I. Name and address of the data controller
VACUUMSCHMELZE GmbH & Co. KG
Grüner Weg 37
Phone: +49 6181 38-0
is the data controller as defined in the EU General Data Protection Regulation (GDPR) and the national data privacy laws.
II. Name and address of the data protection officer
The data protection officer of the data controller is:
Attorney Sascha Hesse
Phone: +49 (0) 69 - 9043 79 65
III. General information about data processing
1. The extent to which personal data is processed
We collect and use the personal data of users of our homepage only to the extent that this is necessary for keeping our website, contents and services functioning properly.
Basically, we collect and use our users’ personal data only after they give their consent. An exception to this principle applies in cases where processing the data by statutory provisions is permitted or when obtaining prior consent for actual reasons is not possible.
2. Legal basis for processing personal data
The legal basis for processing personal data is basically based on:
- Art. 6 Section 1 lit. a GDPR upon obtaining the consent of the data subject.
- Art. 6 Section 1 lit. b GDPR for processing operations that serve to fulfill a contract to which the data subject is a party. Included here are processing operations that are necessary to carry out pre-contractual measures.
- Art. 6 Section 1 lit. c GDPR for processing required to fulfill a legal obligation.
- Art. 6 Section 1 lit. d GDPR, if vital interests of the data subject or another natural person require the processing of personal data.
- Art. 6 Section 1 lit. f GDPR, if the processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest.
3. Data erasure and storage duration
The personal data of users will be deleted or blocked as soon as the purpose of the storage is no longer applicable. Additional storage may be provided for by European or national legislators through EU regulations, laws or other regulations to which the data controller is subject. Blocking or deleting the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for additional storage of the data for concluding a contract or fulfilling the contract.
4. Automated decision making (Art. 22 GDPR)
We will not use your personal data for taking any automated decisions affecting you or creating profiles.
IV. Use of our website, general information
1. Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the user's computer system. The following information is collected:
- Information about the browser type and version used
- The user’s operating system
- The user’s Internet service provider
- The user’s IP address
- Date and time of access
- Websites the user’s system accesses to get to our website
- Websites that the user's system invokes by accessing our website
The described data are stored in the log files of our system. This data is not stored together with any other personal user data.
The data described - with the exception of the user’s IP address or other data that allows data to be assigned to a user - are stored in our system’s log files. This data is not stored together with any other personal user data.
2. Purpose and legal basis for data processing
Our system must temporarily store user IP addresses to allow us to deliver our website to the user's computer.
To do this, the user's IP address must be stored for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. This data is not evaluated for marketing purposes in this context.
The legal basis for the temporary storage of data and log files is Art. 6 Section 1 lit. f GDPR.
Collecting your personal data to ensure our web presence and storing this data in log files is essential for operating our website. A contradictory possibility of the user therefore does not exist.
3. Duration of storage
Your data will be deleted as soon as they are no longer necessary for achieving the purpose of the inquiry. Your data will be deleted when the session ends if your data has been collected to ensure the site's availability.
If your data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible, whereby in this case, the IP addresses of the users are deleted or alienated. This means that it is then no longer possible to assign the client who has accessed our website.
4. matomo (formerly Piwik)
Our website uses the web analysis service Matomo. Matomo is an Open Source solution.
Matomo uses 'cookies'. Information generated by cookies about the use of our website is stored on a GDPR compliant server in the EU. Cookies from Matomo remain on your end device until you delete them.
We use Matomo with the configuration to process IP addresses anonymously. This means that IP-addresses are processed in a shortened form, a direct personal reference can be excluded. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.
Matomo cookies are set on the basis of article 6 paragraph 1 letter f GDPR. As operators of this website we have a legitimate interest in the anonymized analysis of user behavior in order to optimize our web offer and, if necessary, advertising.
You can adjust the analysis by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we point out that you may not be able to use our website to its full extent. The information stored in the Matomo cookie about the use of this website will not be passed on.
We use the analysis tool Pardot from salesforce.com Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, Main: 1-800-NO-SOFTWARE, Fax: 415-901-7040, Sales: 1-800-NO-SOFTWARE on our website. Pardot is a software module for tracking and analysing the use of a website by website visitors.
Pardot sets a maximum of two cookies. These are a "Visitor Cookie" and a "Pardot App Session Cookie". The "Visitor Cookie" generates an identification number that is used to recognize the browser of the website visitor. The identification number is a generated numerical code that has no meaning outside of Pardot Services. The "Pardot App Session Cookie" is only set when a customer logs into the Pardot App as a user. The Pardot cookies record your click path and uses it to create an individual user profile using a pseudonym. This allows us to analyse the use of our website and improve it regularly.
The cookies are stored for a maximum of 360 days and the user data for a maximum of 5 years. The deletion of the profile data can be requested by the user at any time.
The legal basis for the use of Pardot is your consent according to Art. 6 para. 1 sent. 1 lit. a GDPR
Insofar as Pardot processes personal data, the processing is carried out exclusively on our behalf and according to our instructions. For this purpose, we have concluded a data processing agreement with Salesforce.com, Inc. to ensure compliance with the GDPR.
When using Pardot, a data transfer to the USA cannot be ruled out. Salesforce.com Inc. has had Binding Corporate Rules approved by the European Data Protection Board since 2015, which ensure a level of data protection that complies with the GDPR. For more information, see:
Salesforce’s Processor Binding Corporate Rules for the Processing of Personal Data
European Data Protection Board Binding Corporate Rules
Furthermore, Standard Contractual Clauses have been concluded in addition to the data processing agreement.
6. Newsletter/Direct Marketing
On our website you have the possibility to subscribe to our newsletter and to download gated content.
To subscribe to our newsletter, we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. We store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The only mandatory data for sending the newsletter is your e-mail address. Depending on the type of the gated content, further mandatory information such as name or telephone number may be required.
The legal basis for the use of your e-mail address for the purpose of sending the newsletter is Art. 6 para. 1 lit. a GDPR. The legal basis for storing your IP address and registration times is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in the data processing is to be able to prove the registration and, if necessary, to clarify a possible misuse of your personal data.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The data provided by you during registration will therefore be stored for as long as the newsletter subscription is active. We store your e-mail address for the purpose of sending the newsletter until you revoke your consent to receive it.
|Please note: According to Art. 21 (2) GDPR, you have the right to object to the processing of your personal data for marketing purposes. You can do this by clicking on the unsubscribe link provided in every newsletter email or by using the contact details mentioned in Section II.|
We use the tool Pardot from the service provider Salesforce to send our newsletter and the associated processing of the abovementioned data. We would like to point out that we evaluate your user behaviour when sending the newsletter. We use Pardot for this purpose as described under Section IV. 5. above. The analyses help us to recognise the reading habits of our users and to adapt our content to you or to send different content according to the interests of our users.
7. Application portal
An application portal is available on our website. There you have the possibility to upload application documents. The categories of personal data processed include in particular
- Your master data (such as first name, last name, name affixes, nationality)
- Your contact data (e.g. private address, e-mail address, (mobile) phone number),
- Your professional curriculum vitae, training, school education
- This may also include special categories of personal data, such as health data, if included in your resume.
As a rule, your personal data is collected directly from you as part of the application process. In certain constellations, personal data may also be collected from other bodies (in particular public authorities) due to legal requirements. In addition, we may have received data from third parties (e.g. job placement agencies).
If we do not collect your personal data directly from you in individual cases, we will inform you of this beforehand.
For the processing of the data, your consent is obtained during the submission process and reference is made to this data protection declaration. After entering and transmitting your data, it is sent directly via an encrypted connection to the server of our external service provider "rexx systems". All data is encrypted on the basis of the SSL procedure.
The processing of personal data from the application portal serves exclusively the application process.
The legal basis for the processing of applicant data is basically Art. 88 GDPR in conjunction with § 26 BDSG. The legal basis for the processing of data in the context of inclusion in the applicant pool is Art. 6 (1) lit. a, b GDPR.
Within our company, only those persons and offices (e.g. HR department, works council, representatives for severely disabled persons, managers, company doctor) receive your personal data who are responsible for processing the application procedure and making decisions about the application outcome.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.
If no employment contract is concluded with the applicant, the application documents will be automatically deleted no later than six months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). Deviating from this, the data of the applicant pool will be stored after consent until revoked.
The user has the possibility at any time to revoke his consent to the processing of personal data and or to object to the processing of his data. Deletion of your data leads to termination of the application process and subsequently no more information can be provided regarding the process. After the establishment of an employment relationship, the right to data deletion or restriction of processing is reduced. Requests for information or disclosure, a revocation of any consent given and any objection to the processing of your data can be sent to the above address.
The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user's terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the Telecommunications and Telemedia Data Protection Act (TTDPA; Ger.: TTDSG).
Please note that the legal basis for the processing of personal data collected in this context then results from the GDPR. The relevant legal basis for the processing of personal data in each specific case can be found below the respective cookie or the respective processing itself.
The primary legal basis for the storage of information in the end user's terminal equipment - consequently in particular for the storage of cookies - is their consent, § 25 Abs.1 S.1 TTDPA (Ger.: TTDSG). Consent is given when visiting our website - although this does not have to be given, of course - and can be revoked at any time in the cookie settings.
According to § 25 Abs.2 Nr.2 TTDPA (Ger.: TTDSG), consent is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary (often also referred to as "technically necessary cookies") and therefore fall under the exception of § 25 Para.2 TTDPA (Ger.: TTDSG) and therefore do not require consent.
The following data is stored and transmitted:
- Language settings
- Contact details
The legal basis for processing personal data using cookies is defined in Article 6 Section 1 lit. f GDPR. The purpose for using technically required cookies is to simplify the use of our website.
We would like to point out that some functions on our website can only be offered if cookies are enabled. This applies to the following applications:
- Adopting language settings
- Remembering contact details
We do not use user data collected by technically required cookies to create user profiles.
VI. Third party recipients
In addition to Matomo and Pardot, listed above, we may share your personal data as follows:
- With our affiliates within Vacuumschmelze Group worldwide if and to the extent required and legally permitted. In such cases, these affiliates will then use the personal data for the same purposes and under the same conditions.
- We may also instruct service providers (so called data processors) within or outside of Vacuumschmelze Group, domestically or abroad (, e.g. shared service centers or cloud providers), to process personal data on our behalf and in accordance with our instructions only. We will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.
- With courts, regulators, law enforcement or other competent authorities or legal advisors if legally permitted and necessary to comply with a legal obligation or for the establishment, exercise or defense of legal claims.
- We may also share your personal data with third parties if we sell or buy any business or assets, in which case we may disclose personal data to the prospective seller or buyer of such business or assets, along with its professional advisers. If Vacuumschmelze GmbH & Co. KG or substantially all of its assets are acquired by a third party, personal data held by us about customers and other contacts will be one of the transferred assets.
Otherwise, we will only disclose your personal data when you direct or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or when we suspect fraudulent or criminal activities.
VII. Data transfer outside the EU
The GDPR ensures an equally high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible when your personal data is to be processed.
Only in exceptional cases will we have data processed outside the European Union in the context of using third-party services. We will only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that the processing of your data may then only take place on the basis of special guarantees, such as the officially recognized determination by the EU Commission of a level of data protection corresponding to the EU or the observance of officially recognized special contractual obligations, the so-called "standard contractual clauses for international transfers".
VII. Your rights/rights of the data subject
According to the GDPR, you have the following rights as a data subject which you can assert using the contact details listed under Section II.:
1. Right to access your information
You have the right to receive information from us as the data controller on whether we are processing your personal data as well as other information required by Art. 15 of the GDPR.
2. Right to rectification
If we process your personal data incorrectly or in an incomplete manner, then you have a right for it to be corrected/completed. The correction will be made immediately.
3. Right to restriction of processing
You have the right to restrict the processing of personal data concerning you in accordance with the legal provisions (Art. 18 GDPR).
4. The right to erasure
If one of the reasons set out in Art. 17 GDPR apply, you may request that the personal data relating to you be deleted without delay.
We would like to point out that the right to erasure does not exist insofar as the processing is necessary for one of the exceptional circumstances mentioned in Art. 17 para. 3 GDPR.
5. Right to information
If you have asserted the right to rectify, delete or restrict the processing, we are obligated to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or is associated with a disproportionate amount of effort. You also have the right to be informed about these recipients.
6. Right to data portability
According to the GDPR, you also have the right to obtain the personal data provided to us and to receive it in a structured, understandable and machine-readable format. Furthermore, you have the right to request to transfer this data to another data controller.
7. Right to revoke the declaration of consent to data protection
You have the right to revoke your data protection declaration at any time. Please note that revoking consent does not affect the lawfulness of the processing carried out based on the consent until the revocation goes into effect.
8. Right to object
Furthermore, for reasons based on your particular situation, you have the right to object at any time to the processing of personal data relating to you which is carried out on the basis of Art. 6 Section 1 lit. e or f GDPR.
9. Automated decision on an individual basis, including profiling
Under the GDPR, you have the right not to be subject to a decision based solely on automated processing - including profiling - which would have legal effect or would affect you in a similar manner.
10. Right to complain to a supervisory authority
Finally, if you believe that the processing of personal data concerning you is contrary to the GDPR, you have the right to complain to a supervisory authority, in the Member State of its place of residence, employment or the location of the alleged infringement.
IX. Electronic contact
You will find a contact form on our homepage that you can use to contact us electronically. The data entered into the input mask are transmitted to us and stored. These data include:
The following data is also stored once the message has been sent:
- The user’s IP address
- Date and time of registration
- Company Name
It is also possible to contact us via our provided email address. In this case, the user's personal data transmitted by email will be stored.
A transfer of your data to third parties will not take place in this context; this data will be used exclusively for processing the communication record.
The legal basis for processing the data is in submitting user consent as defined in Art. 6 Section 1 lit. a GDPR. The legal basis for processing the data transmitted while sending an email is Article 6 Section 1 lit. f GDPR. If the email contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 Section 1 lit. b GDPR.
Processing personal data in this context is solely for processing the contact. In the case of contact via email, this also includes the required legitimate interest in processing the data.
If further personal data are processed during the sending process, then they serve only to prevent misuse of the contact form and to ensure the security of our information technology systems.
Your data will be deleted as soon as they are no longer necessary for achieving the purpose of the inquiry. Regarding the personal data from the input form on the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
You will have the opportunity to revoke your consent to the processing of personal data at any time. Even when contacting us by email, you can object to the storage of your personal data at any time. However, we would like to point out that in such a case, the conversation cannot continue.
All personal data stored while contacting will be deleted in this case.
X. Social Media
We maintain fan pages within various social networks and platforms for communicating with customers, prospects and users who are active there and for informing them about our services.
We would like to point out that your personal data may be processed outside the European Union, which may pose risks to you (e.g. in enforcing your rights under European/German law).
These users’ data are usually processed for market research and advertising purposes. Thus, for example, user profiles are created based on the user’s behavior and interests. These usage profiles can in turn be used to do such things as place advertisements inside and outside the platforms that are allegedly in line with users' interests. For these purposes, cookies are usually stored on the user’s computer where the user’s behavior and the user’s interests are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices that the users use (this is especially true if the users are members of the respective platforms and are logged in to them).
Processing personal user data is based on our legitimate interests in an effective user information and communication with users in accordance with. Art. 6 Section 1 lit. f. GDPR. The legal basis for processing user info is Art. 6 Section a., Art. 7 GDPR, and this entails the respective providers asking users to consent to data processing (that is, that they declare their agreement, for example, by ticking a check box or clicking on a button to confirm).
Additional information about processing your personal data as well as your revocation options can be found under the links for the respective providers listed below. The assertion of information and further rights of the data subjects can likewise take place opposite the offerers, who then have only the direct access to the data of the users and have appropriate information. Of course, we are available for questions and support if you need help. Providers:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland