Privacy Policy

1. Privacy at a glance

General information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data are all data with which you can be personally identified. For detailed information on data protection, please refer to our privacy policy set out below this text.

Data collection on this website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the section “Note on the controller” in this privacy policy.

How do we collect your data?

Your data are collected partly by you providing them to us. This can be, for example, data that you enter in a contact form.

Other data are collected automatically by our IT systems when you visit the website or after your consent. These are primarily technical data (e.g., internet browser, operating system, or time of the page request). The collection of these data occurs automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website. Other data can be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other service requests.

What rights do you have regarding your data?

You have the right at any time to obtain, free of charge, information about the origin, recipients, and purpose of your stored personal data. You also have the right to request correction or deletion of these data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For this purpose and for further questions on the topic of data protection, you can contact us at any time.

Analytics tools and third-party tools

When you visit this website, your surfing behavior may be statistically evaluated. This is done primarily with so-called analysis programs.

Detailed information on these analysis programs can be found in the following privacy policy.

2. Hosting

We host the contents of our website with the following provider:

All-Inkl

Provider: ALL-INKL.COM – Neue Medien Münnich, Sole proprietor René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter “All-Inkl”). Details can be found in All-Inkl’s privacy policy:
https://all-inkl.com/datenschutzinformationen/.

The use of All-Inkl is based on Article 6(1)(f) GDPR. We have a legitimate interest in a reliable presentation of our website. If an appropriate consent has been requested, processing takes place exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data processing on behalf (order processing)

We have concluded a data processing agreement (AVV) for the use of the aforementioned service. This is a contract required under data protection law that ensures that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General information and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as with this privacy policy.

When you use this website, various personal data are collected. Personal data are data by which you can be personally identified. This privacy policy explains which data we collect and for what purposes we use them. It also explains how and for what purpose this is done.

We point out that data transmission on the Internet (e.g., when communicating by e-mail) may have security gaps. Complete protection of data against access by third parties is not possible.

Note on the controller

The controller responsible for data processing on this website is:

Armbruster GmbH
Josef-Maier-Str. 6
D-77790 Steinach
Germany

Phone: +49 7832 97591-0
Email: datenschutz@armbruster.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, e-mail addresses).

Storage period

Unless a more specific storage period is stated in this privacy policy, your personal data will remain with us until the purpose for data processing ceases. If you assert a legitimate request for deletion or revoke a consent to data processing, your data will be deleted provided we do not have other legally permissible reasons to retain your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will take place after these reasons cease to apply.

General information on the legal bases of data processing on this website

f you have given consent to data processing, we process your personal data on the basis of Article 6(1)(a) GDPR or Article 9(2)(a) GDPR if special categories of data under Article 9(1) GDPR are processed. In the case of an explicit consent to the transfer of personal data to third countries, data processing is also based on Article 49(1)(a) GDPR. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g., via device fingerprinting), data processing is additionally based on Section 25(1) TDDDG. Consent can be revoked at any time. If your data are required for the fulfillment of a contract or the implementation of pre-contractual measures, we process your data on the basis of Article 6(1)(b) GDPR. Furthermore, we process your data when necessary to comply with a legal obligation on the basis of Article 6(1)(c) GDPR. Data processing may also occur on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR. The specific legal bases applicable in individual cases are provided in the following paragraphs of this privacy policy.

data protection officer

We have appointed a data protection officer.

Mr. Armin Hansmann

Phone: +49 7832 97591-0
Email: datenschutz@armbruster.com

Recipients of personal data

As part of our business activities, we work with various external bodies. In some cases, the transfer of personal data to these external bodies is necessary. We only pass on personal data to external bodies if this is necessary for the fulfillment of a contract, if we are legally obliged to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in disclosure pursuant to Article 6(1)(f) GDPR, or if another legal basis permits data transfer. When using processors (order processors), we only pass on personal data of our customers on the basis of a valid contract for order processing. In the case of joint processing, a contract on joint processing is concluded.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. The lawfulness of the processing carried out up to the revocation remains unaffected by the revocation.

Right to object to data collection in specific cases and to direct marketing (Article 21 GDPR)

IF DATA PROCESSING IS BASED ON ARTICLE 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT, AT ANY TIME AND FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS FOR THE PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21(1) GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ARTICLE 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work, or place of the alleged infringement. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract, in a commonly used, machine-readable format and to have those data transferred to another controller, where technically feasible.

Access, rectification and erasure

Under the applicable legal provisions, you have the right at any time to obtain, free of charge, information about your stored personal data, their origin and recipients, and the purpose of the data processing, and you may have the right to rectification or erasure of these data. For this purpose and for further questions on the topic of personal data, you can contact us at any time.

Right to restriction of processing

You have the right to request the restriction of processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of the personal data we hold about you, we generally need time to verify this. During the period of verification, you have the right to request restriction of the processing of your personal data.
If processing of your personal data has been carried out unlawfully, you may request restriction of processing instead of erasure.
If we no longer need your personal data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims, you have the right to request restriction of processing instead of erasure.
If you have lodged an objection pursuant to Article 21(1) GDPR, a balance must be made between your interests and ours. As long as it is not yet determined whose interests prevail, you have the right to request restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data—apart from their storage—may only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for important public interest reasons of the European Union or a member state.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests you send to us as the site operator. You can recognize an encrypted connection when the address line of your browser changes from “http://” to “https://” and when you see the lock icon in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Data collection on this website

Cookies

Our websites use so-called “cookies”. Cookies are small data packages and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your terminal device until you delete them yourself or an automatic deletion is carried out by your web browser.

Cookies can originate from us (first-party cookies) or from third parties (so-called third-party cookies). Third-party cookies enable the integration of certain services of third parties into websites (e.g., cookies for processing payment services).

Cookies have different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are necessary for performing the electronic communication process, providing certain functions you request (e.g., for the shopping cart function), or optimizing the website (e.g., cookies for measuring web audiences) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of that consent (Article 6(1)(a) GDPR and Section 25(1) TDDDG); consent can be revoked at any time.

You can configure your browser so that you are informed about the setting of cookies and only allow cookies on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general, and enable the automatic deletion of cookies when closing the browser. Disabling cookies may restrict the functionality of this website.

Which cookies and services are used on this website can be found in this privacy policy.

Consent with Cookiebot

Our website uses the consent technology “Cookiebot” to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document these in a data protection-compliant manner. The provider of this technology is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).

When you access our website, a connection to Cookiebot’s servers is established to obtain your consents and other declarations on cookie usage. Afterwards, Cookiebot saves a cookie in your browser in order to assign the consents given or revoked to you. The data thus recorded are stored until you request deletion from us, delete the Cookiebot cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected. Cookiebot is used to obtain the legally required consents for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

Data processing on behalf (order processing)

We have concluded a data processing agreement (AVV) for the use of the service mentioned above. This is a contract required under data protection law that ensures that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Server log files

The provider of the site automatically collects and stores information in so-called server log files that your browser automatically transmits to us. These are:

Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address

A merging of these data with other data sources will not be carried out.

The collection of these data takes place on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website—this requires the recording of server log files.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form including the contact details you provide there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on these data without your consent.

Processing of these data is carried out on the basis of Article 6(1)(b) GDPR if your request is related to the fulfillment of a contract or necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively processing inquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if this was requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request deletion, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g., after completion of the processing of your inquiry). Mandatory statutory provisions—especially retention periods—remain unaffected.

Inquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone, or fax, your inquiry including all personal data arising from it (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on these data without your consent.

The data you send to us via contact inquiries remain with us until you request their deletion, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g., after processing of your request). Mandatory statutory provisions—especially statutory retention periods—remain unaffected.

5. Analytics Tools and Advertising

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to integrate tracking or analytics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies, and does not perform independent analyses. It is solely used for managing and deploying the tools integrated through it. However, the Google Tag Manager does capture your IP address, which may also be transmitted to Google’s parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If corresponding consent has been obtained, processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TCDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TCDDG. Consent can be revoked at any time.

The company holds a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, duration of stay, operating systems used, and the user’s origin. These data are compiled into a user ID and assigned to the respective end device of the website visitor.

Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks. In addition, Google Analytics uses various modeling approaches to supplement the recorded datasets and applies machine learning technologies in data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to and stored on a Google server in the USA. The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TCDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.

IP Anonymization

Google Analytics IP anonymization is activated. This means your IP address is shortened by Google within member states of the European Union or other parties to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide further services related to website and internet usage to the website operator. The IP address transmitted by your browser within Google Analytics is not merged with other data from Google.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de.

More information on handling user data with Google Analytics can be found in Google’s privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de.

Data processing on behalf (order processing)

We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

6. Plugins and Tools

YouTube with enhanced privacy mode

This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of the websites where YouTube is embedded, a connection to the YouTube servers is established. The YouTube server is informed about which of our pages you visited. If you are logged into your YouTube account, you allow YouTube to directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in enhanced privacy mode. According to YouTube, videos played in enhanced privacy mode are not used for personalizing surfing on YouTube. Ads shown in enhanced privacy mode are also not personalized. In enhanced privacy mode, no cookies are set. Instead, so-called local storage elements are stored in the user’s browser, which are similar to cookies, contain personal data, and can be used for re-identification. Details about enhanced privacy mode can be found here:
https://support.google.com/youtube/answer/171780.

Potentially, further data processing may be triggered after activating a YouTube video, over which we have no influence.

The use of YouTube is in the interest of an appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If corresponding consent has been obtained, processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TCDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TCDDG. Consent can be revoked at any time.

Further information on data protection at YouTube can be found in their privacy policy at:
https://policies.google.com/privacy?hl=de.

Adobe Fonts

This website uses web fonts from Adobe to ensure uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you access this website, your browser downloads the necessary fonts directly from Adobe to display them correctly on your device. Your browser establishes a connection to Adobe servers in the USA. As a result, Adobe becomes aware that this website was accessed via your IP address. According to Adobe, no cookies are stored when providing the fonts.

Storage and analysis of data are based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform appearance of the typeface on their website. If corresponding consent has been obtained, processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TCDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TCDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here:
https://www.adobe.com/de/privacy/eudatatransfers.html.

Further information about Adobe Fonts is available at:
https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

Adobe’s privacy policy can be found at:
https://www.adobe.com/de/privacy/policy.html

7. Own Services

Handling of Applicant Data

We offer you the opportunity to apply to us (e.g., by email, postal mail, or via an online application form). Below we inform you about the scope, purpose, and use of your personal data collected in the application process. We assure you that the collection, processing, and use of your data is carried out in accordance with applicable data protection law and all other legal provisions and that your data is treated strictly confidentially.

Scope and Purpose of Data Collection

When you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, notes from interviews, etc.) as far as necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation), and – if you have given consent – Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data is only passed on within our company to persons involved in processing your application. If the application is successful, the data you submitted will be stored in our data processing systems for the purpose of conducting the employment relationship based on § 26 BDSG and Art. 6 para. 1 lit. b GDPR.

Retention Period of Data

If we cannot make you a job offer, you reject a job offer, or you withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal). Subsequently, the data will be deleted and physical application documents destroyed. Retention is particularly for evidentiary purposes in case of legal disputes. If it becomes apparent that the data will be required after the 6-month period (e.g., due to a pending or threatened legal dispute), deletion will only take place when the purpose for further retention no longer applies.

Longer retention may also take place if you have given corresponding consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.

Inclusion in the Applicant Pool

If we cannot make you a job offer, there may be the possibility to include you in our applicant pool. In this case, all documents and information from the application will be transferred to the applicant pool to contact you in case of suitable vacancies.

Inclusion in the applicant pool is solely based on your express consent (Art. 6 para. 1 lit. a GDPR). Giving consent is voluntary and unrelated to the current application process. The data subject may withdraw their consent at any time. In this case, the data from the applicant pool will be permanently deleted, provided there are no legal reasons for retention.

The data from the applicant pool will be permanently deleted no later than two years after the consent has been given.