I. General Data Protection Information of the Zehnder Pumpen GmbH about our data processing according to Article 13, 14 and 21 of the General Data Protection Regulation (GDPR)
1. Mandatory information according to Art. 12 ff. DS-GVO
Zehnder Pumpen GmbH
Zwönitzer Straße 19
08344 Grünhain-Beierfeld (GERMANY)
Phone: +49 (0) 3774 52-100
Fax: +49 (0) 3774 52-150
You can contact our data protection officer at
Consulting company Jens Protze
An der Hauptstraße 4a
04720 Döbeln (GERMANY)
Phone: +49 (0) 3431 605828
We are very pleased about your interest in our company. Data protection is of high importance to the management of Zehnder Pumpen GmbH. Your personal data is thus processed confidentially and in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG-new) as well as other legal regulations for data protection.
Which data will be processed in detail depends primarily on the contents of the contractual and pre-contractual business relation. When you contact us, we will collect the following information:
- Contact person (title, first name, surname),
- Email address(es),
- Phone number (fixed line and/or mobile communication),
- Meta/communication data (e.g. device information, IP addresses) as well as
- Information which is required for the business relation.
2. Where do we get your personal data from?The collection of data takes place generally with you yourself. Processing of your personal data is required to fulfil contractual duties which result from the contract concluded with us. Due to your obligations to cooperate, it is indispensable to provide the personal data requested by us, because otherwise we cannot comply with our contractual duties.
The provision of your personal data is necessary within the framework of pre-contractual measures (e.g. collection of master data within the process of the prospective buyer, reply to inquiries). Should you not provide the requested data, a contract cannot be concluded.
To render our services, it can be necessary to process personal data which we have received permissibly and for the relevant purpose from other companies or other Third Parties, e.g. tax offices, from your and our business partners or similar.
Furthermore, we possibly process personal data from publicly accessible sources, e.g. internet appearances which we utilise permissibly and for the relevant contract purpose only. Moreover, we process personal data which we have obtained or purchased from publicly accessible sources (such as phone directories, commercial and association registers, civil registers, debtors registers, land registers, the press, internet and other media) and which we are allowed to process.
Relevant personal data categories may particularly include:
- Personal data (name, date of birth, place of birth, nationality, family status, profession/industry and similar data),
- Contact data (address, email address, phone number und similar data),
- Address data (reported data and similar data),
- Payment/cover confirmation with bank and credit cards,
- Information about your financial situation (creditworthiness data including scoring, that is data to assess economic risks).
- Data about your usage of telecommunication media offered by us (e.g. time of calling our website, apps or newsletter, clicked pages/links from us or entries and similar data),
- Meta/communication data (e.g. device information, IP addresses)
3. Purposes and legal grounds of data processingWe process your personal data subject to the respectively applicable legal data protection requirements. While doing so, the processing is lawful if at least one of the following conditions is fulfilled:
a) Due to a consent (acc. to Art. 6 para. 1 lit. a GDPR)
The purposes of processing personal data result from the declaration of consent. You can revoke a declaration of consent at any time with future effect. You can also revoke consents which you had declared prior to the application of the GDPR (25-05-2018). Data processing which had taken place prior to the revocation shall remain unaffected by the revocation.
b) To fulfil contractual duties or pre-contractual measures (acc. to Art. 6 para 1, lit b GDPR)
The purposes of data processing result from initiating pre-contractual measures, which precede a contractually regulated business relation on the one hand, and to fulfil the duties from the contract concluded with you on the other hand,
- to be able to identify you as our business partner / contact person,
- to be able to render our services,
- for correspondence with you,
- for invoicing,
- for measures to control and optimise business processes,
- for verifiability of orders and other agreements,
- for ensuring IT safety (inter alia system or plausibility tests),
- to comply with general due diligence obligations,
- to ensure and use domiciliary rights (e.g. through access controls),
- for cost recording and controlling as well as for reporting
- to handle potentially present liability claims as well as to enforce possible claims against you,
The purposes of data processing result from legal requirements or lie in the public interest (e.g. compliance with retention requirements).
d) Within the framework of balancing interests (in acc. to Art. 6 para 1 lit. f GDPR)
The purposes of data processing result from safeguarding our legitimate interests. It may be necessary to process your personal data beyond the actual fulfilment of the contract. This legitimate interest can be used to justify further processing of your personal data, provided that your interests or basic rights or fundamental freedoms do not prevail. The legitimate interest may particularly include in the particular case:
- Revision and improvement of procedures for general business management and further development of products and services
- Advertising, market and opinion research, provided that you did not object to using your data
- Assertion of legal claims and defence in case of legal disputes
- Avert, clarify or prevent offences
- Ensure IT safety and IT operations
- Advice by and data exchange with credit agencies to determine credit and default risks
- due to the special type of storage, the deletion of data is not possible or only with a disproportionately high effort, and processing for other purposes is excluded due to suitable technical and organisational measures.
4. Who will get your personal data?Within our company, those departments get access to your personal data which require them to fulfil the contractual and legal duties and which are entitled to process this data.
Furthermore, we let individual processes and services of the ones stated above carry out by carefully selected and commissioned service providers which have their registered offices in the EU and are in conformity with data protection requirements. These are companies in the categories of IT services, payment transactions, print service providers, logistics, shipment, settlement, debt collection, consultancy, distribution and marketing as well as service providers which we use within the framework of order processing relations.
With regard to data transfer to further recipients, we may pass on your personal data only if legal requirements require us to do this, if you have agreed to this and if we are authorised to pass on that data. If these requirements are fulfilled, recipients of personal data may be, inter alia:
- public bodies and institutions (e.g. financial authorities, social insurance agencies, courts) in case of existence of a legal or official obligation;
- other companies (e.g. credit agencies) or similar institutions to which we transfer personal data to process the business relationship with you.
5. Is your personal data transferred to third countries or international organisations?An active transfer of your personal data to a third country or an international organisation does not take place. Should you wish a transfer of your personal data to a third country or an international organisation on a case-by-case basis or this be required due to a contractual content, we will carry this out only after receiving your written consent.
6. Does automatic decision making including profiling take place?According to Art 22 GDPR, no fully automatic decision making, including profiling, is used to process your personal data.
7. Duration of processing (criteria of deletion)The processing of your personal data takes place for so long as they are required to obtain the contractually agreed purpose - that is basically for so long as the contractual relationship with you exists. After termination of the contract, your personal data is processed for compliance with statutory storage duties or on account of our legitimate interests. After expiry of the statutory storage duties and/or cessation of our legitimate interests, your personal data will be deleted. Probable time of storage duties applicable to us and of our legitimate interests:
- Compliance with storage periods according to commercial and tax laws. The time periods for storage or documentation specified therein are two to ten years.
- Preservation of evidence within the framework of statute of limitation. According to §§ 195 ff. of the German Civil Code, this statute of limitation can be up to 30 years, whereas the regular statute of limitation is three years.
8. What are your rights?
- Right of access acc. to Art. 15 GDPR;
- Right to rectification acc. to Art. 16 GDPR;
- Right to erasure (“right to be forgotten”) acc. to Art. 17 GDPR;
- Right to restriction of processing acc. to Art. 18 GDPR, § 35 German Federal Data Protection Act - new;
- Right to data portability acc. to Art. 20 GDPR;
- Right of appeal with a supervisory body acc. to Art 13 para 2 lit d, 77 GDPR in connection with § 19 German Federal Data Protection Act - new;
- Withdrawing the consent acc. to Art. 7 (3) GDPR as well as
- Right of objection acc. to Art. 21 GDPR:
If you enter an objection, we will not process your personal data any more unless we can prove compelling and legitimate reasons for the processing which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal claims.
We process your personal data also, if necessary, to conduct direct advertising. Provided that you do not want to get advertising, you have the right to enter an objection at any time; this is also applicable for profiling so far as it is in connection with such direct advertising. We will observe this objection in the future.
If you object to the processing for direct advertising purposes, we will then no process the data related to you for these purposes.
The objection can be made without any form requirement and should be directed to:
Zehnder Pumpen GmbH
Zwönitzer Straße 19
08344 Grünhain-Beierfeld (GERMANY)
Phone: +49 (0) 3774 52-100
Fax: +49 (0) 3774 52-150
9. Topicality and modification of this data protection declarationThis data protection declaration as well as our information about data protection are currently valid and have the status of 25th May 2018.
Due to the further development of our offers, including our website, or on account of changed legal or official requirements, they can change from time to time. The current data protection declaration can be called up and printed from our website at https://www.zehnder-pumpen.de/datenschutzhinweise or requested from the responsible body (see above).
II. Supplementary Data Protection Information for our website
1. Collection and storage of personal data as well as type and purpose of their usageIf you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 para 1 sentence 1 lit f GDPR):
- IP address
- Date and time of the inquiry
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Request status/HTTP status code
- the amount of data transmitted
- The website making the request
- Operating system and device
- Language and version of your browser software.
Transient cookies are automatically deleted when you close your browser. These particularly include session cookies. They store a so-called session ID, by means of which different inquiries of your browser can be assigned to the joint session. Thus, your computer can be recognised when you return to our website. The session cookies will be deleted if you log out or close the browser.
Persistent cookies are deleted automatically after a specified time period which can be different depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure the browser setting in accordance with your wishes and reject the acceptance of third party cookies or all cookies. Every browser is different in the type of how it administrates the cookie settings. This is described in the browser’s help menu which explains to you how you can modify your cookie settings. Please note that in this case you may not be able to use all functions of this website.
3. Further functions and offers of our websiteApart from the mere informational usage of our website, we offer you different services which you can use in case of interest. To do so, you must normally provide further personal data which we use to render the relevant service and to which the principles of data processing stated above are applicable.
To some extent, we make use of external service providers to process your data. These service providers have been carefully selected and commissioned by us. They are bound to our instructions and are regularly checked.
If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the
description of the offer.
4. Contact form and registrationIf you let us have inquiries by a contact form, your entries from the inquiry form, including the contact data provided by you therein, will be stored with us for the purpose of processing the inquiry and in the event of follow-up questions. Which personal data is transmitted to the responsible person in the process, results from the relevant input mask which is used for registration.
By registering on the internet page of the person responsible for processing, the relevant person’s IP address assigned by the internet service provider (ISP), the date as well as the time of registration are further stored. The storage of this data takes place against the background of only thus being able to prevent the misuse of our services, and that this data makes it possible to clarify committed offences and copyright infringements in case of need. In this respect, the storage of this data is required to protect the person responsible for processing.
The registration of the relevant person by providing optional details of personal data serves the person responsible for processing to offer contents or services to the relevant person which, due to the nature of the matter, are offered to registered users only. Registered persons shall be free to have completely deleted the personal data specified during registration from the database of the person responsible for processing.
5. Use of web analysis servicesBy using the web analysis service software Matomo (www.matomo.org), a service of the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, (“Matomo“), data is collected and stored on the basis of our legitimate interest in the statistical analysis of the user behaviour for optimisation and marketing services in accordance with Art. 6 para 1 lit f GDPR. For the same purpose, pseudonymised user profiles can be created and evaluated from this data. Cookies may be used for this purpose. Among other things, the cookies make it possible to recognise the internet browser. The data (including your pseudonymised IP address) collected by means of the Matomo technology is processed on our servers. The data generated through the cookie in the pseudonymised user profile are not used to personally identify any visitor to the website and it is not merged with personal data about the bearer of the pseudonym.
If you do not agree with the storage and evaluation of this data from visiting the website, you can then object to it in the following by a mouse click at any time. In this case, a so-called opt-out cookie is placed in your browser which results in the fact that Matomo does not collect any session data. Please note that deleting your cookies in full involves that the opt-out cookie is also deleted and must be newly activated by you, if necessary. Here you can retrieve the status.
6. Integration of Google MapsWe use Google Maps functions on this website. This allows us to display interactive maps directly on the website and enables your convenient use of the map function.
When you visit our website, Google receives the information that you have accessed the corresponding subpage of our website. Moreover, the data stated in the section “Collection of personal data when visiting our website” of this declaration will be transferred. This takes place regardless of whether Google makes available a user account via which you are logged in or no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated to your Google profile, you must first log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or requirements-oriented design of its website. Such evaluation takes place (even for users who are not logged in) in particular for the purposes of providing customised advertising and to inform other social network users about activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
7. YouTubeWe have integrated YouTube videos in our online offer which are stored at http://www.YouTube.com and can be played directly from our website. When you visit our website, YouTube receives the information that you have accessed the corresponding subpage of our website. Moreover, the data stated in the section “Collection of personal data when visiting our website” of this declaration will be transferred. This takes place regardless of whether YouTube makes available a user account via which you are logged in or no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated to your YouTube profile, you must first log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or requirements-oriented design of its website. Such evaluation takes place (even for users who are not logged in) in particular for the purposes of providing customised advertising and to inform other social network users about activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
For more information about the purpose and scope of data collection and its processing by YouTube, please refer to the data protection declaration. There you will also find further information on your corresponding rights and settings options for protecting your privacy: https://www.google.de/intl/en/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
8. Integration of Google Web FontsGoogle Web Fonts are implemented on this website. By means of these fonts, the display of fonts is made possible. When using this website, an external server of Google in the USA is called up due the usage of Google Web Fonts, that is Google is theoretically informed about the offer usage.
The legal basis for processing your data is Art. 6 para 1 sentence 1 lit. f GDPR. Further information on data protection at Google can be found here: http://www.google.com/intl/en/policies/privacy and https://services.google.com/sitestats/en.html.
10. Data securityWithin the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the respectively highest encryption which is supported by your browser.
Generally, it is a 256 bit encryption. If your browser does not support 256 bit encryption, we will draw on the 128-bit v3 technology instead. Whether an individual page of our internet appearance is transmitted encrypted, you can recognise by the representation of the key or padlock symbol in the lower status bar of your browser.
Incidentally, we make use of suitable technical and organisational security measures in order to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by any third party. Our security measures are continuously improved according to the technological development.
III. Supplementary data protection information for applicantsIn the following, we provide you with supplementary data protection information about the collection and processing of your personal data within the framework of the application process.
1. To what extent do we process your data?In the course of the application process, we will exclusively process data which you have provided to us (e.g. name, contact data, curriculum vitae, photo).
2. Which purpose serves the data processing?Personal data which we collect from you is the basis for taking part in the application process. Moreover, by means of the data provided, an evaluation of the suitability of the applicant for the position to be filled shall be possible. Without this data, we cannot take into account your application within the application process.
The permission for data processing to carry out pre-contractual measures is based on Art. 6 para 1 lit b GDPR.
3. Who will receive the data within the framework of processing?Within our company, only those departments and employees will receive your data which or who are involved in carrying out the application process.
Furthermore, a transfer of data, which are relevant in the individual case, to any third party comes into question on the basis of legal provisions or a contractual agreement. This could be order processors such as IT service providers.
4. How long will the data be stored?The storage period of your data is at least the period for the application process. Nevertheless, in case of a rejection, we will delete your data 6 months after sending the rejection letter at the latest.
In case of a successful application, we will store the data in the personnel files for further processing.
Apart from that, we fully refer to our above-mentioned General Data Protection Information and the supplementary Data Protection Information with regard to the usage of our website.