Privacy policy

SMF Solutions GmbH
An den Bleicherkolken 10
26871 Aschendorf
Germany
Email: info@smf-solutions.de

Privacy Policy
Status: 23/05/2018

1. General Information on Data Processing and Legal Bases

1.1. This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data within our online offering and the websites, functions, and content associated with it (hereinafter collectively referred to as the “online offering” or “website”). This Privacy Policy applies regardless of the domains, systems, platforms, and devices (e.g. desktop or mobile) on which the online offering is executed.

1.2. The terms used, such as “personal data” or their “processing,” refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

1.3. The personal data of users processed within the scope of this online offering include inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of contact persons, payment information), usage data (e.g. the websites visited within our online offering, interest in our products), and content data (e.g. entries in contact forms).

1.4. The term “users” includes all categories of persons affected by data processing. These include our business partners, customers, interested parties, and other visitors to our online offering. The terms used, such as “users,” are to be understood as gender-neutral.

1.5. We process users’ personal data only in compliance with the relevant data protection regulations. This means that users’ data is processed only if a legal basis exists, i.e. in particular if data processing is necessary for the provision of our contractual services (e.g. order processing) and online services, is legally required, if the users have given consent, or based on our legitimate interests (i.e. interest in the analysis, optimization, economic operation, and security of our online offering within the meaning of Art. 6 para. 1 lit. f GDPR), in particular for reach measurement, creation of profiles for advertising and marketing purposes, and the collection of access data and use of third-party services.

1.6. We point out that the legal basis for consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual measures is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f GDPR.

2. Security Measures

2.1 We take organizational, contractual, and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.

2.2 The security measures include, in particular, the encrypted transmission of data between your browser and our server.

3. Disclosure of Data to Third Parties and Third-Party Providers

3.1 Data is only disclosed to third parties within the framework of legal requirements. We only disclose users’ data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 lit. b GDPR for contractual purposes, or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in the economic and effective operation of our business.

3.2 If we use subcontractors to provide our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of personal data in accordance with the applicable legal regulations.

3.3 If, within the scope of this Privacy Policy, content, tools, or other means from other providers (hereinafter collectively referred to as “third-party providers”) are used and their stated place of business is located in a third country, it must be assumed that data is transferred to the countries where the third-party providers are located. Third countries are countries in which the GDPR does not apply directly, i.e. generally countries outside the EU or the European Economic Area. Data is transferred to third countries either if an adequate level of data protection exists, the users have given consent, or another legal permission exists.

4. Provision of Contractual Services

4.1 We process inventory data (e.g. names and addresses as well as contact details of users) and contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and service provision pursuant to Art. 6 para. 1 lit. b GDPR.

4.2 Users may optionally create a user account, which allows them in particular to view their orders. As part of the registration process, users are informed of the required mandatory information. User accounts are not public and cannot be indexed by search engines. If users cancel their user account, their data relating to the user account will be deleted, unless retention is required for commercial or tax law reasons pursuant to Art. 6 para. 1 lit. c GDPR. It is the users’ responsibility to back up their data before the end of the contract following cancellation. We are entitled to irretrievably delete all data stored during the term of the contract.

4.3 As part of registration, renewed logins, and use of our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as the users’ interest in protection against misuse and other unauthorized use. This data is generally not disclosed to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c GDPR.

4.4 We process usage data (e.g. websites visited within our online offering, interest in our products) and content data (e.g. entries in contact forms or user profiles) for advertising purposes in a user profile, in order to display product information to users, for example, based on services they have previously used.

5. Contact

5.1 When contacting us (via contact form or email), the user’s information is processed to handle the contact request and its processing pursuant to Art. 6 para. 1 lit. b GDPR.

5.2 Users’ information may be stored in our customer relationship management system (“CRM system”) or a comparable request organization system.

6. Comments and Contributions

6.1 When users leave comments or other contributions, their IP addresses are stored for 7 days based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR.

6.2 This is done for our security in case someone leaves unlawful content in comments or contributions (insults, prohibited political propaganda, etc.). In this case, we ourselves may be held liable for the comment or contribution and are therefore interested in the author’s identity.

7. Collection of Access Data and Log Files

7.1 Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR, we collect data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

7.2 Log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum of seven days and then deleted. Data whose further retention is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

8. Cookies & Reach Measurement

8.1. Cookies are information that is transferred from our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies may be small files or other types of information storage.

8.2 We use “session cookies,” which are stored only for the duration of the current visit to our online presence (e.g. to enable the storage of your login status or the shopping cart function and thus the use of our online offering at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and storage duration. These cookies cannot store other data. Session cookies are deleted when you end the use of our online offering, e.g. by logging out or closing the browser.

8.3 Users are informed about the use of cookies within the scope of pseudonymous reach measurement as part of this Privacy Policy.

8.4 If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may lead to functional restrictions of this online offering.

8.5 You can object to the use of cookies used for reach measurement and advertising purposes via the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

9. Google Analytics

9.1 Based on our legitimate interests (i.e. interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f GDPR), we use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google uses cookies. The information generated by the cookie about users’ use of the online offering is usually transferred to a Google server in the USA and stored there.

9.2 Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

9.3 Google will use this information on our behalf to evaluate users’ use of our online offering, to compile reports on activities within this online offering, and to provide us with other services related to the use of this online offering and internet usage. Pseudonymous user profiles may be created from the processed data.

9.4 We use Google Analytics to display ads placed within Google’s advertising services and those of its partners only to users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined based on visited websites) that we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we also want to ensure that our ads correspond to users’ potential interests and are not intrusive.

9.5 We use Google Analytics only with IP anonymization activated. This means that users’ IP addresses are shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

9.6 The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software settings; users can also prevent the collection of data generated by the cookie and related to their use of the online offering and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

9.7 Further information on data usage by Google, setting options, and objection options can be found on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses data when you use our partners’ sites or apps”), http://www.google.com/policies/technologies/ads (“Advertising”), http://www.google.de/settings/ads (“Manage information that Google uses to show you ads”).

10. Google Re/Marketing Services

10.1 Based on our legitimate interests (i.e. interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f GDPR), we use the marketing and remarketing services (collectively “Google Marketing Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

10.2 Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

10.3 Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner, in order to present users only with ads that potentially correspond to their interests. If, for example, users are shown ads for products they have shown interest in on other websites, this is referred to as “remarketing.” For these purposes, when our and other websites on which Google Marketing Services are active are accessed, a Google code is executed directly by Google and so-called (re)marketing tags (invisible graphics or codes, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). Cookies may be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites the user visited, which content they are interested in, and which offers they clicked, as well as technical information about the browser and operating system, referring websites, visit time, and other information about the use of the online offering. The users’ IP address is also recorded, whereby we inform Google Analytics that the IP address is shortened within EU member states or other contracting states of the European Economic Area and only in exceptional cases is fully transmitted to a Google server in the USA and shortened there. The IP address is not merged with user data from other Google services. Google may also combine the aforementioned information with information from other sources. If users subsequently visit other websites, ads tailored to their interests may be displayed.

10.4 Users’ data is processed pseudonymously within the scope of Google Marketing Services. This means that Google does not store or process users’ names or email addresses, for example, but processes the relevant data cookie-related within pseudonymous user profiles. From Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about users by Google Marketing Services is transmitted to Google and stored on Google’s servers in the USA.

10.5 The Google Marketing Services we use include, among others, the online advertising program “Google AdWords.” In the case of Google AdWords, each AdWords customer receives a different “conversion cookie.” Cookies therefore cannot be tracked across the websites of AdWords customers. The information collected using the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that allows users to be personally identified.

10.6 We may also use the “Google Optimizer” service. Google Optimizer allows us to track how various changes to a website affect user behavior as part of so-called “A/B testing” (e.g. changes to input fields, design, etc.). For these testing purposes, cookies are stored on users’ devices. Only pseudonymous user data is processed.

10.7 We may also use the “Google Tag Manager” to integrate and manage Google analysis and marketing services on our website.

10.8 Further information on Google’s use of data for marketing purposes can be found on the overview page: https://policies.google.com/technologies/ads. Google’s Privacy Policy is available at https://policies.google.com/privacy.

10.9 If you wish to object to interest-based advertising by Google Marketing Services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.

11. Facebook Social Plugins

11.1 Based on our legitimate interests (i.e. interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f GDPR), we use social plugins (“plugins”) of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins may display interaction elements or content (e.g. videos, images, or text posts) and are recognizable by one of the Facebook logos (a white “f” on a blue tile, the words “Like” or “Gefällt mir,” or a “thumbs up” symbol) or are marked with the addition “Facebook Social Plugin.” A list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

11.2 Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

11.3 When a user accesses a function of this online offering that contains such a plugin, their device establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted directly from Facebook to the user’s device and integrated into the online offering. User profiles may be created from the processed data. We therefore have no influence on the scope of the data collected by Facebook via this plugin and inform users accordingly based on our knowledge.

11.4 By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offering. If the user is logged into Facebook, Facebook can associate the visit with the user’s Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted directly from the user’s device to Facebook and stored there. If a user is not a Facebook member, Facebook may still be able to obtain and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.

11.5 The purpose and scope of data collection and the further processing and use of the data by Facebook, as well as users’ rights and setting options for protecting their privacy, can be found in Facebook’s Privacy Policy: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about them via this online offering and link it to their Facebook member data, they must log out of Facebook and delete their cookies before using our online offering. Further settings and objections to the use of data for advertising purposes are possible within Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they apply to all devices such as desktop computers or mobile devices.

12. Facebook Custom Audiences and Facebook Marketing Services

12.1 Within our online offering, the so-called “Facebook Pixel” of the social network Facebook is used for the purposes of analysis, optimization, and economic operation of our online offering, based on our legitimate interests. The service is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

12.2 Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

12.3 With the help of the Facebook Pixel, Facebook is able to determine visitors to our online offering as a target group for the display of advertisements (“Facebook Ads”). Accordingly, we use the Facebook Pixel to display Facebook Ads placed by us only to Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined based on visited websites) that we transmit to Facebook (“Custom Audiences”). With the help of the Facebook Pixel, we also want to ensure that our Facebook Ads correspond to users’ potential interests and are not intrusive. In addition, the Facebook Pixel allows us to track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (“conversion”).

12.4 The Facebook Pixel is integrated directly by Facebook when our websites are accessed and can store a so-called cookie, i.e. a small file, on your device. If you subsequently log into Facebook or visit Facebook while logged in, the visit to our online offering will be noted in your profile. The data collected about you is anonymous to us and does not allow us to draw conclusions about users’ identities. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook for its own market research and advertising purposes. If we transmit data to Facebook for matching purposes, this data is encrypted locally in the browser and only then transmitted to Facebook via a secure https connection. This is done solely for the purpose of matching with data that is also encrypted by Facebook.

12.5 Data processing by Facebook is carried out in accordance with Facebook’s Data Use Policy. Accordingly, general information on the display of Facebook Ads can be found in Facebook’s Data Use Policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s Help Center: https://www.facebook.com/business/help/651294705016616.

12.6 You can object to the collection by the Facebook Pixel and the use of your data for displaying Facebook Ads. To set which types of advertisements are shown to you within Facebook, you can visit the page set up by Facebook and follow the instructions for settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they apply to all devices such as desktop computers or mobile devices.

12.7 You can also object to the use of cookies for reach measurement and advertising purposes via the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

13. Newsletter

13.1 With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch, and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.

13.2 Newsletter content: We send newsletters, emails, and other electronic notifications containing promotional information (hereinafter “newsletter”) only with the recipients’ consent or a legal permission. If the contents of the newsletter are specifically described during registration, they are decisive for users’ consent. Otherwise, our newsletters contain information about our products, offers, promotions, and our company.

13.3 Double opt-in and logging: Registration for our newsletter takes place using a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one can register using someone else’s email address. Newsletter registrations are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the registration and confirmation times as well as the IP address. Changes to your data stored with the mailing service provider are also logged.

13.4 Registration data: To subscribe to the newsletter, it is sufficient to provide your email address.

13.5 The use of logging of the registration procedure is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our interest is directed toward the use of a user-friendly and secure newsletter system that serves both our business interests and users’ expectations.

13.6 Cancellation/revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. This also simultaneously revokes your consent to its dispatch by the mailing service provider and the statistical analyses. Unfortunately, a separate revocation of dispatch by the mailing service provider or statistical evaluation is not possible. A link to unsubscribe from the newsletter can be found at the end of each newsletter. If users have subscribed only to the newsletter and cancel this subscription, their personal data will be deleted.

14. Integration of Third-Party Services and Content

14.1
Within our online offering, we use content or service offerings from third-party providers based on our legitimate interests (i.e. interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always requires that the third-party providers of this content perceive users’ IP addresses, since they could not send the content to users’ browsers without the IP address. The IP address is therefore required for the display of this content.

We endeavor to use only such content whose respective providers use the IP address solely for delivering the content.

Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Pixel tags allow information such as visitor traffic on the pages of this website to be evaluated.

The pseudonymous information may also be stored in cookies on users’ devices and may include, among other things, technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offering, as well as be linked with such information from other sources.

14.2
The following overview provides a list of third-party providers and their content, along with links to their privacy policies, which contain further information on data processing and—partly already mentioned here—opt-out options:

Third-party payment services (e.g. PayPal, Amazon Pay, or Sofortüberweisung): The terms and privacy notices of the respective providers apply and are available on their websites or transaction applications.

Google Fonts (Google Inc.): https://www.google.com/fonts
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://www.google.com/settings/ads/

Google Maps (Google Inc.):
Privacy Policy: https://policies.google.com/privacy/
Opt-Out: https://www.google.com/settings/ads/

YouTube (Google Inc.):
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://www.google.com/settings/ads/

Google+ (Google Inc.):
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://www.google.com/settings/ads/

Instagram (Instagram Inc.):
Privacy Policy: http://instagram.com/about/legal/privacy/

LinkedIn (LinkedIn Corporation):
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Pinterest (Pinterest Inc.):
Privacy Policy: https://policy.pinterest.com/de/privacy-policy

Twitter (Twitter Inc.):
Privacy Policy: http://twitter.com/privacy
Privacy settings: http://twitter.com/account/settings

Tumblr (Tumblr Inc.):
Privacy Policy: https://www.tumblr.com/policy/en/privacy

XING (XING AG):
Privacy Policy: https://www.xing.com/app/share?op=data_protection

Hotjar (Hotjar Ltd.):
Privacy Policy: https://www.hotjar.com/privacy
Opt-Out: https://www.hotjar.com/opt-out

jQuery (jQuery Foundation):
Website: https://jquery.org

15. Users’ Rights

15.1 Users have the right to request free information about the personal data stored about them by us.

15.2 In addition, users have the right to rectification of incorrect data, restriction of processing, and deletion of their personal data where applicable, to exercise their right to data portability, and, in the event of unlawful data processing, to lodge a complaint with the competent supervisory authority.

15.3 Users may also revoke their consent at any time, generally with effect for the future.

16. Deletion of Data

16.1 The data stored by us is deleted as soon as it is no longer required for its intended purpose and no statutory retention obligations conflict with deletion. If users’ data is not deleted because it is required for other legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.

16.2 In accordance with legal requirements, data is retained for 6 years pursuant to § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years pursuant to § 147 para. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

17. Right to Object

17.1 Users may object to the future processing of their personal data at any time in accordance with statutory provisions. The objection may be made in particular against processing for direct marketing purposes.

18. Changes to the Privacy Policy

18.1 We reserve the right to amend the Privacy Policy in order to adapt it to changed legal situations or changes to the service and data processing. However, this applies only with regard to declarations on data processing. If user consent is required or parts of the Privacy Policy contain provisions of the contractual relationship with users, changes will only be made with users’ consent.

18.2 Users are requested to regularly inform themselves about the content of the Privacy Policy.