The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws and regulations is:
The data protection officer for Germany is:
Mr. Ingo Wolff
Walbecker Straße 53
No differentiation has been made between the male and female form for ease of reading.
1. General information on data processing
1.1. Processing of personal data and its purpose
SAURER AG (hereinafter referred to as “SAURER” or “we”) processes personal user data solely to the extent required for providing a functioning website, our contents and services. The following data is processed when visiting our website:
- User IP address
- Browser (type, version, language)
- Operating system
- Internet service provider of the user
- Time and date of access to our website
- Files accessed on our website
- Website from which the user has arrived on our website
- Website which the user accesses from our website.
The IP address has to be processed and stored temporarily to make it possible to display the website on the user’s computer. The user IP address has to be stored for the duration of the session for this purpose. The log files contain IP addresses or other data that makes it possible to allocate the user. The log files are stored to ensure the functionality of the website. The data also serves to optimise our website and ensures the security of our IT systems. The personal data is solely processed for the purposes stated within the scope required for achieving them.
1.2. Legal bases for the processing of personal data
The personal data of our users is usually processed with the users’ consent. Cases in which it is impossible to obtain consent in advance for genuine reasons and we are permitted by law to process the data are an exception. The data and log files are stored in accordance with Art. 6 (1) lit.f GDPR.
1.3. Data deletion and storage period
We delete or block the personal data of the affected persons once the purpose for its storage ceases to exist. Data processed for the purpose of displaying the website is deleted once the session has expired. Personal data stored in log files is deleted after no more than 30 days. Longer storage periods are possible if the user’s IP address has previously been deleted or defaced so that it can no longer be allocated to the accessing client.
3. Google Analytics
4. Google Maps
Our website uses Google Maps API by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for visually displaying geographical information. When using Google Maps, Google also processes data on the use of the map functions by website users. The legal basis for the processing of the data is Art. 6 (1) lit. f GDPR. We have a justified interest in an appealing design of our website and an easy process for finding the locations specified on our website. For further information on the processing of data by Google, please read the Google data protection policy at https://policies.google.com/privacy?hl=en-GB.
5. Social Media
We use social media plug-ins (“plug-ins”) of the social networks LinkedIn, YouTube, WhatsApp and Facebook on our website. They create a link to the respective service provider. Data on the user’s browsing activities is transferred. When users click on one of the plug-ins, the personal data (user’s IP address and URL of the page recently visited by the user, including time and location) is transferred to and processed by the respective service provider. For further information on data processing, please read the data protection policies of the respective service providers:
Users who are members of the above social networks and who do not wish for user data to be collected by the respective social network via our website must log out of their respective social media accounts before visiting our website. We display YouTube videos on our website. These videos are embedded in our website by integrating the URL with iframes in extended data protection mode. The domain is replaced with the official YouTube nocookie domain in this case. According to the current information provided by YouTube, information on visits to our website is only stored if the video is played, and not when the page with the embedded video is accessed only, when using this variant. For further information on the collection and use of the data by YouTube and the rights of the users regarding the protection of their privacy, please read the data protection policy at https://policies.google.com/privacy?hl=en-GB.
6. Contact by e-mail
We state various e-mail addresses on our website that can be used for contacting us electronically. In this case, we store the personal user data transferred in the e-mail. The legal basis for the processing of the data is Art. 6 (1) lit. f GDPR. The data is used for the sole purpose of processing the query and subsequent communications. It is not transferred to third parties in this respect. We always obtain the user’s consent prior to using the data for any other purpose. The personal data entered in the input mask of the contact form and personal data sent via e-mail is deleted once the respective communication with the user has ended, i.e. as soon as the circumstances give reason to believe that the matter at hand has been concluded in full and final. The additional personal data collected during the sending process is deleted no later than 30 days from its collection.
Our website provides the option of subscribing to our free newsletter. We process the following personal data when users subscribe to our newsletter:
- Company (voluntary)
- Position (voluntary)
- First name (voluntary)
- Surname (voluntary)
- Address (street, house number, post code, city and country) (voluntary)
- Phone number (voluntary)
- E-mail address
- Language (voluntary)
- Empty field for individual messages (voluntary)
- Sending date.
Consent is obtained from the user for the processing of the data and reference is made to this data protection declaration during the subscription process. The legal basis for the processing of the personal data in this respect is Art. 6 (1) lit. a GDPR. We store the user’s personal data for as long as the newsletter subscription is active. Users can withdraw their consent by clicking on the corresponding link contained in the newsletter. The personal data will then be deleted immediately.
8. Compliance – reporting form
Our website contains a form that can be used for reporting improper conduct, such as unjust and illegal practices, to the SAURER Compliance department. When users avail themselves of this option, the data entered by the users in the input mask is transferred to and stored by us:
- Name (voluntary)
- E-mail (voluntary)
- Phone number (voluntary)
- Empty field for individual messages
The legal basis for the processing of the data is Art. 6 (1) lit. f GDPR. The data is used exclusively for processing the report. The personal data entered in the input mask of the reporting form is deleted by us once the respective communication with the user has ended, i.e. as soon as the circumstances give reason to believe that the matter at hand has been concluded in full and final. The additional personal data collected during the sending process is deleted no later than 30 days from its collection.
9. Application form
Applicants can apply for jobs on our website. To do so, they have to enter personal data. The data is entered in an input mask, transferred to us and stored. The following data is collected:
- Title (voluntary)
- First name
- Last name
- E-mail address
- Telephone number
- Availability (voluntary)
- Vocational training
- Higher-level study
- Last job
- Requested location of employment
- Requested salary (voluntary)
- Empty field for individual messages (voluntary)
- Application documents (covering letter, CV, certificates)
- Application photo
- Sending date
We use the personal data disclosed during the application process for the sole purpose of selecting applicants. We restrict our application processing activities to the information directly provided by the applicant. This may include information that applicants have uploaded to professional online networks or job sites. We may ask about the gender of applicants by asking about their preferred form of address during the application process for the sole reason of wishing to address applicants in the correct manner. The personal data is processed in accordance with Art. 6 (1) lit.a GDPR and Art. 88 (1) GDPR in conjunction with the respective relevant national data protection laws, such as Section 26 of the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). We delete the data six months from the rejection of an application, unless applicants have given their consent to include their personal data in our applicant pool.
We offer applicants who applied for a specific position and whose application we were unable to consider for the specific position to include their application in our applicant pool and make it available to other areas within SAURER in the search for suitable applicants. We shall contact applicants in advance so that they can decide if they are interested in such inclusion. The personal data is processed within the scope of the applicant pool in accordance with Art. 6 (1) lit.a GDPR and Art. 88 (1) GDPR in conjunction with the respective relevant national data protection laws, such as Section 26 of the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).
Applicants under the age of 16 must send us a declaration by their parents or legal guardians in the post in which the latter approve the inclusion of the underaged applicant in our applicant pool and the processing of their personal data in accordance with this data protection declaration and the approvals issued.
SAURER uses technical and organisational security measures to protect users’ personal data against accidental or malicious manipulation, loss, destruction and unauthorised access. We continuously improve our security measures to reflect the latest technological developments.
11. Rights of the affected person
In the event of SAURER processing your personal data, you are an affected person in accordance with Art. 4 no. 1 GDPR and have the following rights:
11.1. Right to information
In accordance with Art. 15 GDPR, you may request that we provide you with confirmation if we process your personal data. If we process your personal data, you may request for us to provide you with the following information:
- Processing purpose;
- Categories of your personal data that we process;
- Recipients and/or categories of recipients to whom we have, or are going to, disclosed your personal data;
- Planned storage period (if possible) of your personal data or, if this is impossible, criteria for determining the storage period;
- Existence of the right to correction or deletion of your personal data, the right to limitation of processing by us or objection to such processing;
- Existence of the right to complain to a supervisory authority;
- All available information on the origin of the data, unless the personal data has been collected from you;
- Existence of an automatic decision-making process, including profiling (Art. 22 (1) and (4) GDPR) and, at least in such cases, pertinent information on the logic involved as well as the scope and planned effects of such processing on you.
You may request information if your personal data is transferred to a third country or international organisation. In this respect, you may request information on suitable guarantees in accordance with Art. 46 GDPR with regard to the transfer.
11.2. Right to correction
In accordance with Art. 16 GDPR, you may request that we correct and/or complete your incorrect personal data.
11.3. Right to deletion
In accordance with Art. 17 GDPR, you may request that we delete your personal data immediately. We must delete your data immediately if one of the following reasons applies:
- Your personal data is no longer required for the purposes for which it was collected or processed in any other form.
- You withdraw your consent on which we have based our processing activities in accordance with Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR and there is no other legal basis for such processing.
- You object to the processing in accordance with Art. 21 (1) GDPR and there are no superordinated justified reasons for the processing activities or you object against the processing in accordance with Art. 21 (2) GDPR.
- Your personal data has been illegally processed.
- Your personal data must be deleted to meet a legal obligation in accordance with EU law or the laws of the member states to which we are subject.
- Your personal data was collected with regard to services offered by the information company in accordance with Art. 8 (1) GDPR.
If we have published your personal data and are obliged to delete it in accordance with Art. 17 (1) GDPR, we shall implement suitable measures, including technical measures, to inform those persons responsible for processing the data that you, as the affected person, have requested the deletion of all links to your personal data or copies or duplicates thereof, taking into consideration the available technology and implementation costs.
The right to deletion does not exist if the processing activities are required
- To exercise the right to freedom of speech and information;
- To meet a legal obligation to which we are subject or fulfil a task that we have been assigned that is within the interest of the general public or is performed due to a public authority exercising its force;
- For reasons of public interest in terms of public health (Art. 9 (2) lit. h and i and Art. 9 (3) GDPR);
- For archiving purposes, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR that are in the public interest if the stated right is likely to make it impossible to achieve the purposes of such processing or would severely impede it; or
- To raise, enforce and defend legal claims.
11.4. Right to limitation of processing
In accordance with Art. 18 GDPR, you can request for the processing of your personal data to be limited under following conditions:
- If you dispute the accuracy of your personal data in such a way that enables us to check the accuracy of your personal data;
- If the processing activities are illegal and you reject the deletion of your personal data and request for the use of your personal data to be limited instead;
- If we no longer require your personal data for processing purposes, but you require it for raising, enforcing or defending legal claims; or
- If you have objected to the processing in accordance with Art. 21 (1) GDPR and it has not yet been established if our justified reasons outweigh your reasons.
If the processing of your personal data has been limited, such data may only be processed with your consent or to raise, enforce or defend legal claims or to protect the rights of another natural person or legal entity or to maintain important public interests of the EU or one of its member states, with the exception of data storage. If the limitation of processing is based on the above conditions, we shall inform you prior to repealing such limitation.
11.5. Right to information
In accordance with Art. 19 GDPR, if you have enforced the right to correction, deletion or limitation of processing against us, we must inform all of the recipients to whom we disclosed your personal data of such fact, unless this proves to be impossible or would cause unreasonable effort and expense. You may request for us to disclose to you these recipients.
11.6. Right to data transferability
In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, standard and machine-readable format. You also have the right to transfer this data to another controller without any obstruction by us if
- The processing activities are based on consent (Art. 6 (1) lit. a GDPR and/or Art. 9 (2) lit. a GDPR) or a contract in accordance with Art. 6 (1) lit. b GDPR and
- The data is processed using automated methods.
If executing this right, you may further request for us to transfer your personal data directly to another controller if this is technically possible. Such transfer must not impair the freedoms and rights of other persons. The right to data transferability does not apply to the processing of personal data that is required for fulfilling a task that we have been assigned that is within the interest of the general public or is performed due to a public authority exercising its force.
11.7. Right to objection
In accordance with Art. 21 GDPR, you may object to the processing of your personal data on the basis of Art. 6 (1) lit. e or f GDPR at any time for reasons arising from your specific situation. This also applies to any profiling based on these regulations. If you object, we shall no longer process your personal data, unless we can provide evidence of urgent reasons for our processing activities that are worth protecting and that outweigh your interests, rights and freedoms, or the data is processed to raise, enforce or defend legal claims.
11.8. Right to withdraw the declaration of consent regarding data protection
You may withdraw your declaration of consent regarding data protection at any time by sending us a notice to the effect, for example in the form of an e-mail to [firstname.lastname@example.org]. Your withdrawal of the declaration of consent does not affect the legality of the processing activities performed on the basis of the declaration of consent until receipt of your notice of withdrawal.
11.9. Automatic individual decision, including profiling
In accordance with Art. 22 GDPR, you have the right not to be subjected to decisions solely based on automatic processing, including profiling, that have legal consequences for you or otherwise significantly impair you. This does not apply if the decision
- Is required for concluding or fulfilling a contract between you and us,
- Is permissible in accordance with legal provisions of the EU or its member states to which we are subject and these legal provisions contain appropriate measures for maintaining your rights, freedoms and justified interests, or
- Is made with your explicit consent.
11.10. Right to complain to a supervisory authority
Notwithstanding any other legal remedies under administration law or before the courts, you have the right to complain to a supervisory authority, particularly in the member state in which you reside, work or where the alleged violation has taken place, if you believe that our processing of your personal data violates the General Data Protection Declaration.
12. Responsibility for contents and information
Our website contains links to third-party websites. When linking these third-party websites, we checked their contents to ensure that they do not violate civil or criminal laws. However, it cannot be ruled out that these contents could be changed at a later date by the respective providers. Please notify us if you believe that linked third-party websites violate applicable laws or contain other inappropriate contents. We shall investigate your concerns and remove the external link, if necessary. SAURER is not responsible for the contents and availability of the linked external websites.
13. Inclusion and validity of the data protection declaration
By using this website, you agree to the data processing activities described above. This data protection declaration only applies to the contents of our website. Other data protection and security regulations apply to the linked external contents. You can find out the controllers of these contents in the respective legal disclaimers of the websites.
The further development of our website or implementation of new technologies may make it necessary to amend this data protection declaration. We therefore reserve the right to amend this data protection declaration at any time with future effect. The respective version that can be accessed at the time of your website visit shall apply at all times.
Version: May 2018