storage is subject to statutory retention provisions.

Consent to an extended storage of the data

If the application continues to be of interest, although no employment contract is concluded, the applicant’s data are only further processed if the applicant grants the expressed permission to do so.

If such express consent is granted by the applicant, the application data will be retained in the internal application pool for a period of one year after the application procedure is completed.

At the end of this period the application data are deleted.

The legal basis for the aforementioned processing is point (a) of Article 6 (1) GDPR, respectively point (a) Article 9 (2) GDPR. This consent may be revoked with future effect at any time by informally notifying us in accordance with Article 7, paragraph 3 GDPR.