DATA PROTECTION

As the data controller we have prepared this privacy notice to inform you in accordance with the requirements of the EU General Data Protection Regulation 2016/679 (GDPR) about the nature, scope and purpose of the processing of personal data in relation to the services we offer on our website.

I. DEFINITION OF TERMS

1. „Controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

2. „Personal data“ means any information relating to an identified or identifiable natural person („data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

3. „Processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

4. „Recipient“ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

5. „Union“, „EU“ or „Member State“ means the European Union or a member state of the Union.

II. GENERAL INFORMATION

1. The data controller

DMT Produktentwicklung GmbH
Carl-Benz-Straße 24
71154 Nufringen
Germany
Telephone: +49 7032 89436-0
Telefax: +49 7032 89436-20
E-Mail: info[at]dmtpe.com

2. Contact details of the Data Protection Officer

OBSECOM GmbH
Königstr. 40
70173 Stuttgart
Germany
Telephone: +49 711 46 05 025-40
Fax: +49 711 46 05 025-49
E-Mail: dmtpe[at]obsecom.eu
Website: https://www.obsecom.eu

3. Legal bases

We process personal data based on at least one of the following legal bases:

• The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Art. 6 (1)(a) GDPR);

• Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) GDPR);

• Processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 (1)(c) GDPR);

• Processing is necessary in order to protect the vital interests of the data subject or of another natural person (Art. 6 (1)(d) GDPR);

• Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (Art. 6 (1)(f) GDPR)

In this privacy policy we refer to the respective legal basis of the individual data processing operations.

4. Onward transfer of personal data

We forward personal data to recipients (data processors or other third parties) only to the extent required and only if one of the subsequent conditions are met:

• the data subject has consented to the data transfer;

• the onward transfer is required to fulfil a contractual obligation or pre-contractual measure on the request of the data subject;

• we are obliged by law to make such a transfer;

• The onward transfer is made on the basis of our legitimate interest or those of a third party.

5. Third countries

The transfer of personal data to a third country or an international organisation outside the EU or the European Economic Area (EEA) is subject to legal or contractual permission only in accordance with the provisions under Art. 44 et seq. GDPR. Pursuant to Art. 45 GDPR an adequacy decision of the EU commission must be present for the respective country, or appropriate safeguards for data privacy under Art. 46 GDPR, or Binding Corporate Rules under Art. 47 GDPR must exist. In individual cases, a data transfer may be permitted on the basis of an exception under Art. 49 GDPR.

We may use on our website external services provided by organisations based in the USA. If these services are active, personal data is collected in connection with the provision of the relevant service and may be transferred to and stored on servers in the USA. The European Court of Justice considers the USA to have an inadequate level of data protection. When data is transferred to the US, there is a fundamental risk that the US authorities may access and use the data for surveillance and monitoring purposes without notification and without the possibility of a legal remedy.

6. Rights of data subjects

As a data subject you have the following right:

• Pursuant to Art. 15 GDPR to request information about your personal data processed by us. You may also request information regarding the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored or the criteria used to determine that period, the data source (where personal data is not collected from you), the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing; the existence of the right to request rectification or erasure of data concerning you, the right to restrict processing or to object to such processing, the right to lodge a complaint with a supervisory authority. Finally, you have a right to know whether personal data has been transferred to a third country or to an international organisation, and, if so, the appropriate safeguards relating to this transfer;

• Pursuant to Art. 16 GDPR to demand the immediate rectification of inaccurate personal data and to have incomplete personal data which is stored by us completed;

• Pursuant to Art. 17 GDPR to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of a legal claim.

• Pursuant to Art. 18 GDPR to request the restriction of the processing of your personal data if the accuracy of the personal data is contested by you; the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead; we no longer need the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims; you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether our legitimate grounds override your interests;

• Pursuant to Art. 20 GDPR to receive your personal data, which you have provided for us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller;

• Pursuant to Art. 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes and the legal basis for processing is our legitimate interests pursuant to Art. 6 (1)(f) GDPR;

• Pursuant to Art. 7 (3) GDPR to withdraw your consent given to us at any time. As a result, we are no longer allowed to continue to process the data that was based on this consent in the future;

• Pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. A list of contact details of the data protection officers and supervisory authorities can be found on this website: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

If you wish to assert the data subject rights mentioned above, you can contact us or our data protection officer at any time using the contact details above.

7. Erasure and restriction of personal data

Unless otherwise provided for in this privacy notice, personal data will be deleted, if this data is no longer necessary in relation to the purposes for which they were collected or otherwise processed and the deletion does not conflict with statutory retention requirements. In addition, we will erase the personal data processed by us in accordance with Art. 17 GDPR on your request, if the conditions provided therein are met. If personal data are required for other lawful purposes, they will not be erased, but their processing will be restricted in accordance with Art. 18 GDPR.

In case of restriction, the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons. For example, data must be kept for 6 years pursuant to Section 257 (1) Nos. 2 and 3 German Commercial Code (HGB) and Section 147 (1) Nos. 2, 3, 5 German Tax Code (AO); data must be kept for 10 years pursuant to Section 257 (1) Nos. 1 and 4 HGB and Section 147 (1) No. 1, 4, 4a AO.

8. Cookies

Our website uses cookies. Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, PC, etc.) when you visit our website. Cookies do no harm to your device, nor do they contain any viruses or other malicious software. The cookie stores information which is created in relation to the specific device you are using. However, this does not mean that we become immediately aware of your identity. Cookies are mainly used to make the website more user-friendly, effective and secure.

Most browsers accept cookies automatically. However, if you do not wish to accept cookies, you can configure your browser so that no cookies are stored on your device or a message is displayed before new cookies are created. Information on how to remove cookies in Internet Explorer / Edge, please refer to: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies. Information on the removal of cookies in Firefox, please refer to: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectlocale=en-US&redirectslug=delete-cookies-remove-info-websites-stored. Learn how to remove cookies in Safari here: https://support.apple.com/en-gb/guide/safari/sfri11471/mac.

A general objection to the use of cookies used for online marketing purposes can be made for a variety of services, as explained at http://www.youronlinechoices.com/ or the opt-out page of the Network Advertising Initiative http://optout.networkadvertising.org. However, disabling cookies may mean that you may not be able to use all the features of our website.

The data processed by necessary cookies is required for the above-mentioned purposes to safeguard our legitimate interests and those of third parties in the provision and operation of our website under Art. 6 (1) lit. f GDPR in connection with section 25 (2) No. 2 TDDDG.

The legal basis for the use of cookies for advertising and market research is your voluntarily given consent under Art. 6 (1) lit. a GDPR. In this context, if information is stored or read on your device (for example, cookies or other device properties), this is done on the basis of Section 25(1) TDDDG.

III Individual processing operations

1. Hosting

In order to make our website available, we use services provided by hosting companies, such as: Provision of web servers, disk space, database services, and security or maintenance services. Here we, or our hosting providers, process personal data of website visitors based on our legitimate interests in providing efficient and secure access to our website in accordance with Art. 6 (1)(f) GDPR.

2. Access data and log files

By visiting our website or its individual pages, your device“s internet browser automatically sends information to the server of our website. This information is stored in so-called log files by us or our hosting provider and will be deleted after 6 Months at the latest.

The following information is stored:

• IP address of the requesting computer;

• Date and time of access;

• Name and URL of the requested file;

• Website from which our site was accessed (Referrer-URL);

• The browser used and your computer“s operating system;

• Status codes and the transferred amount of data;

• Name of your access providers.

This data will be used for the following purposes:

• The provision of our website, including all of its features and contents;

• To ensure a smooth connection to our website;

• To ensure a more user-friendly experience on our website;

• To ensure system security and stability;

• For anonymised statistical evaluation of website access;

• To optimise our website;

• For disclosure to law enforcement authorities in the event of unlawful interference / attacks on our systems;

• For further administrative purposes.

The legal basis for data processing is Art. 6 (1)(f) GDPR. Our legitimate interest relates to the data collection purposes mentioned above. Under no circumstances will we use the personal data collected for the purpose of drawing conclusions about a person.

3. General means of contact

If you contact us using the contact details published on our website (for example, by e-mail) and in this context provide us with personal data, we will use this data to process your request on the basis of Art. 6 (1)(b) GDPR, if your request is related to the performance of a contract or is required to perform pre-contractual action. In all other cases, processing is based on your consent in accordance with Art. 6 (1)(a) GDPR and / or our legitimate interest in the effective processing of requests addressed to us pursuant to Art. 6 (1)(f) GDPR. We will store your personal data until you ask us for deletion, revoke your consent to the storage, or the data are no longer necessary for the purpose for which they were collected (for example, after completion of your request). Mandatory statutory provisions - especially retention periods - remain thereof unaffected.

4. Contact form

If you use our contact form, we will process the data you provide (such as your name, e-mail address and company) in order to contact you and deal with your enquiry. Providing a message is optional, but without it, we may not be able to assist you. Insofar as your enquiry is aimed at concluding a contract or is necessary for this purpose, the legal basis for processing is Art. 6(1)(b) GDPR. Otherwise, processing is based on Art. 6(1)(f) GDPR (our legitimate interest in responding to enquiries). We will delete the personal data collected via the contact form as soon as your enquiry has been processed in full, unless there are legal retention obligations or further storage is necessary for asserting, exercising or defending legal claims, or for documenting subsequent processes (for example, subsequent conclusion of a contract).

5. Job applications

If you send your application to us by e-mail at the address specified in the job advertisement, we will only use the personal data you provide to carry out the application process (for example, to review your application, communicate with you, and decide whether to offer you a job). The legal basis for this is Art. 6(1)(b) GDPR. Application documents will be retained for a period of six months after the end of the application process, taking into account any deadlines under the General Equal Treatment Act (AGG), after which they will be deleted. We will only retain application documents for a further period of up to two years if you have given your prior consent to data storage (Art. 6(1)(a) GDPR). You can revoke your consent at any time, with effect for the future.

6. Electronic signature

We use the external signature service provider FP-Sign for the electronic signature of contractual documents. The provider is Mentana Claimsoft GmbH, Trebuser Str. 47, 15517 Fürstenwalde, Germany (hereinafter "Mentana"). If we ask you to sign a document electronically, we will transmit your surname, first name, e-mail address and, if applicable, cell phone for the purpose of creating a signature request as part of the authentication and verification of signatures. Depending on the associated process, the legal basis for the data transfer is the establishment and execution of the contract in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR or your voluntarily granted consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. The personal data transmitted may be stored by Mentana for further signature requests and to create a signature history. If you do not agree to this storage of your data, please send an email to support@fp-sign.com. Further information on how Mentana handles personal data can be found in the privacy policy at: app.fp-sign.com/docs/mentana/docs/de_DE/datenschutz.pdf

7. Admission ticket / appointment booking for trade fair visits

If you use the registration form so that we can send you an admission ticket for a trade fair visit or you would like to arrange an appointment with us at a trade fair, you will be asked to provide your gender, name, e-mail address and any other contact details so that we can process your request. Further information can be provided voluntarily. Data processing for the purpose of contacting us and processing your request is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntary consent. All personal data collected in connection with the contact form will be deleted after the end of the trade fair event, unless you have consented to further storage for promotional contact by e-mail and telephone.

8. Use of SalesViewer

This website uses SalesViewer. The provider is SalesViewer GmbH, located at Universitätsstraße 60, 44789 Bochum, Germany (hereafter “SalesViewer”). We use SalesViewer for marketing and market research purposes, as well as to optimise our website. SalesViewer will only be activated once you have given your consent in the consent banner. To this end, SalesViewer uses a JavaScript-based code to collect and process company-related data. According to the provider, this data is pseudonymised/encrypted (for example, via hashing) and cannot be used to identify you personally. The legal basis for processing this data is your voluntary consent, under section 25(1) TDDSG and Art. 6(1)(a) GDPR. You can revoke your consent at any time via the 'Cookie settings' with effect for the future. After revocation, SalesViewer will no longer be loaded and no further data will be collected via this service. Any stored data will be deleted as soon as it is no longer required for the aforementioned purposes, provided that there are no legal retention obligations. For further information on how SalesViewer handles your personal data, please refer to the SalesViewer privacy policy at: https://www.salesviewer.com/de/datenschutzerklaerung/.

IV Statistics and analysis

1. Matomo

Our website uses the open-source software Matomo (https://matomo.org/). Matomo collects data about visits to our website. This data is used to ensure that our website meets user needs, is continuously optimised and measures the success of marketing activities, as well as being used for statistical evaluations. The legal basis for the processing of personal data is your voluntary consent under Art. 6(1)(a) GDPR. This information will not be shared with third parties, and under no circumstances will the IP address be linked to other user data. IP addresses are anonymised so that they cannot be assigned to a specific person. Usage and event data are deleted after 26 months. If you have given your consent, further information about the origin of your visit may be collected, merged and statistically evaluated as part of the statistical analysis, for example referrer URL and campaign parameters such as UTM. For more information on how Matomo handles your personal data, please refer to the Matomo privacy policy at: https://matomo.org/privacy-policy/.

V. Google Services

Provider of the services below is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter „Google“).

The information collected by Google in connection with the provision of the respective services may be transferred to and processed by Google servers in the USA and stored there. Google has joined the EU/US Data Privacy Framework and has committed to abide by European data protection standards, thereby meeting the EU“s requirements for the transfer of personal data to the US under Art. 45 GDPR. Information about Google“s voluntary commitment can be found at https://www.dataprivacyframework.gov/participant/5780.

For more information about the processing of personal data by Google, please refer to Google“s privacy policies at: https://business.safety.google/privacy/ and https://policies.google.com/privacy?hl=en. For information on the use of data for advertising purposes by Google, settings and your right to object please refer to: https://www.google.de/policies/privacy/partners/, https://www.google.de/policies/technologies/ads/, https://adssettings.google.de/.

1. Google services for which your consent is required

The legal basis for the use of the following Google services is your voluntarily given consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. The legal basis for the transfer of data to the USA is also your voluntarily granted consent in accordance with Art. 49 (1) (a) GDPR.

The legal basis for the use of the following services is your voluntarily given consent according to Art. 6 (1)(a) GDPR. The legal basis for data transfer to the USA is also your voluntarily given consent in accordance with Art. 49 (1)(a) GDPR.

1.1 Google Ads Remarketing

This website uses Google Ads Remarketing. Ads Remarketing is used to deliver personalized ads to users who have already interacted with our website when they visit another Google website or a website in the Google advertising network. Google uses cookies to identify a web browser on a specific device and to analyse website usage (e.g. which offers a user is interested in) in order to display interest-related advertising to users on other pages after they have visited our website. For more information about what other criteria Google uses to personalise advertisements, please refer to: https://support.google.com/ads/answer/1634057?visit_id=637292785957338239-1447476022&rd=1. This service collects your IP address, which of our websites you have visited and any other data required by Google for the provision of Ads Remarketing. The information collected about your use of this website is stored on a server in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google.

If you use a Google account that is logged in, Google may link your web and app browsing history to your account and uses this information to personalize ads, depending on the settings in your Google account. If you don“t want to have your browsing history linked to your account, you“ll need to sign out before you access our website.

You can also prevent the local storage of cookies by configuring your browser software settings accordingly; however, be advised that in this case you may not be able to use all the features of this website to their full extent. If you do not wish to see personalised ads displayed by Google, you can deactivate this function at http://www.google.com/settings/ads and manage the use of device IDs for the personalisation of advertising via the device settings, see: https://support.google.com/ads/answer/1660762#mob

2. Other Google services

The legal basis for the use of the following services are our legitimate interests according to Art. 6 (1)(f) GDPR. Our legitimate interests are listed below for each service individually.

2.1 reCAPTCHA

Our website uses Google reCAPTCHA to ensure that the forms provided on our website are used by an actual person and are not abused by bots or automated procedures. We use this service in our legitimate interest in the security of our website and the detection of bot activity. This service collects your IP address and any additional data required by Google for providing the reCAPTCHA service. The collected information about your use of this website is stored on servers in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google.

2.2 YouTube

Our website uses media content from the YouTube platform. The purpose is to display content of the YouTube platform that relates to the content of our website. This service collects your IP address and any additional data Google may need to provide the YouTube content. The information gathered about your use of this website is stored on a server in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. If you are logged in to your YouTube account while you are visiting our website, Google can link your visit of our website directly to your YouTube user account. If you do not want Google to be able to associate the data collected on our website with your respective user account on YouTube, you must first log out of YouTube.

VI Links to social media profiles

On our website we refer with hyperlinks to social media profiles in social networks. When you actively click on a link to such a profile, your browser establishes a direct connection with servers of the respective social media network, whereby the provider obtains knowledge of your visit. If you are simultaneously logged in to the respective social network, the provider can assign the visit to the profile to your user account. In this context, personal data may be processed in the USA. For more information on the processing of personal data, please refer to the privacy policy of the respective social media network. The purpose of linking our website to social media profiles is to increase the visibility of our website. Clicking on a social media link takes place on the basis of your voluntary decision in accordance with Art. 6 (1)(a) GDPR. The legal basis for any data transfer to the USA is also your voluntarily given consent according to Art. 49. (1)(a) GDPR.