Data protection

Introduction

We are pleased that you are visiting our website and are delighted by your interest in our company. The protection of your personal data is very important for us. CAPRON GmbH (hereafter "CAPRON," "we," or "us") attaches great importance to the security of user data and compliance with data protection regulations. Below we provide more detail about how your data is handled by us.

Data Controller and Data Protection Officer

Data Controller:
CAPRON GmbH, Berghausstraße 1, 01844 Neustadt in Sachsen, Germany
Tel: +49 (0) 3596 53-0
E-Mail: kontakt@capron.eu

Contact details of external Data Protection Officer:
DDSK GmbH
Tel: +49 7542 949 21 00
E-Mail: datenschutz@capron.eu

Terms

The special terms used in this privacy policy are to be understood as legally defined in Art. 4 GDPR.

Notes on data processing – Automated data processing (log files etc.)

Our website can be visited without actively providing personal information about the user. However, every time our website is accessed, we automatically store access data (server log files), such as the name of the internet service provider, the operating system used, the website the user visited us from, the date and duration of the visit and the name of the file accessed, as well the IP address of the device used (for security reasons, such as to recognize attacks on our website) for a period of 7 days. This data is not merged with other data sources. We process and use the data for the following purposes: provision of the website, prevention and detection of errors/malfunctions, and the abuse of the website.

Legal basis: Legitimate interest according to Art. 6 para. 1 lit. f) GDPR

Legitimate interests: Ensuring the functionality and accurate and secure operation of the website and adapting this website to the requirements of the users.

Use of cookies (general, functionality, opt-out links, etc.)

We use cookies on our website to make visiting our website attractive and to enable the use of certain functions. The use of cookies serves our legitimate interest in making your visit to our website as pleasant as possible and is based on Art. 6 para. 1 lit. f) GDPR. Cookies are a standard Internet technology for storing and retrieving of login and other user information for website users. Cookies are small text files that are stored on the end device. Among other things, they enable us to save user settings so that our website can be displayed in a format tailored to the user device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing the browser (so-called session cookies). Other cookies remain on the user's device and enable us or our partner companies to recognize the browser on the next visit (persistent cookies).

The browser can be set so that the user is informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Furthermore, cookies can be deleted retrospectively in order to remove data that the website has stored on the user's computer. Deactivating cookies (so-called opt-out) can lead to some restrictions in the functionality of our website.

Categories of data subjects:

website visitors, users of online services

Opt-Out:

Internet Explorer: https://support.microsoft.com/de-de/help/17442
Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
Safari: https://support.apple.com/de-de/HT201265

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR); fulfilment or initiation of a contract (Art. 6 para. 1 lit. b) GDPR). The relevant legal basis is specifically named with the corresponding tool.

Legitimate interests: Storage of opt-in preferences, presentation of the website, ensuring the functionality of the website, preservation of user status across the entire website, recognition for next website visitors, user-friendly online offering, ensuring chat function.

Consent Management Platforms (Consent Management)

We use a consent management procedure on our online offering in order to be able to prove, store and manage the consent granted by our website visitors in accordance with the requirements of the GDPR. The consent management platform used helps us to identify all cookies and tracking technologies and to control them based on the consent status. At the same time, visitors to our website can use the consent management service we have integrated to manage the consents and preferences granted (optional setting of cookies and other technologies that are not required) or revoke consent at any time using the button.

The status of the consent is stored on the server and/or in a cookie (so-called opt-in cookie) or a comparable technology in order to be able to assign the consent to a user or their device. The time of the declaration of consent is also recorded.

Data categories:

Consent data (consent ID and number, time consent was given, opt-in or opt-out), meta and communication data (e.g. device information, IP addresses)

Purposes of processing:

Fulfillment of accountability, consent management

Legal basis:

Legal obligation (Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 7 GDPR)

Cookiebot

Service used:

Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark

Third country transfer:

Does not take place.

Privacy:

https://www.cookiebot.com/de/privacy-policy

Hosting (incl. content delivery network)

Our website is hosted by an external service provider. Data of visitors to our website, in particular log files, are stored on the servers of our service provider. By using a specialized service provider, we can provide our website efficiently. The hosting provider we use does not process the data for its own purposes.

We also use a Content Delivery Network (CDN) in order to be able to provide the content of our website more quickly. For example, when website visitors access graphics, scripts or other content, these are provided quickly and optimized with the help of regionally and internationally distributed servers. When the data files are retrieved, a connection is established to the servers of a CDN provider, whereby personal data of visitors to our website is processed, such as the IP address and browser data.

Data categories:

User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses)

Purposes of processing:

Correct presentation and optimization of the website, faster and location-independent accessibility of the website

Legal basis:

Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests:

Prevention of unplanned downtime, high scalability, reduction of the bounce rate on the website

Google APIs

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Based on the adequacy decision of the European Commission for the USA

Privacy: https://policies.google.com/privacy?hl=en-US

Google Static

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Based on the adequacy decision of the European Commission for the USA

Privacy: https://policies.google.com/privacy?hl=en-US

IP-Projects

Service used: IP-Projects GmbH & Co. KG, Am Vogelherd 14, 97295 Waldbrunn, Germany

Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Third country transfer: Does not take place.

Privacy: https://ip-projects.de/de/company/data-protection

PHP.net

Service used: The PHP Group

Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Third country transfer: Does not take place.

Privacy: https://www.php.net/privacy.php

Website support and consulting, web agency

We have commissioned a web agency to provide support and advice for services and applications on our website. This agency supports us in all activities related to the design and functionality of our website. In this context, the web agency selected by us receives the access data for our website in order to make necessary adjustments and changes, such as the design of forms or other programming activities.

Access to personal data, such as data from forms or log data of website visitors, cannot be ruled out. The web agency therefore acts as a processor for us and only acts on our instructions. Data is not processed for any other purpose.

Data categories:

Usage data (e.g. access times), meta and communication data (e.g. device information, IP addresses), contact data (e.g. email address), content data (e.g. text information)

Purposes of processing:

Support for web analysis and optimization, analysis of user behavior on the website (website interaction) for web optimization and reach measurement, checking the utilization of the website

Legal basis:

Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests:

Support and assistance with website maintenance through high level of technical expertise, efficiency through outsourcing

Web agency

Service used: websax.de, Andreas Brauer, Bergstraße 1g, 01844 Neustadt in Sachsen, Germany

Third country transfer: Does not take place.

Privacy: https://websax.de/datenschutz.php

Online marketing

In order to continuously increase our reach and the awareness of our online offering, we process personal data in the context of online marketing, in particular with regard to potential interests and the measurement of the effectiveness of our marketing measures.

For the purpose of measuring the effectiveness of our marketing measures and identifying potential interests, relevant information is stored in cookies or similar procedures are used. The data stored in cookies may include content viewed, online presences visited, settings and functions and systems used. However, no clear data of users is regularly processed for the purposes described. The data is then modified in such a way that the actual identity of the users is not known neither to us or to the provider of the tool used. The modified data in this way is often stored in user profiles.

In the case of user profile storage, the data may be read, supplemented and added to the online marketing provider's server when you visit other online services that use the same online marketing method.

We can determine the success of our advertisements based on summarized data made available to us by the provider of the online marketing method (so-called conversion measurement). As part of these conversion measurements, we can track whether a marketing measure has led to a purchase decision by a visitor to our online offering. This evaluation serves to analyze the success of our online marketing.

Categories of data subjects:

Website visitors, users of online services, interested parties, communication partners, business and contractual partners

Data categories:

Usage data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), location data, contact data (e.g. email address), content data (e.g. text details, photographs, videos)

Purposes of processing:

Marketing (partly interest-based and behavior-related), conversion measurement, target group formation, click tracking, development of marketing strategies, and increasing campaign efficiency

Legal basis:

Consent (Art. 6 para. 1 lit. a) GDPR)

Google Ads

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy: https://policies.google.com/privacy

Opt-Out-Link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Google Doubleclick

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy: https://policies.google.com/privacy

Opt-Out-Link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Social Media Presences

We maintain online presences on social networks and career platforms to exchange information with registered users there and to be able to contact them easily.

Sometimes, user data from social networks is used for market research and thus pursue advertising purposes. User profiles can be created and utilized based on users' behavior, such as the indication of interests, in order to tailor advertisements to the interests of target groups. For this purpose, cookies are regularly stored on users' end devices, sometimes regardless of whether they are registered users of the social network.

In connection with the use of social media, we also use the associated messengers to communicate easily with users. We would like to point out that the security of individual services may depend on the user's account settings. Even in the case of end-to-end encryption, the service-provider may be able to draw conclusions about both the fact that users communicate with us and the time that they communicate with us and it may also collect location data if required.

Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This can pose risks for users, for example because it makes it more difficult to enforce their rights.

Data subject categories:

Registered users and non-registered users of the social network

Data categories:

Master data (e.g., name, address), contact data (e.g. email address, phone number), content data (e.g., text details, photographs, videos), usage data (e.g., websites visited, interests, access times), meta and communication data (e.g., device information, IP address)

Purposes of processing:

Expansion of range, networking

Legal basis:

Legitimate interests (Art. 6 para. 1 lit. f) GDPR), consent (Art. 6 para. 1 lit. a) GDPR)

Legitimate interests:

Interaction and communication on social media presence, increased profits, insights into target groups

Instagram

Service used: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Privacy: https://help.instagram.com/519522125107875 and https://www.facebook.com/about/privacy

Opt-Out-Link: https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/

Facebook

Service used: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Privacy: https://www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/page_controller_addendum

Opt-Out-Link: https://www.facebook.com/policies/cookies/

Kununu

Service used: New Work SE, Dammtorstr. 30, 20354 Hamburg, Germany

Privacy: https://privacy.xing.com/de/datenschutzerklaerung

Service used: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Privacy: https://www.linkedin.com/legal/privacy-policy

Opt-Out-Link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Xing

Service used: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany

Privacy: https://privacy.xing.com/de/datenschutzerklaerung

YouTube

Service used: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy: https://policies.google.com/privacy?hl=de&gl=de

Opt-Out-Link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Plugins and integrated third-party content

We have integrated functions and content obtained from third-party providers into our online offering. For example, videos, depictions, buttons or contributions (hereinafter termed ‘content’) can be integrated.

In order to display content to visitors to our website, the respective third-party provider processes, among other things, the IP address of the user so that the content can be transmitted to the browser and displayed. Without this processing operation, it is not possible to display the third-party content.

In order to protect the personal data of website visitors, we have taken protective measures to prevent the automatic transmission of this data to the third-party provider. This data is only transmitted when users actively use the buttons and click on the third-party content.

Categories of Data Subjects:

Users of the plug-in or integrated third-party content

Categories of Data:

Usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, IP address)

Purposes of processing:

Designing our online offering, increasing the reach of advertisements in social media, sharing posts and content, interest-based and behaviour-based marketing, cross-device tracking

Legal basis:

Consent (Art. 6 para. 1 lit. a) GDPR)

Google Fonts

Service used: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy: https://policies.google.com/privacy?hl=de&gl=de

Opt-Out-Link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Google Play

Service used: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy: https://policies.google.com/privacy?hl=de&gl=de

Opt-Out-Link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

YouTube

Service used: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy: https://policies.google.com/privacy?hl=de&gl=de

Opt-Out-Link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Contact us

On our online offering, we offer the option of contacting us directly or requesting information via various contact options.

In the event of contact being made, we process the data of the person making the enquiry to the extent necessary for answering or handling their enquiry. Which data is processed depends on the way in which contact is made with us.

Data subject categories:

Enquirers

Data categories:

Master data (e.g. name, address), contact data (e.g., email address, telephone number), content data (e.g. text input, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address)

Purposes of processing:

Processing requests

Legal basis:

Consent (Art. 6 para. 1 lit. a) GDPR), fulfillment or initiation of a contract (Art. 6 para. 1 lit. b) GDPR)

Job Board

Our job board offers visitors to our website a comprehensive overview of our current vacancies. If you are interested in one of the advertised positions, it is possible to apply for the desired position by email or using the online application form provided. We process the data sent to us in connection with the application in order to assess your suitability for the position (or other open positions within Erwin Hymer Group SE, if applicable) and to carry out the application process. In addition, we process personal data that you have published on the Internet and that we are permitted to process in accordance with data protection laws. This includes, for example, your resume, career history, etc.

If you contact us, we will process the data of the person making the inquiry to the extent necessary to respond to or process the inquiry.

Data subject categories:

Applicants

Data categories:

Master data (e.g. name, address), contact data (e.g., email address, phone number), content data (e.g. resume, text entries, photographs, videos), usage data (e.g., interests, access times), meta and communication data (e.g. device information, IP address)

Purposes of processing:

Processing applications

Legal basis:

Contract fulfillment or initiation (Art. 6 para. 1 lit. b) GDPR)

Online portal

Service used: Sage GmbH, Franklinstraße 61-63, 60486 Frankfurt am Main, Germany

Privacy: https://www.sage.com/de-de/rechtliches/datenschutz-cookies/

Registration for factory tour

Data subject categories:

Participants, interested parties

Data categories:

Master data (e.g., name, address), contact data (e.g. email address, telephone number)

Purposes of processing:

Planning and implementation of factory tours, building security

Legal basis:

Consent (Art. 6 para. 1 lit. a) GDPR)

Downloads (product information, Family News)

On our online offering, visitors have the opportunity to download documents, so that we can provide them with recent or relevant information.

We record clicks on the respective download buttons in order to statistically analyse the use of this content and to improve our offer in a targeted manner. Personal data, in particular the IP address, is stored and analysed. This data is used exclusively for internal analyses and is not passed on to third parties.

Data subject categories:

Interested parties, customers

Data categories:

Meta and communication data (e.g. device information, IP addresses), usage data (e.g. access time)

Purposes of processing:

Marketing, acquiring new customers, increasing sales

Legal basis:

Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests:

Optimization Online Offer

Data transfer

We are a globally active company headquartered in Germany. The data of website visitors is stored in our central customer database in Germany, in compliance with the relevant data protection regulations, and is processed in this context throughout the Group for internal administrative purposes. Processing beyond administrative purposes does not take place.

In the event of transferring personal data to a country outside the EEA in the context of internal group processing, we ensure that the processing is legally permissible in the manner we intend. In this case, we have concluded Binding Corporate Rules/Standard Data Protection Clauses, including a separate provision on appropriate technical and organizational measures to protect the data of data subjects in the best possible way. A copy of the guarantee used is available at this link.

It may be necessary for us to disclose personal data in order to perform contracts or to fulfill a legal obligation. If we are not receiving the personal data, it may not be possible to conclude the contract with the data subject. We transfer data to countries outside the EEA (so-called third countries). This is done for the purposes mentioned above (transfer within the group and/or other recipients). The transfer only takes place to fulfill our contractual and legal obligations or on the basis of prior consent given by the data subject.

Legal basis:

Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests:

‘Small-group exemption’, centralized management and administration within the company to make use of synergy effects, cost savings, increased efficiency

Recipient:

https://www.erwinhymergroup.com/de/unternehmen/ueber-die-erwin-hymer-group

Storage period

In principle, we store the data of visitors to our online offering for as long as needed to render our service or to the extent that the European body issuing directives and regulations or another legislator stipulates in laws and regulations to which we are subject. In all other cases, we delete personal data once the purpose has been fulfilled, with the exception of data that we need to continue to store to comply with legal obligations (e.g. if retention periods under tax law and trade law require us to keep documents such as contracts and invoices for a certain period of time).

Automated decision-making

We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.

Legal bases

Consent: Art. 6 para.1 lit. a) GDPR serves as the legal basis for data processing activities for which we have obtained consent for a specific processing purpose.
Performance of a contract: Art. 6 para.1 lit. b) serves as the legal basis for processing required to perform a contract to which the data subject is a contractual party or for taking steps prior to entering into a contract, at the request of the data subject.
Legal obligation: Art. 6 para.1 lit. c) GDPR is the legal basis for processing that is required to comply with a legal obligation.
Vital interests: Art. 6 para.1 lit. d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
Public interest: Art. 6 para.1 lit. e) GDPR serves as the legal basis for processing that is necessary to perform a task in the public interest or to exercise public force that is transferred to the controller.
Legitimate interest: Art. 6 para.1 lit. f) GDPR serves as the legal basis for processing that is necessary to protect the legitimate interests of the controller or a third party, provided this is not outweighed by the interests or fundamental rights and fundamental freedoms of the data subject that require personal data to be protected, particularly if the data subject is a child.

Rights of data subjects

Right to information: Pursuant to Art. 15 GDPR, data subjects have the right to request confirmation as to whether we are processing data concerning them. They can request information about this data as well as the further information listed in Art. 15 para. 1 GDPR and a copy of their data.
Right to rectification: Pursuant to article 16 GDPR, data subjects have the right to request that data relating to them, and that we process, be rectified or completed.
Right to erasure: Pursuant to article 17 GDPR, data subjects have the right to request that data relating to them be erased without delay. Alternatively, they can request that we restrict the processing of their data, pursuant to article 18 GDPR.
Right to data portability: Pursuant to article 20 GDPR, data subjects have the right to request that data made available to us by them be provided and transferred to another controller.
Right to lodge a complaint: In addition, data subjects have the right to lodge a complaint with the supervisory authority responsible for them, under article 77 GDPR.
Right to object: If personal data is processed on the basis of legitimate interests pursuant to Art. 6 para.1 lit. f) GDPR, under article 21 GDPR data subjects have the right to object to the processing of their personal data, provided there are reasons for this that arise from their particular situation or the objection relates to direct advertising. In the latter case, data subjects have a general right to object that is to be put into effect by us without a particular situation being stated.

Withdrawal of consent

Some data processing procedures can only be carried out with the express consent of the data subject. You have the option to withdraw any consent you have already given. All you need to do is send an email to: datenschutz@capron.eu. The legality of the data processing carried out up to the point of withdrawal shall remain unaffected by the withdrawal.

External links

Our website contains links to the online offerings of other providers. We would like to point out that we have no influence on the content of the linked websites and the compliance with data protection regulations by their providers.

Amendments

We reserve the right to amend this information on data protection, in compliance with the applicable data protection provisions, if changes are made to our online offering so that it complies with the legal requirements.

This privacy policy was drawn by

DDSK GmbH
www.ddsk.de