1 . Introduction
Thank you for visiting our website and for your interest in discovering our company, our products and services. Protection of your personal data is a very serious matter for us. ShapeDrive GmbH (hereinafter referred to as " ShapeDrive“, "we“ or "us“) attaches great importance to the data security of it users and compliance with data protection regulations.
Below you can find more detailed information about how we handle your data.
1.2 Definition of Terms
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter “data subject”) (Art. 4 No. 1 GDPR). Personal data includes information such as key data (first name and surname, address and date of birth), your contact data (telephone number, e-mail address), invoice data (bank accounts) and much more.
"Processing" means any operation or set of operations performed in connection with personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Data subject” is any identified or identifiable natural person whose data is processed by the controller in charge of processing.
"Controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
"Recipient" means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
"Third party’" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor as well as persons who are authorized to process personal data under the direct authority of the controller or processor.
"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
1.3 Collection and Processing of Personal Data
In general, you may visit our website without giving any personal data. However, if you wish to use any of the special services offered by our company on our website, we may need to process personal data. If we have to process personal data and if there is no legal basis for such processing, we always ask for the consent of the data subject.
2 . Middle section
Purpose of the Collection - Data Categories - Legal Basis for Processing
2.1 Data Anonymization
You may visit our website without providing any active personal information. However, whenever our website is accessed, we automatically store access data (server log files) for a period of 7 days, such as the name of your Internet service provider, the operating system used, the website from which you are visiting us, the date and duration of the visit or the name of the requested file, and for security reasons, e.g. to detect attacks on our websites, the IP address of the computer used. These data are evaluated exclusively in order to improve our offer and do not allow any conclusions about your person. These data are not combined with other data sources. Art. 6 (1) GDPR provides the legal basis for data processing. We process and use the data for the following purposes: 1. to ensure availability of the ShapeDrive websites, 2. to improve our websites and 3. to prevent and detect errors /malfunctions and the abuse of the websites. This type of data processing is carried out either to perform the contract on the use of ShapeDrive websites or in pursuance of a legitimate interest in ensuring the functionality and error-free operation of ShapeDrive websites and in adapting these websites to the requirements of the users.
2.2 Use of Cookie-Tracking
2.3 Use of Google Analytics
Preventing the Storage of Cookies
You may set your browser to prevent the storage of cookies; however, we advise you that in this case you will not be able to use all the functions of this website fully. By using this website you declare that you agree to Google processing the data collected about you in the manner and for the purpose described above.
We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA.
Objections to Data Collection
If you do not want Google to receive any data on you browser, you may select the opt-out solution for Google Analytics using the following link: http://tools.google.com/dlpage/gaoptout?hl=de. This plug-in prevents the browser from requesting the analytics code so that Google does not receive any data when you access the site. This plug-in is only available for Internet Explorer 7 and 8, Firefox 3.x and for Chrome. According to Google, the browser blocks the Google Analytics script after installation. For more information about the conditions of use and data privacy, please go to http://www.google.com/analytics/terms/de.html or http://www.google.com/intl/de/analytics/privacyoverview.html.
We advise you that Google Analytics has been expanded on this website with the code “ga.anonymizeIp” in order to guarantee the anonymized collection of IP addresses (IP-masking).
Google Analytics Demographic Reports
This website uses the Google Analytics “Demographic Reports” function. This allows reports to be created that contain information on the age, gender and interests of site visitors. These data come from interest-related advertising by Google and from visitor data from third-party providers. These data cannot be assigned to a specific person. You may disable this feature at any time in your Google Account ad preferences or opt-out of Google Analytics collecting your information as described in the "Objections to Data Collection" section.
2.4 Use of Google Remarketing
This website uses Google Remarketing technology from Google Inc., (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This is a retargeting technology which allows us to address past visitors to our website through targeted advertising on the websites of the Google Display Network. Advertisements are displayed by using cookies.
2.5 Use of Google AdWords
This website uses Google Conversion Tracking, an analysis service from Google Inc., (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google AdWords places a cookie on your computer ("Conversion Cookie") if you have entered our website via a Google advertisement. These cookies expire after 30 days and cannot be used for identifying individuals. If you visit some of our sites before the cookie expires, we and Google can detect that someone has clicked the advertisement and been forwarded to our site. Every Google AdWords customer receives a different cookie. This means cookies cannot be traced via the websites of AdWords customers. The information obtained using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. In this way, the AdWords customers learn the total number of users that have clicked on their advert and have been forwarded to a page provided with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not wish to opt for tracking, you can object to its use by setting your browser to prevent the installation of cookies (disabling option). You will then be excluded from the conversion tracking statistics. For more information about conditions of use and data protection, please go to: http://www.google.de/policies/privacy/.
2.6 Use of Google Maps
We use Google Maps to display maps and show how to find us. Google Maps is a service offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.
By using this website you declare that you agree to Google or its representatives or third parties collecting, processing and using the data automatically collected or entered by you.
The conditions of use for Google Maps can be found at: https://www.google.com/intl/de_de/help/terms_maps.html .
2.7 Use of the Google Tag Manager
This website uses the Google Tag Manager. This service enables the management of website tags. The Google Tool Manager only implements tags. This means: No cookies are placed and no personal data is recorded. The Google Tool Manager triggers other tags which in turn record data. The Google Tag Manager does not make use of these data. In the event of any deactivation at domain or cookie level, this also covers all tracking tags, provided these were implemented with the Google Tag Manager.
2.8 Google Web Fonts
This page uses web fonts to improve the visual appearance of the font and information. (http://www.google.com/webfonts/). These services are provided by Google LLC („Google“), Amphitheatre Parkway, Mountain View, CA 94043, USA.
These web fonts are integrated by a server call, usually a Google server in the USA. To do this, your browser loads the required web font into your browser cache when you visit our site. In this way the server receives information about which of our Internet pages you have visited. Google also saves the IP address of the browser of the visitor's terminal device. This is necessary so that our texts are displayed on your browser in an optically improved version. You can set your browser to prevent the loading of fonts from Google servers (e.g. by installing add-ons such as NoScript or Ghostery for Firefox.). If your browser does not support this function or if you block access, your computer will use a standard font for display.
More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq?hl=de-DE&csw=1.
General information on data privacy at Google can be found at http://www.google.com/intl/de-DE/policies/privacy/.
2.9 Use of Social Media
2.9.1 Short Version:
All social media functions can be used on our website.
If you access one of these sites, a connection to the social media servers may be set up. They will be informed that you have visited our website with your IP address. If you comment on anything, click the like button or use twitter while you are logged into your account, the social medium may be able to assign your visit to our website to you and your user account. We advise you that as the provider of the sites we have no knowledge of the contents of the data transmitted or their use.
These services are provided by the following companies:
Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
Google+ Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Linkedin Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA
Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, USA
Xing AG, Dammtorstrasse 30, 20354 Hamburg, Germany
YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
Kununu GmbH, Wollzeile 1-3 Top 5.1, 1010 Vienna, Austria
Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA
If you do not want a particular social media to be able to assign the visit to our site to your account, you must log out of this service before visiting our website.
2.10 Live Chat
ShapeDrive offers advice via live chat as part of its web service. You may communicate with one of our advisers via text in the live chat function. Data collected in this case is used to process your inquiry. The text content you enter into the chat mask during the live chat (name, request, possibly contact data) is voluntary. If you wish further contact during the course of the chat, we request that you use the contact form if asked by one of our consultants. Art. 6 (1) GDPR provides the legal basis for collection and processing of data.
When you access and use live chat, your Internet browser automatically transmits data at the start of use for technical reasons (date and time of access, duration of visit). The legal basis for this is the fulfilment of our legal obligations in the area of data security and our legitimate interest in rectifying faults and guaranteeing the safety of our offers. These data are also processed for analysis purposes without being assigned to a specific person. Data is collected for the same purposes as for anonymous data collection (see above).
We keep the data entered by you in the live chat until the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
2.11 Contact Form/ Requests
You may send us a request using the contact form on our website. We will store your data from the contact form (content of your inquiry, subject of your inquiry and date) as well as the contact data entered (first name, surname, email, title, company, phone, country, city and postcode) for the purpose of processing your inquiry and in case of follow-up questions. We will not forward these data without your consent. Art. 6 (1) GDPR provides the legal basis for collection and processing of data.
We will keep the data you enter in the contact form until you request us to delete it, your consent to storage is revoked or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
2.12 E-mail Contact
If you send us inquiries or information by e-mail, we will store the details provided by you (e-mail address, content of your e-mail, subject of your e-mail and date) as well as the contact data (first name, surname, if applicable telephone number, address) for the purpose of processing the inquiry and in case we have any follow-up questions. We will not forward these data without your consent. Art. 6 (1) GDPR provides the legal basis for collection and processing of data.
The user is advised that e-mails can be read or changed during transmission without authorization and unnoticed. ShapeDrive uses software to filter unwanted e-mails (spam filter). The spam filter rejects emails that have been falsely identified as spam due to certain features.
We will keep the data entered until you request us to delete it, your consent to storage is revoked or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
2.13 Subscription to Newsletter
On our website there is an option to subscribe to our company newsletter. In our newsletter we inform our customers and business partners at regular intervals about the company's products and special offers. For this purpose, we require a valid e-mail address from you and information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. For legal reasons, we use the double opt-in process and send a confirmation by e-mail to the e-mail address entered by the data subject when initially subscribing to the newsletter. We use these data exclusively for sending the newsletter and do not forward them to third parties. Art. 6 (1) GDPR provides the legal basis for collection and processing of data.
When registering for the newsletter, we also store the IP address assigned by the Internet Service Provider (ISP) of the computer system used by the data subject at the time of registration, as well as the date and time of registration. We have to collect these data in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later point in time and it is therefore used for our protection.
You may revoke your consent to the storage of the data and e-mail address and their use for the transmission of the newsletter at any time using the "unsubscribe wenglor news" link in each newsletter. Alternatively you may send a mail to firstname.lastname@example.org at any time stating your request to unsubscribe to the newsletter. The revocation does not affect the lawfulness of processing based on consent before its withdrawal
We will store the data you give us in connection with your newsletter subscription until you unsubscribe from the newsletter and will delete them after you unsubscribe from the newsletter.
2.13.1 Newsletter Tracking
The newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in e-mails sent in HTML format to enable log file recording and analysis. This allows a statistical evaluation of the success or failure of an online-marketing campaign. On the basis of the embedded pixel code we can detect whether and when an e-mail was opened by a data subject and which links in the e-mail were accessed by the data subject.
We store and evaluate such personal data collected via the tracking pixels contained in the newsletters on the basis of legitimate interests in order to optimize newsletter dispatch and to customize the content of future newsletters in the best possible interests of the data subject. Art. 6 (1) GDPR provides the legal basis. These personal data will not be forwarded to third parties. Data subjects are entitled at any time to revoke the declaration of consent given separately via the double opt-in process. After revocation, these personal data will be deleted by the controller. Unsubscribing from the newsletter is interpreted as an automatic cancellation.
2.14 Career Section/ Online Application
You may also look at the career section and/or submit applications by e-mail. We collect and process the personal data (master data, contact data, attachments such as cover letter, CV, certificates, etc.) of applicants for the purpose of processing the application procedure. Data may also be processed electronically. This may happen in particular if an applicant sends the controller relevant application documents by e-mail or via a web form on the website, for example. If the controller concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the decision of refusal, provided that no other legitimate interests of the controller stand in the way of deletion. Other legitimate interests in this sense may be, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). Art. 6 (1) GDPR provides the legal basis for collection and processing of data.
3 Transmission of Data
3.1 Internal Transmission of Data within ShapeDrive
We transmit your data internally to the administration, HR department, works council and payroll office in order to comply with our contractual or legal obligations. Your data will only be transmitted or disclosed to the extent necessary for this purpose and in compliance with the relevant data protection regulations.
3.2 Transmission of Data throughout the Group
ShapeDrive is a globally operating company based in Germany. The data you transmit to us are stored in our centralized customer database in Germany and forwarded within the group for management purposes. If data are exchanged within the group, this is done to perform a contract or as a condition of use for the websites. Furthermore, the company may have a reason for passing this data on for internal, administrative purposes. If your data are processed outside Europe, they will be transferred in compliance with all applicable data protection laws and in particular in accordance with Art. 44 f. GDPR.
3.3 Transmission to Third Parties
We transmit your data to certain third parties that provide external services for us ("processors") in order to be able to provide appropriate applications and services. For example, newsletter services, IT providers, tax consultants, etc. Data may be transmitted to other third parties in order to fulfil our obligations (authorities, banks, social insurance carriers, etc.). Third parties process the data only in accordance with our instructions and are also prohibited from using these data for their own commercial purposes which do not correspond to the agreed purposes.
We must disclose personal data if we are obliged to do so in the course of ongoing legal proceedings, on the basis of an order, or on the basis of applicable law (Art. 6 (1) lit. f GDPR).
We transmit your personal data if:
you have given your express consent pursuant to (Art. 6 (1) sentence 1 GDPR),
the disclosure pursuant to Art. 6 (1) sentence 1, lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that a legal obligation exists for the transmission pursuant to Art. 6 (1) sentence 1, lit. c GDPR, and
this is legally permissible and is necessary for the processing of contractual relationships with you in accordance with Art. 6 (1) sentence 1, lit. b GDPR).
If your data are processed outside Europe, they will be transmitted in compliance with all applicable data protection laws and in particular in accordance with Art. 44 f. GDPR.
3.4 Transmission to a Third Country or International Organization
We transmit your data to countries outside the EU or the EEA (so-called third countries) for the above-mentioned purposes (group-wide transfer (No. 4.2) and transmission to third parties (No. 4.3)). Data is only transmitted in connection with the performance of our contractual and legal obligations or on the basis of your consent. All and any transmissions are in compliance with all applicable data protection laws and in particular in accordance with Art. 44 f. GDPR, in particular, either on the basis of adequacy decisions adopted by the European Commission or on the basis of certain guarantees (e.g. standard data protection clauses, etc.).
4.1 Length of Storage
We store your data as long as required in order to provide our online offer and associated services or where foreseen by the European regulators or another legislator in laws or regulations to which the data controller is subject. In all other cases we delete your personal data when the purpose has been fulfilled, with the exception of such data which we are legally obliged to store (e.g. retention periods for documents such as contracts and invoices in compliance with tax and commercial law).
4.2 Technical Security
ShapeDrive uses technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.
Please be aware that there are inherent security risks in transmitting data (e.g. e-mail communication) via the Internet. It is impossible to safeguard completely against unauthorized access by third parties.
4.3 Legal basis of Processing
Art. 6 (1) lit. a GDPR serves our company as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case for example with processing operations in connection with the delivery of goods or the provision of other services or reciprocal services, data is processed on the basis of Art. 6 (1) lit. b GDPR. The same applies to such processing processes that are necessary in order to take steps prior to entering into a contract; for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 (1) lit. c GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information had to be given to a doctor, a hospital or other third parties. In this case, data would be processed on the basis of Art. 6 (1) lit. d GDPR. Finally data may be processed on the basis of Art. 6 (1) lit. f GDPR. All processing operations which are not covered by any of the aforementioned legal bases are based on said Art. 6 (1) lit. f GDPR, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. If the processing of personal data is based on Art. 6 (1) lit. f GDPR, our legitimate interest is to conduct our business for the well-being of all our employees and our customers.
4.4 Legal or Contractual Regulations for the Provision of Personal Data; Necessity for the Conclusion of Contracts; Obligations of the Data Subject to Provide Personal Data; Possible Consequences of Failure to Provide Data
We advise you that the provision of personal data is in part required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). In some cases, it may be necessary for the data subject to provide us with personal data before a contract can be concluded, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with him/her. Failure to provide personal data would mean that the contract with the data subject could not be concluded. Prior to the provision of personal data by the data subject, the data subject must contact one of our employees. Our employee instructs the data subject on a case-by-case basis as to whether the provision of personal data is required by law or contract or required for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of failure to provide the personal data.
4.5 Notice concerning minors
This online offer is not addressed to children under 16. Children under 16 may not give any personal data to ShapeDrive without the consent of their parent or guardian.
4.6 Rights of the Data Subjects
You have the right to information about the data stored by us, duration of data, purpose and legal basis of storage as well as origin and recipient of transmissions. Incorrect data must be rectified, data stored unlawfully or data no longer required must be erased. In addition, the data subject has a right of objection, a right to restriction of processing and the right to data portability.
This information will be provided to you on request. This information is given free of charge.
You also have the right to lodge a complaint with a supervisory authority.
4.7 Withdrawal of Consent to Data Processing
Some data processing operations are only possible subject to your express consent. You may withdraw consent after it has been given. This may be done in an informal e-mail sent to GDPR@wenglor.com. The revocation does not affect the lawfulness of processing based on consent before its withdrawal.
Publication of the contact details of the data protection officer in accordance with article 37, section 7 of the EU GDPR
Data protection officer in accordance with article 37 of the EU GDPR / § 38 BDSG-neu (new German Federal Data Protection Act):
Mr. Bernd Rohloff
Tel. +49 89 - 3 27 15 00
Certified translation from German
I hereby certify that the following translation concords fully with the document submitted to me. A copy is attached.
Obertshausen, 15 May 2018
Joanna Massmann, duly authorised translator for the courts and notaries public of Hessen.