Privacy SFS-Fluidsysteme GmbH

Data protection has a particularly high priority for SFS-Fluidsysteme Gesellschaft mbH. The collection and processing of your personal data in our company, takes place in compliance with the applicable data protection regulations, in particular the Data Protection Regulation (DSGVO) and the Data Protection Act (DSG).

The collection and processing of personal data are for the following purposes:

For example, we process your data in order to make your visit to our website as pleasant as possible,
and for purposes of quality assurance, and process optimization.

The use of personal data for purposes other than the purpose for which it was collected is only permitted within the scope of the aforementioned purposes and provided that the new purpose is compatible with the purpose for which it was collected.

With this privacy policy, we comply with the obligation to inform (Article 13 DSGVO). Furthermore, we would like to inform you about your rights.

As a dutiful company, we have implemented the necessary TOMs (technical and organizational measures) to ensure the protection of personal data processed by us.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

If e-mail-based data transmission is not convenient for you for security reasons, you can also contact us by mail.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator, this site uses SSL or TLS encryption.

You can recognize an encrypted connection by the fact that the address line of the browser changes from

“http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Definitions: See attachement A

 

Name and contact details of the controller

The controller within the meaning of the DSGVO and the DSG is:

SFS-Fluidsysteme Gesellschaft mbH

CEO Franz Staudacher

Industriezone 4

6404 Polling (AUSTRIA)

Phone: +43 (5262) 64 62 60

E-mail: info@sfs-fluidsysteme.com

Collection /processing of personal data and possible disclosure

The legal basis is Art. 6 (1) lit. a, b, c and f DSGVO.

The following data categories are processed/collected:

  • Consent/revocation (e.g. cookies, newsletter).
  • IP address
  • Technically necessary cookies
  • Logfiles (Technically necessary data of the WEB server).

3.1 Collection of general data and information on our homepage

The company’s website collects a series of general data and information with each call of the website by a data subject or an automated system. This general data and information is stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system (8) session ID and (9) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, our enterprise does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website and the advertising for these, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Therefore, the company analyzes anonymously collected data and information on one hand for statistical purposes and on the other hand for the purpose of increasing the data protection and data security of our enterprise, and ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject. This data is not merged with other data sources. All access data is deleted no later than seven days after the end of your visit to the site. The data collection is based on legitimate interests on our part and for pre-contractual purposes. (Purpose of data processing: presentation of the website, legal basis: Art. 6 para. 1 letters b) and f) DSGVO).

3.2 Cookies

Our Internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser. In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services). Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising. Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a DSGVO); consent can be revoked at any time. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

3.3 Integration of third-party services

Insofar as a processing/transfer of personal data takes place, this is done only after your voluntary consent (Content Toll when calling our site) according to Article 6 para 1 lit. a, or according to article 6 para 1 lit. f.

The following third-party services are used:

3.3.1 Cookies from Polylang

Cookies from Polylang to recognize and record the language used or selected by the user. This cookie is deleted after one year. More information on the name, value, storage period and deactivation of this cookie can be found at https://polylang.pro/doc/is-polylang-compatible-with-the-eu-cookie-law.

The legal basis for any processing of personal data by session cookies as well as by the cookie of Polylang is Art. 6 (1) letter f DSGVO, because the processing is necessary for the use of the website with the selected language. Otherwise, we cannot offer them this option.

3.4 External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website. The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).

Our hoster will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

We use the following hoster:

adino.at Internetservice GmbH
Achstrasse 18
6971 Hard
Vorarlberg, Austria
Phone: +43 5574 20812
Fax: +43 5574 20812 3
Mail: info@adino.at

3.5 Newsletter

On our website we offer you the opportunity to register for our newsletter. In order to be sure that no one else misuses your e-mail address, we use a double opt-in procedure: After you have entered your e-mail address in the registration field and sent by pressing the Buttons, we will send you an email with a confirmation link to the address given. Only when you click on this confirmation link will your email address be added to our mailing list for sending our newsletter. The legal basis for data processing is Article 6 (1) (a) GDPR. If we do not receive a confirmation within 72 hours, the data will be irrevocably deleted.

The following data are processed:

Required fields:

– First name

– Last name

– E-mail address

– Newsletter language

Optional:

– Gender

– company

Note on the right of revocation: You can revoke your consent at any time with effect for the future by sending a message to info@sfs-fluidsysteme.com or the unsubscribe option at the end of each newsletter, without incurring any costs other than the transmission costs according to the basic tariffs.

In order to be able to offer you this service, we use a European processor:
rapidmail GmbH
Wentzingerstraße 21
79106 Freiburg im Breisgau
Germany

Deletion and blocking of personal data

Unless specifically stated, we store personal data only as long as necessary to fulfill the purposes pursued. In some cases, the legislator provides for the retention of personal data, such as in tax or commercial law. In these cases, we only continue to store the data for these legal purposes, but do not process it in any other way and block or delete it after the legal retention period has expired.

Rights of the data subject

a) Right to confirmation

Every data subject has the right to request confirmation from the controller as to whether personal data concerning him or her are being processed. If a data subject wishes to exercise this right, he or she may, at any time, contact the controller.

b) Right to information

Every data subject has the right to obtain confirmation from data controllers at any time as to whether personal data concerned are being processed. If this is the case, you have the right to request from us free information about the personal data stored about you, together with a copy of this data. Furthermore, you have the right to the following information:

  • the purposes of processing
  • the categories of personal data that are processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or to obtain the restriction of processing by the controller, or a right to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • if the personal data are not collected from the data subject:
    • Any available information about the origin of the data
    • The existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
  • If personal data are transferred to a third country or to an international organization, you have the right to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

If a data subject wishes to exercise this right, he or she may contact the controller at any time.

c) Right to rectification

Every data subject has the right to demand the correction, if necessary also the completion, of incorrect/incomplete personal data concerning him or her.

If a data subject wishes to exercise this right, he or she may, at any time, contact the controller.

d) Right to erasure (right to be forgotten)

Pursuant to Article 17(1) of the GDPR, every data subject has the right to request that we erase personal data concerning him or her without undue delay, and we are obliged to erase personal data without undue delay if one of the following reasons applies:

  • The personal data was collected or otherwise processed for such purposes for which it is no longer necessary.
  • The data subject revokes his or her consent on which the processing was based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO and there is no other legal basis for the processing.
  • The data subject objects to the processing pursuant to Article 21(1) DS-GVO and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) DS-GVO.
  • The personal data have been processed unlawfully.
  • The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data has been collected in relation to information society services offered pursuant to Article 8 (1) DS-GVO.
  • If the personal data have been made public by the enterprise and we as a controller are obliged to erase the personal data pursuant to Article 17 (1) of the DS-GVO, the controller shall take reasonable measures, including technical measures, to inform other data controllers processing the published personal data, taking into account the available technology and the cost of implementation, that the data subject has requested from those other data controllers the erasure of all links to the personal data or copies or replications of the personal data. The controller will arrange the necessary steps in individual cases.
  • If a data subject wishes to exercise this right, he or she may, at any time, contact the controller.

e) Right to restriction of processing

Any data subject shall have the right to obtain from the controller the restriction of processing where one of the following conditions is met:

  • The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject objects to the erasure of the personal data and instead requests the restriction of the use of the personal data.
  • The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the establishment, exercise or defense of legal claims.
  • The data subject has objected to the processing pursuant to Article 21 (1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

If a data subject wishes to exercise this right, he or she may, at any time, contact the controller.

f) Right to data portability

Every data subject has the right to obtain personal data concerning him or her, which has been provided by the controller, in a structured, commonly used and machine-readable format. He or she has the right to transfer this data to another controller without hindrance from the controller, provided that:

the processing is based on consent pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO or on a contract pursuant to Art. 6(1)(b) DSGVO and the processing is carried out with the help of automated procedures.

When exercising their right to data portability pursuant to Article 20(1) of the GDPR, the right to obtain that the personal data be transferred directly from the controller to another controller, where technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

If a data subject wishes to exercise this right, he or she may, at any time, contact the controller.

g) Right to object

Every data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the DS-GVO; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.

If the controller processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data for such marketing. This also applies to profiling, insofar as it is related to such direct marketing.

If a data subject wishes to exercise this right, he or she may, at any time, contact the controller.

h) Automated decisions including profiling

Every data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

i) Right to withdraw consent under data protection law.

Every data subject has the right to withdraw consent to the processing of personal data at any time.

If a data subject wishes to exercise this right, he or she may contact the controller at any time.

j) Right to lodge a complaint

Every data subject has the right to lodge a complaint with the data protection authority if he or she is of the opinion that the processing of personal data relating to him or her violates the GDPR or Section 1 or Article 2 1st main section DSG. In Austria, this is the data protection authority in Vienna.

Legal basis of the processing

Art. 6 (1) lit. a DSGVO

The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes.

Art. 6 (1) lit. b DSGVO

Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject’s request.

Art. 6 (1) lit. c DSGVO

Processing is necessary for compliance with a legal obligation to which the controller is subject. E.g. tax regulations

Art. 6 (1) lit. f DSGVO

Processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling…

Appendix A

Definitions

The data protection declaration of the responsible party is based on the terminology of the GDPR.

a) personal data

“personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

(b) data subject.

Is an identified or identifiable natural person e.g. the employee. The advertiser, etc.

c) Processing

“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

d) restriction of processing

“Restriction of processing” the marking of stored personal data with the aim of limiting their future processing;

(e) profiling

“Profiling” any type of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location;

f) pseudonymization

“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person;

g) Controller

“controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law;

(h) processor

“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

(i) Recipient

“recipient” means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law 4.5.2016 L 119/33 Official Journal of the European Union EN shall not be considered as recipients; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;

(j) third party

“Third Party” means a natural or legal person, public authority, agency or other body other than the Data Subject, the Controller, the Processor and the persons who, under the direct responsibility of the Controller or the Processor, are authorized to process the Personal Data.

k) Consent

“Consent” means any freely given indication of the data subject’s wishes in an informed and unambiguous manner for the specific case, in the form of a statement or any other unambiguous affirmative act by which the data subject signifies that he or she consents to the processing of personal data relating to him or her.

Company holidays 24.12.21 - 02.01.22

We wish you a merry christmas and a happy new year!

Consent Management Platform by Real Cookie Banner