Privacy Policy

Data protection declaration of Zeller-Gmelin GmbH & Co. KG

We welcome you to our website and are delighted that you are interested in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the General Data Protection Regulation (GDPR) and the country-specific implementing laws applicable to us. This data protection declaration is intended to provide you with comprehensive information about how Zeller-Gmelin GmbH & Co. KG processes your personal data and the rights to which you are entitled.

Personal data is information that makes it possible to identify a natural person. This includes in particular your name, date of birth, address, telephone number, e-mail address and also your IP address.

Anonymous data exists when no personal reference to the user can be established.

Controller and data protection officer

Zeller-Gmelin GmbH & Co. KG
Schlossstrasse 20
73054 Eislingen/Fils

Phone +49 7161 802-0
Fax +49 7161 802-290
www.zeller-gmelin.de
info@zeller-gmelin.de

Contact for data protection

datenschutz@zeller-gmelin.de

Your rights as a data subject

First of all, we would like to inform you of your rights as a data subject. These rights are regulated in Articles 15-22 of the GDPR. This includes:

  • Right of access (Art. 15 GDPR),
  • Right to erasure (Art. 17 GDPR),
  • Right to rectification (Art. 16 GDPR),
  • Right to data portability (Art. 20 GDPR),
  • Right to restriction of data processing (Art. 18 GDPR),
  • Right to object to data processing (Art. 21 GDPR).

To exercise these rights, please contact: datenschutz@zeller-gmelin.de. The same shall apply if you have any questions regarding data processing in our company or wish to withdraw any consent you have given. Moreover, you have the right to lodge a complaint with a data protection supervisory authority.

Rights of objection

Please note the following in connection with rights of objection:

If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling, insofar as it is associated with direct marketing.

If you object to the processing of your personal data for direct marketing purposes, we shall no longer process your personal data for these purposes. The objection is free of charge and it must be made in writing, if possible, to: datenschutz@zeller-gmelin.de.

In the event that we process your data to safeguard legitimate interests, you may object to this processing at any time for reasons arising from your particular situation; this shall also apply to profiling based on these provisions.

We shall then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is used for the establishment, exercise or defense of legal claims.

Purposes and legal basis for data processing

When processing your personal data, the provisions of the GDPR and all other applicable data protection regulations shall be complied with. The legal basis for data processing is provided in particular by Art. 6 GDPR.

We use your data to initiate business, to fulfill contractual and legal obligations, to implement the contractual relationship, to offer products and services, and to strengthen customer relationships, which may also include analyses for marketing purposes and direct advertising.

Specifically, we need your data – your personal information – for the following functions and services to work, such as when you order our newsletter or send us an enquiry.

Your consent to the data processing may also constitute a data protection authorization. Before we obtain your consent, we will inform you about the purpose of the data processing and your right of withdrawal.

If the consent also relates to the processing of special categories of personal data, we will expressly draw your attention to this in the consent. Processing of special categories of personal data in accordance with Art. 9 GDPR must otherwise only be made if this is required by law.

Processing of special categories of personal data as defined in Art. 9 para. 1 GDPR must be made only if required by law and if there is no reason to assume that your legitimate interest in excluding the processing outweighs.

Passing on to third parties

We will only pass on your data to third parties within the framework of the legal provisions or with your consent. Otherwise, data shall not be passed on to third parties unless we are obliged to do so by mandatory legal provisions (passing on to external bodies such as supervisory authorities or law enforcement agencies).

Recipients of the data / categories of recipients

Within our company, we ensure that only those persons who need your data to fulfill their contractual and legal obligations receive it.

In certain cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection agreements have been concluded with all service providers. This shall apply in particular to service providers who support us in the areas of payment, e-mail marketing and IT system operation.

Transfer to third countries / intention to transfer to third countries

Data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary to fulfill the contractual obligation, if it is legally required or if you have given us your consent to do so.

Compliance with the data protection level is ensured by, for example, standard contractual clauses or registration within the framework of the Data Privacy Framework.

Data storage period

We store your data for as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data (must) continue to be stored. This applies in particular to commercial or tax law retention requirements (e.g. the German Commercial Code, the German Fiscal Code, etc.). Unless there are any further obligations to retain data, it is routinely erased once it has served its purpose.

In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence within the framework of legal prescription periods, which can be up to thirty years; the regular prescription period is three years.

Secure transmission of your data

We use appropriate technical and organizational security measures to protect the data we store against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards.

The data exchange from and to our website is always encrypted. We offer HTTPS as the transmission protocol for our website, always using the latest encryption protocols. Moreover, we offer our users transport encryption as part of the contact forms. It is also possible to use alternative means of communication (e.g. by post).

Obligation to provide data

Various personal data are necessary for the establishment, execution and termination of the contractual relationship and the fulfillment of the associated contractual and legal obligations. The same shall apply to the use of our website and the various functions it provides.

We have summarized the details for you in the aforementioned point. In certain cases, data must also be collected or made available on the basis of legal provisions. Please note that it is not possible to process your request or fulfill the underlying contractual obligation without providing this data.

Categories, sources and origin of data

The data we process depends on the context: This depends on whether, for example, you contact us with a request or lodge a complaint.

Please note that we may also provide information for special processing situations separately in a suitable body, e.g. in the case of a contact request.

When you visit our website, we collect and process the following data:

  • Name of the Internet service provider
  • Information about the website from which you are visiting us
  • Web browser and operating system used
  • The IP address assigned by your Internet service provider
  • Requested files, transferred data volume, downloads/file exports
  • Information about the websites you visit on our site, including date and time

For reasons of technical security (in particular to prevent attacks on our web server), this data is stored in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. After a maximum of 7 days, anonymization takes place by shortening the IP address so that no reference to the user is made.

In the context of a contact request, we collect and process the following data:

  • Surname, first name
  • Contact details
  • Salutation
  • Company
  • Company website
  • Information on wishes and interests

Registration option (Art. 6 para. 1 sentence 1 lit. a, b GDPR)

On our website, we offer users the option of registering by providing personal data. The advantage is that you can obtain more detailed information about our products here.

Registration is therefore either necessary or possible for the fulfillment of a contract or for the implementation of pre-contractual measures.

The principle of data minimization and avoidance is observed here, as only the data required for registration is marked with an asterisk (*) as a mandatory field. These include, for example, first name, surname, company, e-mail address, interest in information from which area, as well as password and password repetition.

The registration of the data subject, with the voluntary provision of personal data, enables the data controller to offer the data subject content or services that, by their very nature, can only be offered to registered users. Registered persons have the right to change the personal data provided at the time of registration at any time or to have it completely erased from the data stock of the controller.

Moreover, when you register on our website, the IP address of the user, the date and the time of registration are stored (technical background data). By clicking the “Register” button, you consent to the processing of your data.

Please note: The password you choose will be stored by us in encrypted form. Employees of our company cannot read this password. They will therefore be unable to help you if you have forgotten your password.

In this case, use the “Forgotten password” function, which will send you a new password generated automatically by e-mail. No employee is authorized to request your password from you by telephone or in writing. Please never disclose your password if you receive such requests.

Once you have completed the registration process, your data will be stored with us for use in the protected customer area. As soon as you register on our website, this data is made available for the actions you carry out on our website.

Our customer service team will be happy to make any changes / corrections if you contact them. Of course, you can also have your registration or customer account erased.

Newsletter (Art. 6 para. 1 sentence 1 lit. a GDPR)

You can subscribe to our free newsletter on our website. The e-mail address provided when registering for the newsletter will be used to send the newsletter.

The principle of data minimization and avoidance is observed here, as only the e-mail address is marked as a mandatory field. For technical reasons and for legal protection, your IP address is also processed when you order the newsletter.

We use the so-called double opt-in procedure to send newsletters by e-mail. This means that you will only receive advertising by e-mail if you have previously expressly confirmed that we should activate the newsletter service. This is done by sending you a notification e-mail and asking you to click on a link contained in this e-mail to confirm that you would like to receive our newsletter at this e-mail address.

You can, of course, cancel your subscription at any time using the unsubscribe option provided in the newsletter and thus withdraw your consent. You can also unsubscribe from the newsletter at any time directly via our website.

Moreover, we use a newsletter tracking pixel. This is a technology that records how users read our newsletter, which information is clicked on particularly often and which is not. The aim is to optimize our newsletter so that it is even more appealing, easier to read and more informative for you. The collected data is stored anonymously and is not assigned to you as a person. The data collected is purely statistical in nature, as it is only collected anonymously and is not combined with your other personal data.

Social media links

On our website you will find links to the social media services of LinkedIn, Instagram, YouTube, Meta / Facebook, and Xing. You can recognize links to the websites of social media services by the respective company logo. If you follow these links, you will be taken to the Zeller & Gmelin GmbH & Co. KG company page on the respective social media service. When you click on a link to a social media service, a connection is established to the servers of the social media service. This will notify the social media service’s servers that you have visited our website. In addition, further data is transferred to the provider of the social media service. These are, for example:

  • Address of the website where the activated link is located
  • Date and time of the website visit or link activation
  • Information about the browser and operating system used
  • IP address

If you are already logged in to the corresponding social media service when you activate the link, the social media service provider may be able to determine your user name and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media service. You can prevent this option from being assigned to your personal user account by logging out of your user account beforehand.

The servers of the social media services are located in countries outside the European Union. The data may therefore also be processed by the provider of the social media service in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that generally do not protect personal data to the same extent as in the member states of the European Union.

Please note that we have no influence on the scope, type and purpose of the data processing by the provider of the social media service. For more information on how your data is used by the social media services integrated into our website, please refer to the privacy policy of the respective social media service.

Cookies (Art. 6 para. 1 sentence 1 lit. a, f GDPR, Art. 25 para. 1, 2 TDDDG (German Telecommunications Digital Services Data Protection Act))

Our website uses so-called cookies. They are used to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your device and saved (locally) by your browser. Cookies only contain pseudonymous, and usually even anonymous, data. Some cookies remain for the duration of a browser session (so-called session cookies), while others are stored for a longer period (so-called persistent cookies, e.g. consent settings or language selection). The latter are automatically erased after the specified time (usually up to 6 months). In addition to our own cookies, we also post cookies that are controlled by third-party providers. These use the information contained in the cookies to, for example, display content to you or to record the pages you visit.

Based  on our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), we use technically necessary cookies that are absolutely necessary for the operation of the website and to ensure its functionality. Furthermore, we use cookies without your consent if their sole purpose is to store or access information stored on the end device for the transmission of messages or if they are absolutely necessary to provide the service you have expressly requested, Art. 25 para. 2 TDDDG (German Telecommunications Digital Services Data Protection Act).

We use the following technically necessary cookies:

Provided you have given your consent, further cookies will be posted, which enable us or third parties to analyze how our services are used. This enables us to customize the content to meet user needs.

In addition, cookies enable us to measure the effectiveness of a particular ad and to place it, for example, depending on the user’s thematic interests. The legal basis for this is your express consent (Art. 6 para. 1 sentence 1 lit. a GDPR, Art. 25 para. 1 TDDDG (German Telecommunications Digital Services Data Protection Act)).

You can withdraw your consent at any time with effect for the future and change the cookie settings via our consent banner. Please note that changes must be made separately for each device.

If you have accounts with the third-party providers we use and are logged in to them, it is possible that your data will be linked to the respective account. You can avoid such a merger by not giving or withdrawing your consent to the cookies in question or by logging out of the respective third-party providers in advance.

Most browsers accept cookies automatically. You can also disable, restrict or erase cookies on your device manually via your browser settings or using software. If you disable cookies, you will not be able to use our website to its full extent, or only to a limited extent.

Please also note our information in the section of the respective service that uses cookies.

Borlabs Cookies, Art. 6 para. 1 sentence 1 lit f GDPR, Art. 25 para. 2 TDDDG (German Telecommunications Digital Services Data Protection Act)

We use Borlabs cookies on our website. This is a technically necessary cookie that is required to store a given consent. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR, Art. 25 para. 2 TDDDG (German Telecommunications Digital Services Data Protection Act).  The consent given when you enter our website is stored and it can then be withdrawn or erased by erasing the cookie in your browser. If you then visit our website again, you will be asked for your consent again. The Borlab cookie does not process any personal data.

Website analysis with Plausible, Art. 6 para. 1 sentence 1 lit. f GDPR, Art. 25 para. 2 TDDDG (German Telecommunications Digital Services Data Protection Act)

We use the web analysis tool Plausible from the provider Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia (registration number 14709274). Plausible is an open-source web analytics software. We use the analysis tool to better understand and optimize the use of our website. No cookies are used and cross-platform tracking does not take place. The data will not be passed on to third parties.

Plausible only uses the information from HTTP requests sent to the web server. These are hashed using a hash function with a rotating key (salt). This means that the IP address and the user agent result in a changing identifier consisting of a random combination of letters and numbers for the respective request. The key changes daily and is erased daily. This means that it is impossible to trace the data. The data is then aggregated.

The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR, Art. 25 para. 2 TDDDG (German Telecommunications Digital Services Data Protection Act). To protect your data and to minimize the intrusion, the data is anonymized in advance. The evaluation does not allow any conclusions to be drawn about individual users.

Detailed information can be found at https://plausible.io/data-policy.

Google Maps, Art. 6 para. 1 sentence 1 lit. a GDPR

We use Google Maps (API) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Google Maps is a web service for displaying interactive maps to visualize geographic information.

We have integrated Google Maps using a placeholder so that data is only transmitted to third-party providers when you click on the button. You will need to unlock the card every time you visit our website.

When the map is unlocked, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This occurs regardless of whether Google provides a user account that you are logged into or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not want the association with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as user profiles and analyzes them. Such an evaluation is carried out on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and enables the display of personalized advertising, market research and/or the needs-based design of the website.

Since Google Maps has to be unlocked each time you visit it, it is not necessary to withdraw your consent.

Social media

We maintain profiles on “social media”, including LinkedIn, Instagram, YouTube, Meta / Facebook and Xing.  To the extent that we have control over the processing of your data, we ensure that the applicable data protection regulations are complied with.

The following is the most important information on data protection law in relation to our websites.

Name and address of the company controller

In addition to Zeller & Gmelin GmbH & Co. KG, the controller responsible for the company’s websites in terms of the GDPR and other data protection regulations is

  • Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
  • Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany)
  • YouTube (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland)

However, you use these platforms and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

We would also like to point out that your data may be processed outside the European Union.

Purpose and legal basis

We maintain the fan pages ourselves in order to communicate with visitors to these pages and to inform them about our offers in this way.

We also collect data for statistical purposes in order to be able to further develop and optimize the content and make our offering more attractive. The data required for this (e.g. total number of page views, page activity and data provided by visitors, interactions) is processed by the social networks and made available to us. We have no influence on the generation and display of this data.

In addition, your personal data will be processed by the social media providers, but also by us, for advertising purposes. For example, it is possible that user profiles are created based on your usage behavior and the resulting interests. This means that, among other things, advertisements can be placed within and outside the platforms that correspond to your interests. To do this, cookies are usually stored on your computer. Regardless of this, data that is not collected directly on your end devices can also be stored in your user profiles. The storage and analysis also take place across devices, in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.

We process your personal data on the basis of our legitimate interests in effective information and communication in accordance with Art. 6 para. 1 sentence 1 lit. f. GDPR.

If you are asked for your consent to data processing, i.e. if you give your consent by clicking a button or similar (opt-in), the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a., Art. 7 GDPR.

Your rights / right of objection

If you are a member of a social network and do not want the network to collect data about you through our site and link it to your stored member data on the respective network, you must

  • log out of the respective network before visiting our fan page
  • erase the existing cookies on your device and
  • close and restart your browser.

However, after logging in again, you will be recognized as a specific user on the network.

For a detailed description of the respective processing and the possibilities for objection (opt-out), please refer to the following linked information:

  • Facebook

Data protection declaration: https://www.facebook.com/about/privacy/;

Opt-out:                                  https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com;

  • Instagram

Data protection declaration: https://help.instagram.com/519522125107875;

Opt-out:                                  optout.networkadvertising.org/ and http://www.youronlinechoices.com;

  • LinkedIn

Data protection declaration: https://www.linkedin.com/legal/privacy-policy;

Opt-out:                                  https://www.linkedin.com/legal/cookie-policy and http://www.youronlinechoices.com;

  • Xing

Data protection declaration: https://privacy.xing.com/de/datenschutzerklaerung;

Opt-out:                                  http://www.youronlinechoices.com.

  • YouTube

Data protection declaration: https://policies.google.com/privacy;

Opt-out:                                  https://tools.google.com/dlpage/gaoptout?hl=de and http://www.youronlinechoices.com;

You have the following rights with regard to the processing of your personal data:

Right of access; right to rectification; right to erasure; right to restriction of processing; right to object; right to data portability; right to lodge a complaint with the competent data protection authority regarding unlawful processing of your personal data.

However, since we do not have full access to your personal data, you should contact the social media providers directly if you wish to assert your rights, as they have access to the personal data of their users and can take appropriate measures and provide information.

If you still need help, we will of course try to support you. Please contact datenschutz@zeller-gmelin.de.

Notes on copyright and art copyright

If you intend to publish images, texts, plans, videos, music, etc. on our website, you should be aware that you may be assigning all rights of use to the network, which could ultimately have legal consequences for you if you are not the author or rights holder.

Links to other providers

Our website also contains – clearly recognizable – links to the websites of other companies. Insofar as links to websites of other providers are available, we have no influence on their content. Therefore, no guarantee or liability can be assumed for this content. The respective provider or operator of the pages is always responsible for the content of these pages.

The linked pages were checked for possible legal violations and recognizable infringements at the time the links were created. No illegal content was recognizable at the time of linking. However, it is not reasonable to expect us to constantly monitor the content of the linked pages without any specific indications of a legal violation. If we become aware of any legal infringements, we will remove such links immediately.

Online offers for children

Persons under the age of 16 may not provide us with personal data or give their consent without the consent of their legal guardian. We encourage parents and guardians to take an active interest in their children’s online activities and interests.

Automated individual case decisions

We do not use purely automated processing to make a decision.

Changes to this data protection declaration

We reserve the right to amend this data protection declaration in the future.