Data Protection

 

I. Data controller and data protection officer

1. The data controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws is:

GUBSE AG
Bahnhofstraße 26-28
66578 Schiffweiler
Phone: +49 6821 9646 – 0
Email: info@sihot.com
Internet: https://sihot.com

The Data Protection applies to all GUBSE AG companies. The companies are all listed in our Legal Information.

2. Information on the websites

The Data Protection applies in particular to the following websites:

  • sihot.de
  • sihot.com
  • gubse.de
  • gubse.com

3. The data protection officer of the data controller is:

GUBSE AG
Bahnhofstraße 26-28
66578 Schiffweiler
Telefon: +49 6821 9646 – 0
E-Mail: privacy@sihot.com

II. Protection of your personal data

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations, including in this Data Protection.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This Data Protection explains what information we collect and what we use it for. It also explains how and for what purpose this is done.

Please note that the transfer of data on the Internet (e.g., communication via email) may be subject to security gaps. Completely protecting data against third‐party access is impossible.

III. Processing of personal data
1. Use of your data

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyse how visitors use the site.

2. Collection of your data

Your data will be collected when you communicate it to us. This could, for example, be data you enter on a contact form. Other data is collected either automatically by our IT systems or with your consent when you visit the website. This data is primarily technical data such as the browser and operating system you are using or when you accessed the page. This data is collected automatically as soon as you visit this website.

3. Description and scope of data processing

When you visit our website https://www.sihot.com, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a log file. The following information is recorded without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer
  • date and time of access
  • name and URL of the retrieved file
  • website from which access is made (referrer URL)
  • the browser used and, if applicable, the operating system of your computer
  • the name of your access provider

The log files contain IP addresses or other data that allows for the identification of a user.

4. Purpose of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. To this end, the IP address of the user must be stored for the duration of the session. The data is stored in log files to ensure the website’s functionality.

The data is also used to optimise the website and to ensure the security of our information technology systems. We do not evaluate this data for marketing purposes in this specific regard. In particular, we use the data to ensure a smooth connection to the website and the convenient use of our website.

In addition, we use cookies and analytical services when you visit our website.

5. Legal basis for processing personal data

Insofar as we obtain your consent to process your personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of your data.

If processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the first‐mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

If processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the first‐mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

6. Disclosure of data

A transfer of personal data to third parties in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR only occurs with your consent, for example, if you inform us of your interest in services or events.

In this case, the data may be passed on to the relevant companies and organizations. In addition, we will only disclose personal data to third parties if we are legally obligated to do so in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR or if this is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

7. Deletion and storage of data

Your personal data will be deleted or blocked as soon as the purpose for its storage no longer applies. In addition, the data may be stored if this has been provided for by the European or national legislators regulations, laws, or other provisions to which the data controller is subject. The data will therefore be deleted or blocked if a storage period prescribed by the aforementioned regulations has elapsed unless further storage of the data is necessary for the conclusion or fulfilment of a contract or an overriding legitimate interest.

In the case the data was collected in order to provide the website, it will generally be deleted once your session on our site ends. If IP addresses are stored in full in log files, the personal data will be deleted or anonymized after seven days at the latest. Any further storage is possible in connection with cookies or analysis services. In this case, your IP address will be deleted or truncated, so that we can no longer identify the accessing client.

8. Withdrawal of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may withdraw your consent at any time. The legality of the data processing performed prior to the revocation remains unaffected by the revocation.

Furthermore, collection of data required to make the website available and storage of the data in log files is essential for the operation of the website. Consequently, there is no option for you to object to its collection and retention if you wish to use the website.

IV. Contact forms, inquiries and newsletters

1. Contact form

If you send us queries via the contact form, we will collect the data entered on the form, including the contact details you provide, in order to answer your query and for any follow‐up questions. We do not share this data without your permission. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided your request is related to the performance of a contract or necessary for the implementation of pre‐contractual arrangements. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries sent to us ( Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested. We will retain the data you provide on the contact form until such time as you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer applies (e.g. after fulfilling your request). Any mandatory statutory provisions—especially those regarding mandatory data retention periods —remain unaffected by this provision.

2. Inquiry by email, phone or fax

If you contact us by email, phone or fax, your request, including all ensuing personal data (name, nature of inquiry), is stored and processed by us for the purposes of processing your request. We do not share this data without your permission.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided your request is related to the performance of a contract or necessary for the implementation of pre‐contractual arrangements. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries sent to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

3. Newsletter

To receive the newsletter offered on our website, you can register using our form. We use what is known as the double opt‐in procedure. A confirmation email will first be sent to your specified email address with a request for confirmation. Registration only becomes effective when you click on the activation link contained in the confirmation email.

We use your data transmitted to us exclusively for sending the newsletter, which may contain information or offers.

We use rapidmail to send our newsletter. Your data will therefore be transmitted to rapidmail GmbH. It is forbidden for rapidmail GmbH to use your data for other purposes than for sending the newsletter. Rapidmail GmbH is not permitted to pass on or sell your data. rapidmail is a German, certified newsletter software provider, which has been carefully selected in accordance with the requirements of the GDPR and the BDSG (Federal Data Protection Act).

You can withdraw your consent to the storage of the data and its use for sending the newsletter at any time, e.g. via the “unsubscribe” link in the newsletter.

4. Purpose of data processing

We process the personal data to process your inquiries, to provide the services you require, to ensure compliance with laws and regulations and to enforce legal claims.

5. Legal basis for the data processing

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a and b GDPR, because your consent to the use of a form or the sending of information is has been given and/or a contractual service is provided.

6. Duration of storage

The collected personal data will be stored as long as it is necessary for the purposes presented. Insofar as the data is subject to statutory retention requirements according to the AO (Tax Act) or the HGB (German Commercial Code), it must be kept for six or ten years. In all other respects, the general storage principles outlined above apply.

7. Possibility of objection and deletion

Insofar as the data is subject to statutory retention requirements, there is no possibility for the user to object. You can withdraw your consent to the sending of the newsletter or information at any time, both via the unsubscribe link in the individual mailings as well as informally e.g. to privacy@sihot.com.

V. Cookies, plugins and web analysis
1. Cookies

When requesting content from our online offer, cookies are set e.g. to optimise communication times or for anonymous, statistical evaluation of the use of our website. Cookies are small text files that are stored on the user’s computer when visiting a website. They can be automatically recognized and selected during an ongoing or subsequent visit.
If you leave our site and reach third‐party sites, cookies may also be set by the target site. We are legally not responsible for these cookies. For the use of these cookies by third parties and the information stored in them, please compare those privacy polic ies and the explanations below.

2. Which data is processed?

Cookies, analysis tools and plugins process, among other things, the name of the Internet service provider, the files requested, IP address, access to individual pages, browser type, screen resolution, colour depth, operating system, search terms and reference pages from which you came to our website.

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected or deleted. If you have given your consent to data processing, you may revoke this consent at any time. Furthermore, you have the right to request that the processing of your personal data be restricted.

You may also, of course, file a complaint with the competent regulatory authorities. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection.

3. Google (Universal) Analytics

The website uses Google Analytics, a web analysis service from Google Inc. (https://www.google.de/intl/en/about/), 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”. In this context, pseudonymised user profiles are created and cookies are used. The information generated by cookies about your use of this website such as

  • browser type/version,
  • operating system used,
  • referrer URL (the previously visited website),
  • the host name of the accessing computer (IP address)
  • time of the server request,

are sent to and stored on a server hosted by Google Inc. in the USA. The information is used to evaluate the use of the website, to compile reports on advertising activities and to provide further services associated with the use of the website and of the Internet for the purposes of market research and demand‐oriented design of these Internet pages. This information may also be transferred to third parties, provided this is legally required, or to the extent that such third parties process the information. By activating the IP anonymization on this website, the IP address is shortened before transmission within the EU or the EEA (IP masking). Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics is not merged with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings in your browser. However, we would point out that in this case, it may not be possible to use all of the functions of this website to the full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of these data by Google by downloading and installing the browser add‐on (https://tools.google.com/dlpage/gaoptout?hl=en).

Google is headquartered in the USA and is certified according to the EU‐US Privacy Shield. A current certificate can be viewed here: (https://www.privacyshield.gov/list) As a result of this agreement between the US and the European Commission, the latter has established that companies certified under the Privacy Shield have an adequate level of data protection. Further information on data protection in connection with Google Analytics can be found at Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).

4. Google Tag Manager

This website uses the Google Tag Manager. Using this service, website tags can be managed over an interface. The Google Tool Manager only  implements tags. This means that no cookies are used, and personal data are not collected. The Google Tool Manager triggers other tags that capture data again, if necessary. However, Google Tag Manager does not access this data. If deactivation occurs at domain or cookie level, it remains in use for all tracking tags, insofar as they are implemented with Google Tag Manager.

5. Facebook (remarketing/retargeting)

This website uses remarketing tags from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. When you visit our site, a direct connection between your browser and the Facebook server is established via the remarketing tags. Thereby, Facebook receives the information that you have visited our website with your IP address. This allows Facebook to associate visits to our website with your user account. The information we receive in this way can be used to display Facebook Ads. Please note that we, as the provider of these webpages, do not have any knowledge of the content of the data transmitted to, or their use by
Facebook.
For more information about this, please see Facebook’s Data Protection at unter https://www.facebook.com/about/privacy/.

If you do not wish for any data to be collected via Custom Audiences, you can deactivate this feature here (https://www.facebook.com/ads/website_custom_audiences/)

6. YouTube with extended data protection

This website integrates videos from YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in the extended data protection mode. According to YouTube, this mode causes YouTube not to store any information about visitors to this website before they watch the video.

The disclosure of data to YouTube partners is, however, not mandatorily excluded by the extended data protection mode. Therefore, YouTube will establish a connection to the Google DoubleClick network, regardless of whether you are viewing a video or not. You will be linked to the YouTube servers as soon as you start a YouTube video on our website. The YouTube server is then informed about which of our pages you have visited.

If you are logged into your YouTube account, you allow YouTube to directly associate your surfing habits with your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube can save various cookies on your device after starting a video or use comparable recognition technologies ﴾e.g. device fingerprinting﴿. In this way, YouTube can receive information about visitors to this website. Such information is used inter alia to capture video statistics, to improve user‐friendliness, and to prevent attempted fraud. If applicable, starting a YouTube video may trigger further data processing operations. We have no control over this. YouTube is used in the interests of making our online presence more attractive. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be withdrawn at any time.

For more information about privacy at YouTube, please see their Data Protection: https://policies.google.com/privacy?hl=en.

7. Google Web Fonts

External fonts, Google Fonts, are used on this website. Google Fonts is a service of Google Inc. (“Google”). Integration of these web fonts is implemented via a server access, typically a Google server in the United States. This transmits information to the server as to which of our website pages you have visited. Google also stores the IP address of the end device browsers of visitor to these web pages. For more information, see the Google Data Protection, which can be found here: https://www.google.com/fonts#AboutPlace:aboutwww.google.com/policies/privacy/

8. Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. reCAPTCHA is used to check whether the data entered on this website (such as on a contact form) have been entered by a human or by an automated program. To do this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis starts automatically as soon as visitors access the website. For the analysis, reCAPTCHA evaluates a variety of information (e.g. IP address, how long the visitor remains on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.

reCAPTCHA analyses take place entirely in the background. Website visitors are not advised that such an analysis is taking place. The storage and analysis of the data takes place on the basis of Art. 6 para. 1 lit. f GDPR.

The website owner has a legitimate interest in protecting their web offers from abusive automated spying and spam. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be withdrawn at any time.

For further information on Google reCAPTCHA, please refer to Google’s Data Protection and the Google terms of use under the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

9. Purpose of data processing

We process and use the resulting data to improve the marketing of our website, to increase the user‐friendliness of the website and for other optimization purposes. The analysis required for marketing and optimization purposes does not usually allow us to draw any conclusions about your person or personal data. In particular, names, addresses, telephone numbers or other data that can be directly assigned to individuals are not stored. The analysis only provides aggregated data, such as the number of visitors and page views. However, we would like to point out that according to widespread opinion, dynamic IP addresses and the associated usage data are also classified as personal data.

Cookies allow us, among other things, to adapt our website to your wishes and to establish connections between different visits to our website. We also use cookies for target grouporiented advertising. We also allow data providers or other automatic data collection tools to use our cookies so that they can help us deliver our own content and advertisements and measure the effectiveness of our advertising measures. These cookies can provide anonymized or other data, which is linked to data that you have transmitted to us and that we pass on to data providers in a hashed form, which is unreadable for humans.

We do not share any information with these advertisers or other third parties that can be used to directly identify you. Advertisers and other third parties ﴾e.g. advertising networks and any other service providers commissioned by them﴿ can only assume that users who interact with or click on personalized advertisements or content belong to the target group to which the advertisement or content is aimed.

10. Legal basis for the data processing

The cookies, plugins and tracking measures shown are used on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. The data processed in this manner for the stated purposes serves to safeguard the predominant legitimate interests of our company and third parties in the context of a weighing up of interests, in particular in advertising to our customers and users, and is therefore required according to the principle of proportionality.

11. Duration of storage

Some of the cookies we use are deleted after the browser session, i.e. after you close your browser (these are known as session cookies). Other cookies remain on your computer and enable us to recognise your browser on your next visit ﴾persistent cookies﴿. You can see for how long cookies are stored in the overview in the cookie settings section of your web browser. In all other respects, the general storage principles outlined above apply.

12. Possibility of objection and deletion

If you do not want us to use cookies, set your Internet browser so that it deletes cookies from your hard drive, blocks all cookies or warns you before a cookie is saved so that you can decide on a case‐by‐case basis whether you want the cookie. Each browser differs in the way it manages the cookie settings. This is described in more detail in the help menu of each browser. It explains how you can change your cookie settings.

Important: You can only use certain functions, such as restoring content, by using cookies. We therefore recommend that you do not completely deactivate cookies.

VI. Rights of the data subject
Due to data protection regulations, you have the various rights set out below.

1. Right to information

You have the right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if this has not been collected by us, and requires the existence of automated decisionmaking including profiling and, where appropriate, meaningful information about its detail.

2. Right to rectification

Pursuant to Art. 16 GDPR, you are entitled to demand the immediate correction of incorrect or completion of your personal data stored with us.

3. Right to cancellation

You have the right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

4. Right to restrict processing

Pursuant to Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, yet you reject its deletion and we no longer need the data, but you still need this to assert, exercise or defend legal claims or you have objected to processing pursuant to Art. 21 GDPR.

5. The right to data portability

You have to request your personal data that you have provided to us in a structured, current and machine‐readable format or to request its transfer to another controller in accordance with Art. 20 GDPR.

6. The right to withdraw consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time in accordance with Art. 7 para. 3 GDPR. As a result, we may no longer continue any data processing based on your previous consent. Withdrawing consent does not affect the lawfulness of processing based on consent before its revocation. If you would like to make use of your right of withdrawal, it is sufficient to send a corresponding notification via any known communication channel, in particular by email to privacy@sihot.com.

7. The right to file a legal complaint with a supervisory authority

You have the right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our headquarters.

8. Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR if there are reasons for this that arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without the need for you to specify a particular situation. If you would like to make use of your right of objection, it is sufficient to send a corresponding notification via any known communication channel, in particular by email to privacy@sihot.com.

After exercising your right of objection, we will not process your personal data further for these purposes, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims. This does not apply if the processing is for direct marketing purposes. In this instance, we will not process your personal data for this purpose.

9. Automated decisions in individual cases, including profiling

You have the right to not be subjected to a decision based solely on automated processing—including profiling —which has legal bearing on you or that significantly affects you in a similar manner. This does not apply if the decision (1) is required for the conclusion or performance of a contract between you and the data controller, (2) is permitted by Union or Member State legislation to which the data controller is subject, and that legislation is adequate to protect your rights and freedoms as well as your legitimate interests, or (3) is made with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies, and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the data controller will take reasonable measures to safeguard your rights, freedoms, and legitimate interests, including, at a minimum, the right to obtain the intervention of an individual on the part of the data controller to state their own position and challenge the decision.

VII. Data security

We use the popular SSL ﴾Secure Socket Layer﴿ method when you visit our website. You can tell whether an individual page of our website is transmitted in encrypted form by the fact that the address line of the browser changes from “http://” to “https://” and by the display of a closed key or lock icon in the bottom status bar of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously improved corresponding to the technological developments.

The security measures presented are used on the basis of Art. 6 para. 1 sentence 1 lit. f, Art. 32 GDPR. The data processed in this manner is required for security purposes to safeguard our legitimate interests and the interests of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.