Data protection regulations

Privacy Statement

Privacy Statement

1. Introduction

The following information is designed to provide you, as the “data subject”, with an overview of the processing of your personal data by us and your rights in accordance with data protection laws. The use of our websites is generally possible without having to enter any personal data. If, however, you would like to use certain services provided by our company via our website, processing of personal data may be required. If processing of personal data is required and there is no legal basis for such processing, we will always ask for your consent.

Processing of personal data, e.g. your name, your address or email address, always complies with the General Data Protection Regulation (GDPR) and with country-specific data protection regulations applicable to “Hermann Sewerin GmbH”. This Privacy Statement has been designed to provide you with information about the extent and purpose of the personal data collected, used and processed by us.

As the data controller, we have implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as seamlessly as possible. However, online data transmission may have security gaps, meaning absolute protection cannot be guaranteed. You are therefore welcome to submit personal data using alternative methods, such as by phone or post.

You, too, can take measures that are easy to implement in order to protect yourself from unauthorised third parties accessing your data. We would therefore like to give you some suggestions on how you can handle your data securely:

l Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.

l Do not share your passwords with anyone.

l Make sure you use each password for one account only (login, user or customer account).

l Do not use the same password for different websites, applications or online services.

l The following applies in particular to the use of publicly accessible IT systems or those used together with other people: Make sure you log off again after logging in to any website, application or online service.

Passwords should consist of at least 12 characters and should not be easy to guess. You should therefore not use common everyday words, your own name or the names of relatives. Instead, a password should contain upper-case and lower-case letters, numbers and special characters.

2. Controller

In accordance with GDPR, the Controller is:

Hermann Sewerin GmbH

Robert-Bosch-Straße 3, 33334 Gütersloh, Germany

Telephone: + 49 (0) 52 41/ 9 34- 0

Fax: + 49 (0) 52 41/ 9 34- 444

Email: info@sewerin.com

Representatives of the Controller: Dr. Dipl.-Phys. Swen Sewerin, Dipl.-Wirt.-Inf. Benjamin Sewerin

3. Data Protection Officer

You can contact the Data Protection Officer as follows:

Thomas Otten

Telephone: 05221 87292-08

Fax: 05221 87292-49

Email: datenschutz-sewerin@audatis.de

Please feel free to contact our Data Protection Officer at any time if you have any questions or suggestions relating to data protection.

4. Definitions

This Privacy Statement is based on the definitions used by the European body for issuing directives and regulations when the General Data Protection Regulation (GDPR) was issued. Our Privacy Statement has been designed to be easy to read and understand by the public as well as our customers and business partners. To ensure this, we would initially like to explain the terms used.

In our Privacy Statement, we are using the following terms, for example:

1. Personal data

Personal data includes all information referring to an identified or identifiable individual person. An individual person is regarded as identifiable who can, directly or indirectly, be identified, in particular using association with an identifier such as a name, with an identification number, with location information, with an online code or with one or several special features that are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this individual person.

2. Data subject

The data subject is any identified or identifiable individual person whose personal data is processed by the controller (our company).

3. Processing

Processing includes any operation carried out with or without the help of automated procedures or any set of operations associated with personal data, such as the collection, recording, organisation, structuring, storage, adjustment or change, reading, querying, use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

4. Limiting processing

Limiting processing means highlighting stored personal data with the goal of limiting future processing.

5. Profiling

Profiling is any kind of automated processing of personal data which uses this personal data to evaluate personal aspects associated with an individual person, in particular to analyse or predict aspects relating to work performance, economic status, health, personal preferences, interests, reliability, behaviour, location or change of location of this individual person.

6. Pseudonymisation

Pseudonymisation refers to processing of personal data in a way in which the personal data cannot be associated with a specific data subject without using additional data as long as this data is stored separately and is subject to technical and organisational measures which guarantee that the personal data cannot be associated with an identified or identifiable individual person.

7. Processor

The processor is an individual person or legal entity, authority, institution or other body that processes data on behalf of the controller.

8. Recipient

The recipient is an individual person or legal entity, authority, institution or other body to which personal data is disclosed, regardless of whether this is a third party or not. However, authorities receiving personal data as part of a specific investigation order in accordance with European Union law or the law of the Member States are not regarded as recipients.

9. Third parties

A third party is an individual person or legal entity, authority, institution or other body, not including the data subject, the controller, the processor and people that are authorised to process personal data under the direct responsibility of the controller or processor.

10. Consent

Consent is any indication of wishes voluntarily and unequivocally provided by the data subject, based on sufficient information, for a specific case in the form of a statement or any other clear confirming action by which the data subject expresses that he or she agrees to the processing of personal data.

5. Legal basis for processing

Art. 6 (1)(a) GDPR (in connection with § 25 (1) TTDSG) is our company’s legal basis for processing operations where we request consent for a certain processing purpose.

If processing of personal data is required to fulfil a contract to which you are a contractual party, which is the case for processing operations required for the delivery of goods or the provision of other services or return services, processing will be based on Art. 6 (1)(b) GDPR. The same applies to processing operations required to carry out pre-contractual measures, such as in the case of enquiries relating to our products or services.

If our company is subject to a legal obligation making processing of personal data necessary, such as the fulfilment of tax responsibilities, processing will be based on Art. 6 (1)(c) GDPR.

In rare cases, processing of personal data may be required to protect the vital interests of the data subject or another individual person. This would be the case, for example, if a visitor is injured at our premises and therefore his or her name, age, health insurance data or other vital information has to be disclosed to a doctor, hospital or any other third party. In this case, processing will be based on Art. 6 (1)(d) GDPR.

Ultimately, processing operations can be based on Art. 6 (1)(f) GDPR. Processing operations will be based on this legal basis if they are not included in any of the previously mentioned legal bases, if processing is required to protect the legitimate interest of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the data subject outweigh this. This type of processing operation has been permitted in particular because it has been specifically mentioned by the European Legislator. The European Legislator believes that legitimate interest can be assumed when you are a customer of our business (Recital 47 (2) GDPR).

Our services are exclusively aimed at adults. Individuals below the age of 16 must not transmit data to us without the consent of a parent or guardian. We do not request personal data from children or young people, we do not collect this data and do not disclose it to third parties.

6. Transmission of data to third parties

Your personal data will not be transmitted to third parties for any other purposes than those stated below.

We will only disclose your personal data to third parties if:

1. you have provided us with express consent in accordance with Art. 6 (1)(a) GDPR;

2. disclosure is permitted in accordance with Art. 6 (1)(f) GDPR to protect our legitimate interest and there is no reason to assume that you have an overwhelming interest in the non-disclosure of your data that needs to be protected;

3. there is a legal obligation for disclosure in accordance with Art. 6 (1)(c) GDPR and

4. this is permitted by law and required for handling contractual relationships with you in accordance with Art. 6 (1)(b) GDPR.

In order to protect your data and to allow data transmission to third countries (outside the EU/EEA), we have signed agreements for order processing on the basis of standard contractual provisions provided by the European Commission. If these standard contractual provisions do not suffice to create an adequate level of security, your consent in accordance with Art. 49 (1)(a) GDPR can be used as the legal basis for transmission to third countries. At times, this does not apply to data transmission to third countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR.

7. Technology

7.1 SSL/TLS encryption

This page uses SSL or TLS encryption in order to guarantee the security of data processing and the protection of the transmission of confidential content, such as orders, login data or contact requests which you submit to us as the operator. You can recognise an encrypted connection because your browser’s address bar has “https://” and the lock icon in the browser line instead of “http://”.

We use this technology to protect your transmitted data.

7.2 Data collection when visiting our website

If you are using our website merely for informational purposes, i.e. if you are not registered or submit information in any other way, we will exclusively collect data that your browser transmits to our server (in what is known as “server log files”). Whenever a page is accessed by you or an automated system, our website will collect a series of general data and information. This general data and information will be stored in the server log files. The following may be recorded:

1. browser types and versions used;

2. the operating system used by the accessing system;

3. the website from which an accessing system is directed to our website (known as referrer);

4. the sub-websites an accessing system is heading for on our website;

5. the date and time the website is accessed;

6. a shortened Internet Protocol address (anonymised IP address) and

7. the internet service provider of the accessing system.

When using this general data and information, we will not draw any conclusions relating to you as an individual. Instead, the information is required to

1. display the content of our website correctly;

2. optimise the content of our website and its advertising;

3. guarantee the permanent functionality of our IT systems and the technology of our website and

4. provide law enforcement authorities with the information required for prosecution in the event of a cyber attack.

The data and information collected are assessed by us statistically on the one hand, and, on the other hand, with the goal of increasing privacy and data security in our company to ensure an ideal level of security for the personal data processed by us. The anonymous data within the server log files is stored separately from any personal data provided by a data subject.

The legal basis for data processing is Art. 6 (1)(f) GDPR. Our legitimate interest is based on the purposes listed above for data collection.

7.3 Encrypted payment transactions

If, following the completion of a fee-based contract, you have to submit your payment data (e.g. disclosing your account number when providing a direct debit authorisation), this data will be required for processing the payment.

Payment transactions via the usual payment methods (Visa/MasterCard or direct debit) will always be encrypted via SSL or TLS. You can recognise an encrypted connection because your browser’s address bar changes from “http://” to “https://” and shows the lock icon in the browser line.

We use this technology to protect your transmitted data.

7.4 Hosting by Mittwald

Our website is hosted by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (Mittwald in the following).

When you visit our website, your personal data (e.g. IP addresses in log files) will be processed on Mittwald’s servers.

The assignment of Mittwald is based on Art. 6 (1)(f) GDPR. We have a legitimate interest in our website being displayed, provided and protected as reliably as possible.

We have signed a contract for order processing (AVV) in accordance with Art. 28 GDPR with Mittwald. This is a contract specified by data protection regulations ensuring that Mittwald will process the personal data provided by our website visitors in accordance with our instructions and complying with the GDPR.

Please see www.mittwald.de/datenschutz for further information about Mittwald’s Privacy Policy.

8. Cookies

8.1 General information about cookies

Cookies are small files automatically created by your browser which are stored on your IT system (laptop, tablet, smartphone or similar) when you visit our website.

Cookies store information associated with the specific end device used. However, this does not mean that we will receive information about your identity.

The use of cookies is designed to make your experience of our services better. We use what is known as session cookies to detect that you have already visited certain pages of our website. They are automatically deleted when you leave our website.

In addition, we use temporary cookies to optimise the user experience. These will be stored on your end device for a certain period. If you visit our website again to use our services, we will automatically detect that you have previously visited us and which data you have entered as well as which settings you have configured so that you do not need to carry out these tasks again.

We also use cookies to record statistics about the use of our website and to evaluate our services for the purpose of optimisation. When you return to our website, these cookies allow us to detect automatically that you have previously visited. These cookies will be deleted automatically after a defined period. Please see the Consent Tool settings for the storage duration of these cookies.

8.2 Legal basis for the use of cookies

The data processed by cookies, which is necessary for the proper functioning of our website, is required to protect our legitimate interest as well as that of third parties in accordance with Art. 6 (1)(f) GDPR.

For all other cookies, we require your consent via our opt-in cookie banner in accordance with Art. 6 (1)(a) GDPR.

8.3 Klaro Consent Manager (Consent Management Tool)

Klaro is a free open-source tool that can help you to manage your consent for this website in an intuitive as well as user-friendly way while complying with data protection. The project initiator of this technology is KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin, Germany.

Only once you have agreed to the use of cookies in the “opt-in” process, a Klaro! cookie (“klaro”) will be stored in your browser, saving the consent given by you or the revocation of your consent.

This data will not be disclosed to the Klaro! developer. The data collected will be stored until you delete the Klaro! cookie or when the purpose of this data storage is no longer applicable. Mandatory legal retention periods will not be affected. Please see heyklaro.com for details on data processing via Klaro! cookies.

You can access the Klaro Consent Manager at any time to check, update or reset your settings.

9. Website content

9.1 Data processing for opening a customer account and for contract processing

Personal data is collected and processed in accordance with Art. 6 (1)(b) GDPR when you submit it to us to fulfil a contract or to open a customer account. The type of data collected will be evident from the relevant input form. You can delete your customer account at any time, for example, by sending a message to the controller’s address specified above. We will store and use the data submitted by you for contract processing. After the contract has been completed or your customer account has been deleted, your data will be locked, taking tax and commercial retention periods into consideration, and will be deleted when these periods have expired unless you have given express consent for the further use of your data or we reserve the right to further data use as permitted by law, of which we will notify you accordingly.

9.2 Data processing for order processing

As part of contract processing, personal data collected by us will be disclosed to the shipping company commissioned by us with delivery if this is required to deliver goods. As part of payment processing, we will disclose your payment data to the commissioned financial institution if this is required for payment processing. If payment service providers are used, we will notify you explicitly of this fact. The legal basis for the disclosure of your data is Art. 6 (1)(b) GDPR.

9.3 Contact/contact form

When you contact us (e.g. via our contact form or email), personal data is collected. The type of data collected when using a contact form will be evident from the relevant contact form. This data will be used exclusively to respond to your enquiry or for contacting you and the technical administration associated with this process. The legal basis for data processing is our legitimate interest in responding to your enquiry in accordance with Art. 6 (1)(f) GDPR. If your reason for contacting us is to enter into a contract, the additional legal basis for processing is Art. 6 (1)(b) GDPR. Once we have completed dealing with your enquiry, your data will be deleted. This will be the case when circumstances indicate that the subject matter has been concluded and there are no conflicting legal retention obligations.

9.4 Vacancy management/job portal

We will collect and process personal data provided by applicants to deal with the application process. Processing can also take place electronically. This will be the case in particular if an applicant submits application documentation electronically, e.g. by email or via an online form on our website. If we sign an employment or service contract with an applicant, the data submitted will be stored to process the employment relationship, taking legal stipulations into consideration. If no contract is signed with the applicant, the application documentation will be deleted automatically two months after the rejection has been announced unless we have conflicting legitimate interest. Legitimate interest in this sense constitutes an obligation of proof in a procedure in accordance with the General Equal Treatment Act (AGG).

The legal basis for processing your data is Art. 88 GDPR in connection with § 26 (1) BDSG (Federal Data Protection Act).

9.5 Facebook Connect

You can log in to our website to create a customer account or to register via what is known as single-sign-on technology using the “Facebook Connect” social plugin provided by Facebook, the social network, which is operated by Meta Platforms Inc. (previously Facebook Inc.), 1 Hacker Way, Menlo Park, CA 94025, USA (“Meta”) if you have a Facebook profile. You can recognise “Facebook Connect” social plugins on our website by the blue button with the Facebook logo and the label “Mit Facebook anmelden” or “Connect with Facebook” or “Log in with Facebook” or “Sign in with Facebook”.

If you access one of our online pages that contains such a plugin, your browser will establish a direct connection to Meta’s servers. The plugin content will be submitted to your browser directly by Facebook and embedded into the page. This incorporation provides Facebook with the information that your browser has accessed the relevant online page, even if you do not have a Facebook profile or you are not logged in to Facebook at that time. This information (including your IP address) will be transmitted directly by your browser to a Meta server in the US and stored there. These processing operations will only take place if you have provided us with express consent in accordance with Art. 6 (1)(a) GDPR.

Using this “Facebook Connect” button on our website, you also have the option to log in to or register on our website with your Facebook user data. Only in the event that you give your express consent in accordance with Art. 6 (1)(a) GDPR before the login process based on a relevant notice about the exchange of data with Facebook, will we receive the general and publicly accessible information stored in your profile when you use the “Facebook Connect” button, depending on the privacy settings configured by you on Facebook. This information includes your user ID, name, profile picture, age and gender.

We would like to point out that, following a change in privacy conditions and user conditions by Facebook, when you have given your consent, transmission of your friends’ profile pictures as well as their user IDs and your list of friends may also be transmitted if this has been marked as “public” in your privacy settings on Facebook. The data transmitted by Facebook (title, first name, last name, address details, country, email address, date of birth) will be stored and processed by us so we can create a user account for you with the required data if you have authorised this on Facebook. In turn, based on your consent, data can also be transmitted by us to your Facebook profile (e.g. information about your browsing or purchasing behaviour).

You can revoke your consent at any time by sending a message to the controller mentioned at the beginning of this Statement.

For the purpose and extent of data collection and the further processing and use of your data by Facebook as well as your associated rights and setting options to protect your privacy, please see Facebook’s Privacy Notice: www.facebook.com/policy.php 

This US company has been certified within the scope of the EU-US Data Privacy Framework. This means an adequacy decision in accordance with Art. 45 GDPR exists so that transmission of personal data is permitted without further guarantees or additional measures.

Processing of personal data via the Facebook button will only take place if you have given your express consent in accordance with Art. 6 (1)(a) GDPR.

If you do not want Facebook associating the data collected via our website with your Facebook profile, you have to log out of Facebook before visiting our website. You can also completely prevent loading of Facebook plugins via add-ons for your browser, e.g. using “Adblock Plus” (https://adblockplus.org/de/).

10. Sending newsletters

10.1 Sending newsletters to regular customers

If you have provided us with your email address when buying goods or services, we will reserve the right to regularly email you offers from our range relating to similar goods or service to those you have purchased. In accordance with § 7 (3) UWG (Unfair Competition Act), we do not need your consent for this. Data processing will take place exclusively based on our legitimate interest in personalised direct advertising in accordance with Art. 6 (1)(f) GDPR. If you have initially objected to the use of your email address for this purpose, we will not send you emails. You have the right to object to the use of your email address for the specified advertising purpose at any time with future effect by sending a message to the controller mentioned above. You will merely incur communication costs at the basic rates. Once your objection has been received, the use of your email address for advertising purposes will be stopped immediately.

10.2 Advertising newsletters

Our website gives you the option to subscribe to our company’s newsletter. The type of personal data transmitted to us when subscribing to the newsletter will be evident from the input screen.

We notify our customers and business partners at regular intervals about our offers via a newsletter. You can only receive our company’s newsletter if

1. you have a valid email address and

2. you have registered to receive the newsletter.

For legal reasons, as part of the double-opt-in procedure, a confirmation email will be sent to the email address you specified when signing up to receiving newsletters. This confirmation is designed to check whether you, as the owner of the email address, have authorised the receipt of newsletters.

When you subscribe to our newsletter, we will also store the IP address issued by your Internet Service Provider (ISP) for the IT system used at the time of registration as well as the date and time of your registration. Collection of this data is required to trace any (potential) misuse of your email address at a later stage and is therefore used for our legal safeguarding.

The personal data collected when subscribing to our newsletter is exclusively used to send our newsletter. Newsletter subscribers can also be notified by email if this is required for the operation of the newsletter service or related registration, which may be the case in the event of changes to the newsletter offer or changes in technical conditions. Personal data collected for newsletter services will not be disclosed to third parties. You can cancel your newsletter subscription at any time. You can, at any time, revoke your consent for the storage of your personal data given to us for the purposes of sending you our newsletter. There is a link in every newsletter to unsubscribe from our newsletters. You also have the option to unsubscribe from our newsletters on our website or to notify us in another way.

The legal basis for data processing so newsletters can be sent is Art. 6 (1)(a) GDPR.

10.3 Newsletter tracking

Our newsletters contain what is known as tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format to allow recording and analysis of log files. This allows us to carry out statistical assessment of the success or failure of online marketing campaigns. Using the embedded tracking pixel, the company can determine whether and when an email was opened by you and which links from the email were accessed by you.

This personal data collected via tracking pixels included in newsletters is stored and evaluated by us to optimise sending of newsletters and to be able to adapt the content of future newsletters more effectively to your interests. This personal data will not be disclosed to third parties. Data subjects have the right to revoke their consent separately given via the double-opt-in procedure at any time. After revocation, this personal data will be deleted by us. Unsubscribing from our newsletters is automatically understood as a revocation.

This type of evaluation will take place in particular in accordance with Art. 6 (1)(f) GDPR based on our legitimate interest in inserting personalised advertising, market research and/or the needs-based design of our website.

10.4 MailChimp

Our email newsletters are sent by the technical service provider Intuit Inc., The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, to which we will disclose your data that you have submitted when you subscribe to our newsletter. This disclosure takes place within the scope of order processing by MailChimp. Please note that your data will usually be transmitted to and stored in a MailChimp server in the US.

MailChimp uses this information to send and statistically evaluate the newsletters on our behalf. For this evaluation, the emails contain what is known as web beacons or tracking pixels that make up one-pixel image files stored on our website. We can then determine whether a newsletter message was opened and which links were clicked. Furthermore, technical information is recorded (e.g. the time of access, IP address, browser type and the operating system). This data is exclusively used for the statistical analysis of newsletter campaigns. The results of these analyses can be used to adapt future newsletters more effectively to the interests of their recipients.

The assignment of the service provider for sending newsletters is based on Art. 6 (1)(f) GDPR and an order processing contract according to Art. 28 GDPR. The legal basis for processing your personal data in connection with the newsletter is your consent given as part of the “double-opt-in” procedure in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time.

Furthermore, MailChimp itself can use the data in accordance with Art. 6 (1)(f) GDPR based on its own legitimate interest in needs-based development and optimisation of its services as well as for market research, for example, to determine which countries recipients are from. However, MailChimp does not use the data provided by our newsletter recipients to contact them or to disclose them to third parties.

If you would like to object to the data processing specified, you must unsubscribe from the newsletter.

Please see the following link for MailChimp’s Privacy Policy: mailchimp.com/legal/privacy/ 

11. Our activities in social networks

We are represented in social media networks so we can communicate with you there, too, and provide information about our services. When you visit one of our social media pages, we are jointly responsible for data processing along with the provider of the relevant social media platform in accordance with Art. 26 GDPR based on the processing operations this triggers.

We are not the original provider of these pages but we merely use them as part of the options provided to us by the relevant provider.

As a precaution, we would therefore like to point out that your data may be processed outside the European Union or the European Economic Area. Use of these pages may therefore be associated with privacy risks because the protection of your rights, e.g. to information, erasure, objection etc., may be more difficult, and data processing in social networks often takes place for advertising purposes or for the analysis of user behaviour by the provider without us being able to influence this. If the provider creates user profiles, cookies are often used or user behaviour is associated with the member profile created by you in the social network.

The processing operations relating to personal data take place in accordance with Art. 6 (1)(f) GDPR based on our legitimate interest and the legitimate interest of the relevant provider in being able to communicate with you promptly and provide information about our services. If you have to provide consent to the relevant provider for the processing of your user data, the legal basis will be Art. 6 (1)(a) GDPR in connection with Art. 7 GDPR.

We do not have access to the providers’ databases. We would therefore like to point out that you should ideally enforce your rights (e.g. to information, rectification, erasure etc.) with the relevant provider. We have listed further information about the processing of your data in social networks with the relevant providers of social networks used by us:

11.1 LinkedIn

(Co-) Controller for data processing in Europe:

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Privacy Statement:

www.linkedin.com/legal/privacy-policy 

11.2 XING (New Work SE)

(Co-) Controller for data processing in Germany:

New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Privacy Statement:

privacy.xing.com/de/datenschutzerklaerung 

Requests for information by XING members:

www.xing.com/settings/privacy/data/disclosure 

12. Web analysis

12.1 Google Analytics Universal

We use Google Analytics on our website, a web analysis service provided by Google Ireland Limited (https://www.google.de/intl/de/about/), Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). In this context, pseudonymised user profiles are created and cookies used (see Item “Cookies”). The information created by the cookie relating to your use of this website, such as

1. browser type/version,

2. the operating system used,

3. the referrer URL (page visited before),

4. the host name of the accessing computer (IP address) and

5. time of the server request,

is transmitted to and stored in a Google server in the US. The information is used to evaluate website use, to create reports about website activities and to provide additional services related to website use and internet use for the purposes of market research and the needs-based design of these websites. This information may also be disclosed to third parties if this is legally stipulated or if third parties process this data on our behalf. Under no circumstances will your IP address be associated with any of your other data by Google. IP addresses are anonymised so that no association is possible (IP masking).

You can prevent the installation of cookies using the relevant browser software settings. However, we would like to point out that in this case, you may not be able to use all the website functions fully.

These processing operations will only take place if you have provided us with express consent in accordance with Art. 6 (1)(a) GDPR.

You can also prevent the collection of data created by the cookie which is related to your website use (including your IP address) as well as the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As a US business, the parent company Google LLC has been certified within the scope of the EU-US Data Privacy Framework. This means an adequacy decision in accordance with Art. 45 GDPR exists so that transmission of personal data is permitted without further guarantees or additional measures.

For Google Analytics’ Privacy Policy, please see support.google.com/analytics/answer/6004245;

13. Plugins and other services

13.1 Google Photos

We use the service Google Photos provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to store pictures that are embedded in our homepage.

Embedding means the integration of certain external content (text, video or image data) provided by another website (Google Photos) which then appears on our own website. An embedding code is used for this process. If an embedding code is used by us, the external content provided by Google Photos is displayed by default as soon as you visit one of our pages.

Your IP address is transmitted to Google Photos via the technical implementation of the embedding code which allows the display of Google Photos images. Google Photos also records our website, the browser type used, the browser language as well as the time and length of the visit. Furthermore, Google Photos can record information about which of our sub-pages you have visited and which links you have clicked as well as other interactions by you when visiting our website. This data may be stored and evaluated by Google Photos.

These processing operations will only take place if you have provided us with express consent in accordance with Art. 6 (1)(a) GDPR.

For Google’s Privacy Policy, please see www.google.com/policies/privacy/. 

13.2 Google Tag Manager

We use the Google Tag Manager service on this website. Google Tag Manager’s operating company is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google Group of Companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

With the help of this tool, “website tags” (i.e. keywords embedded in HTML elements) can be implemented and managed using an interface. By using Google Tag Manager, we can trace automatically which button, link or personalised image you have actively clicked so we can then record which of our online content is of particular interest to you.

The tool also triggers other tags which, in turn, may also collect data. Google Tag Manager does not access this data. If you have enforced deactivation at domain or cookie level, it will remain for all tracking tags implemented via Google Tag Manager.

These processing operations will only take place if you have provided us with express consent in accordance with Art. 6 (1)(a) GDPR.

For further information about Google Tag Manager or Google’s Privacy Policy, please see www.google.com/intl/de/policies/privacy/. 

13.3 Google WebFonts

For the uniform display of typefaces, our website uses what is known as WebFonts. Google WebFonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google Group of Companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

These processing operations will only take place if you have provided us with express consent in accordance with Art. 6 (1)(a) GDPR.

For further information about Google WebFonts or Google’s Privacy Policy, please see developers.google.com/fonts/faq; www.google.com/policies/privacy/. 

13.4 YouTube videos with advanced privacy mode (YouTube-NoCookies)

Some of our sub-pages contain links or connections to YouTube services. As a basic rule, we are not responsible for web content we are linking to. If you are following a link to YouTube, we would like to point out that YouTube stores and uses user data in accordance with its own Privacy Policy (e.g. personal information, IP address).

YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

We directly embed videos stored on YouTube in some of our sub-pages. With this integration, YouTube website content is displayed in some sections of a browser window. If you access a (sub-) page of our online services where YouTube videos are embedded, a connection to the YouTube servers is established, thus displaying the content on the website by transmitting it to your browser.

The integration of YouTube content can only take place in the “advanced privacy mode”. YouTube itself provides this and ensures that YouTube does not initially store any cookies on your device. When accessing the relevant pages, however, the IP address and potentially other data are transmitted which provides information about which of our pages you have visited. But this information cannot be associated with you unless, before accessing the page, you have logged in to YouTube or another Google service or you are permanently logged in. As soon as you start to play an embedded video by clicking on it, YouTube will store only those cookies on your device that do not contain personally identifiable data because of the advanced privacy mode, unless you are logged in to a Google service at the time. These cookies can be prevented by using the relevant browser setting and extensions.

Requesting the video is regarded as your consent for the relevant cookie being stored (Art. 6 (1)(1)(a) GDPR).

For YouTube’s Privacy Policy, please see www.google.de/intl/de/policies/privacy/. 

14. Your rights as the data subject

14.1 Right to confirmation

You have the right to request confirmation from us whether personal data relating to you is being processed.

14.2 Right to information Art. 15 GDPR

You have the right to obtain, at any time, information free of charge about the personal data stored about you as well as a copy of this data in accordance with legal stipulations.

14.3 Right to rectification Art. 16 GDPR

You have the right to request the rectification of incorrect personal data relating to you. You also have the right to request the completion of incomplete personal data, taking the reasons for processing into consideration.

14.4 Erasure Art. 17 GDPR

You have the right to request that personal data relating to you be erased immediately if one of the legally stipulated reasons exists and if processing or storage is not required.

14.5 Restriction of processing Art. 18 GDPR

You have the right to request the restriction of processing if one of the legal stipulations exists.

14.6 Data portability Art. 20 GDPR

You have the right to receive the personal data relating to you, which was provided to us by you, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to which this personal data was provided, if processing is based on the consent in accordance with Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR or on a contract in accordance with Art. 6 (1)(b) GDPR and processing takes place using automated procedures, if processing is not required to carry out a task within the public interest or takes place to exercise official authority vested in us.

Additionally, when exercising your right to data portability in accordance with Art. 20 (1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and this does not adversely affect the rights and freedoms of others.

14.7 Objection Art. 21 GDPR

You have the right to object at any time to the processing of personal data related to you on grounds relating to your particular situation which takes place in accordance with Art. 6 (1)(e) (data processing based on public interest) or (f) GDPR (data processing based on balancing of interest).

This also applies to profiling based on these stipulations in accordance with Art. 4 (4) GDPR.

If you object, we will no longer process your personal data, unless we can prove expressly justifiable reasons for processing which outweigh your interests, rights and freedoms or if processing is designed to assert, exercise or defend legal claims.

In individual cases, we will process personal data for direct advertising. You can object at any time to the processing of personal data for the purposes of this type of advertising. This also applies to profiling if it is associated with this type of direct advertising. If you object to processing for the purposes of direct advertising, we will no longer use your personal data for this purpose.

You also have the right, on grounds relating to your particular situation, to object to the processing of personal data related to you which we carry out for scientific or historical research purposes or for statistical purposes in accordance with Art 89 (1) GDPR, unless this type of processing is required to carry out a task in the public interest.

You are free to exercise your right to object using automated procedures where technical specifications are used in connection with the use of services provided by the information society, notwithstanding Directive 2002/58/EC.

14.8 Revocation of privacy consent

You have the right to revoke consent for processing personal data at any time with future effect.

14.9 Complaining to a supervisory authority

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

15. Routine storage, deletion and locking of personal data

We will only ever process and store your personal data for the period required to fulfil the storage purpose or if this is specified by legal stipulations to which our company is subject.

If the storage purpose is no longer applicable or a specified storage period has elapsed, personal data is routinely locked or deleted in accordance with legal stipulations.

16. Storage duration of personal data

The criterion for the storage duration of personal data is the relevant legal retention period. After this period has elapsed, the relevant data is deleted routinely unless it is required for the fulfilment or initiation of a contract.

17. Validity of and changes to the Privacy Statement

This Privacy Statement is currently valid and was last updated in December 2023.

When we further develop our website and our services, or based on changed legal or official stipulations, we may have to modify this Privacy Statement. You can access and print out the current Privacy Statement at any time via our website at “https://www.sewerin.com/datenschutzbestimmungen”.

This Privacy Statement was created using the following privacy software: audatis MANAGER.