We are pleased to welcome you to our website.
1. Name and address of the responsible body
As the operator of the website www.vmt-ims.com, VMT GmbH, Stegwiesenstrasse 24, 76646 Bruchsal, Germany, is the data controller within the meaning of the GDPR.
2. Contacting the Data Protection Officer
You can contact our Data Protection Officer at any time with any privacy concerns at firstname.lastname@example.org.
3. What is personal data?
Personal data refers to any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4. Purposes of data processing
The extent and nature of the collection, processing and use of your data depends on whether you visit our website only to retrieve generally available information or make use of additional services. We always process your personal data in the course of our business activities for pre-contractual or contractual purposes. In addition, the exercise of our legitimate interest or compliance with legal requirements may also be the substantive purpose of data processing by us. We inform you about the respective specific purposes of data processing in the sections below.
5. Legal basis of data processing
We process your personal data according to the following legal bases:
- To fulfill pre-contractual or contractual obligations (Art. 6 (1) (b) GDPR)
- On the basis of your consent (Art. 6 (1) (a) GDPR)
- In the context of a balancing of interests (Art. 6 (1) (f) GDPR)
- Due to legal requirements (Art. 6 (1) (c) GDPR)
In connection with the respective instances of data processing carried out by us we will inform you of the specific legal basis of the data processing.
6. Right to object
If in the context of a balancing of interests we process your personal data on the basis of our overriding legitimate interest (legal basis for data processing is Art. 6 (1) (f) GDPR), you have the right to object to this processing at any time for reasons arising from your particular situation. If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to further processing (with the exception of direct advertising, in which case we will comply with your objection immediately) if we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or if the processing is for the assertion, exercise or defense of legal claims. More extensive data subject rights remain unaffected by this.
7. Use of our website for information purposes
For the purely informational use of our website, it is not necessary for you to provide any personal information at all. Rather, in this case, when you access our web pages, we only collect the data that your internet browser automatically transmits to us, such as:
- Referrer (previously visited website)
- Requested web page or file
- Browser type and version
- Operating system
- Device type
- Time of access
- IP address in anonymized form
- Other similar data and information used to avert danger in the event of attacks on our information technology systems.
This is usually done using log files. The purpose of processing is to ensure the functionality and compatibility of our website for technically unproblematic use, including troubleshooting and protection against technical attacks and misuse of the usage. The legal basis for this processing is our legitimate interest in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest lies in the proper operation of our website. The log file data is deleted when it is no longer required for the purpose of processing.
8. Use of our website for other services
If you make use of other services of our company via our website, it may be necessary for you to provide personal information. The personal data required for the provision of services is specified in the respective input mask or application. You can voluntarily provide additional information. You can tell which information is required and which is voluntary by the fact that the mandatory information is marked with an asterisk (*) or with the note “Mandatory field”. Your data will be processed exclusively for the purpose of providing the service you requested. The legal basis for the processing of your personal data and the information on when your personal data will be deleted can be found in the description of the specific services.
9. External hosting of the website
We use an external service provider to host our website. The personal data collected on this website is stored on the hosting company’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website.
The use of the hosting company is in the interest of the secure, fast and efficient provision of our website (Art. 6 (1) (f) GDPR). Our hosting provider will only process your data to the extent necessary to fulfill its performance obligations in accordance with contractual obligations and instructions from us. We use STRATO AG as our hosting provider. We have concluded a data processing agreement according to Art. 28 GDPR with the hosting provider.
10. Contacting us
On our website we offer you the possibility of contacting us via a contact form. The personal data you provide when contacting us via a contact form will only be processed for the purpose of dealing with your contact via the contact form. Data will only be passed on to third parties if this is necessary for the purpose of processing your contact. The legal basis for this processing is Art. 6 (1) (b) GDPR. Your personal data will be deleted when no longer required to fulfill the purpose of your contact. Please note that your messages may have to be stored due to statutory retention requirements. In this case, the legal basis is Art. 6 (1) (c) GDPR.
Contact by email
On our website we offer you the possibility of contacting us by email. Please note that unencrypted communication by email is not secure. It cannot be ruled out that data transmitted in this way may be read, copied, altered or deleted by unauthorized persons. The personal data you provide when contacting us via email will only be processed for the purpose of dealing with your contact via email. Data will only be passed on to third parties if this is necessary for the purpose of processing this contact. The legal basis for this processing is Art. 6 (1) (b) GDPR. Your personal data will be deleted when no longer required to fulfill the purpose of your contact. Please note that your messages may have to be stored due to statutory retention requirements. In this case, the legal basis is Art. 6 (1) (c) GDPR.
A newsletter service is not used. Should one be used subsequently, you will find out here.
We have taken technical and organizational measures to secure our website and other systems against loss, destruction, access, alteration or distribution of your data by unauthorized persons. In particular, your personal data provided in the contact form will be transmitted in encrypted form. We use the TLS 1.3 (Transport Layer Security) coding system for this purpose.
14. Web analytics
This website uses the open source web analytics service Matomo. Matomo is hosted on the server on which this website is operated. Matomo uses so-called “cookies”. These are text files that are stored on your computer and allow an analysis of your use of the website. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before it is stored. The Matomo cookie is a temporary cookie that is deleted from your device after the session expires (at the latest when you close the browser).
We use a service from Wiredminds GmbH, Lindenspürstr. 32, 70176 Stuttgart, Germany on our website. The legal basis for this data processing is Art. 6 (1) (a) GDPR.
15. Social media
We maintain publicly available profiles on social networks. The individual social networks we use can be found below.
Social networks such as Facebook etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (such as Like buttons or banner ads). By visiting our social media presences, numerous data protection-relevant processing operations are triggered. Specifically:
If you are logged in to your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, however, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, data is collected, for example, via cookies which are stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way you can be shown interest-based advertising within and outside of the particular social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.
Our social media presences are designed to provide an informative presence on the internet. This is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. In necessary cases, the legal basis is also Art. 6 (1) (a) GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (for example, consent within the meaning of Article 6 (1) (a) GDPR).
Data controller and assertion of rights
If you visit any of our social media sites, together with the social media platform operator we are jointly responsible for the data processing operations triggered during this visit. As a matter of principle, you can assert your rights (access, rectification, erasure, restriction of processing, data portability and complaint) both to us and to the operator of the respective social media portal.
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
Duration of storage
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose of storage no longer exists, you ask us to delete it, you withdraw your consent to the storage or the purpose for the data storage no longer exists. Saved cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
Social networks in detail
AddToAny – Bookmark & Share
16. Other functions and content
If we use additional functions and content (e.g. map or font services) on our website, by means of which we or the provider of the services process personal data from you, we will inform you about this here.
Our pages use functions of Cloudflare. The operating company of Cloudflare is Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, U.S.A. Cloudflare offers a so-called worldwide distributed Content Delivery Network with DNS. Technically, the transfer of information between your browser and our web pages is routed through the Cloudflare network. Cloudflare is thus able to analyze the traffic between users and our websites, for example, to detect and ward off attacks on our services. In addition, Cloudflare may store cookies on your computer for optimization and analysis. The legal basis for the data processing is your consent in accordance with Art. 6 (1) (a) GDPR. For more information, please visit https://www.cloudflare.com/privacypolicy and https://www.cloudflare.com/gdpr/introduction
On our website, we use the service jQuery from the company JSFoundation, Inc., Attn: Privacy Office, 1 Letterman Drive, San Francisco, CA 94129, U.S.A. (hereinafter “jQuery”). The legal basis for the data processing is your consent in accordance with Art. 6 (1) (a) GDPR.
The relevant files of this service are hosted directly by our server whereby there is no direct connection between your browser and the jQuery servers and thus no data is transmitted to JQuery.
You can prevent jQuery from running by disabling the execution of script code in your browser or installing a script blocker in your browser. You can find more information about data processing by jQuery here: https://js.foundation/about/governance/privacy-policy
We use “Google Fonts” external fonts on our website. Google Fonts is a service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland. The relevant font files are hosted directly by our server. The legal basis for the data processing is Art. 6 (1) (a) GDPR. You can find more information about data processing by Google here: https://policies.google.com/privacy
This website uses Google Maps, a map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland to display an interactive map. In the process, your browser also passes on personal data to Google LLC in the U.S.A. The legal basis for the data processing is Art. 6 (1) (a) GDPR. You can find more information about data processing by Google here: https://policies.google.com/privacy
You can prevent Google Maps collecting and processing your data by disabling the execution of script code in your browser or installing a script blocker in your browser.
Monotype GmbH / fonts.com / fonts.net
17. Recipients and data transfer
We have bundled certain data processing operations within our company. These can be used centrally by individual areas of our company, e.g. for processing inquiries. External contractors and service providers (e.g. logistics companies or IT service providers) may also be used to ensure our responsibilities are met and to fulfill contracts. In addition, data may go to recipients to whom we are obligated or entitled to disclose data due to contractual or legal obligations or due to your consent.
18. Data transfer to third countries
Data is only transferred to third countries (countries outside the EU and the European Economic Area EEA) if this is necessary for the execution of a contract/order/business relationship, including the initiation thereof, or if it is permissible due to our legitimate interest or your consent, and only in compliance with the data protection requirements stipulated for this purpose.
Note on data transfer to the U.S.A.
Our website includes services provided by companies based in the U.S.A. In connection with the use of these services, personal data may be transmitted to U.S. servers of the respective service providers. Please note that the U.S.A. is not a secure third country in the sense of EU data protection law. U.S. companies are obliged to hand over personal data to security agencies without you as the data subject being able to take sufficient legal action against this. It can therefore not be completely ruled out that U.S. agencies (e.g. intelligence services) process, analyze and permanently store your data located on U.S. servers for surveillance purposes. We have no influence on these processing activities.
19. Deletion of your data
We process your personal data only for as long as this is necessary to fulfill the respective purpose or until there is no longer a legal basis for processing (e.g. revocation of consent to data processing). In doing so, we observe the existing statutory retention and storage periods.
20. Your rights
You have the right:
- to gain access free of charge to the personal data concerning you that are stored by us (right to access)
- to obtain confirmation whether we are processing personal data concerning you (right to confirmation)
- to request us to immediately delete the personal data concerning you if the processing is no longer required and the other requirements for the erasure pursuant to GDPR have been fulfilled (right to erasure)
- to request the immediate rectification and completion of inaccurate personal data concerning you (right to rectification)
- to request restriction of processing of your personal data (right to restriction of processing)
- to receive the personal data concerning you in a structured, commonly used and machine-readable format (right to data portability)
- to object to the processing of your personal data (right to object)
- You have the right not to be subject to a decision based solely on an automated processing of data, including profiling, and that may have a legal effect on you or any similarly significant restrictive effect (right to individual decision-making).
- to revoke your consent to the processing of your personal data at any time with effect for the future.
- to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is in violation of GDPR (right to lodge a complaint).
For more information on your rights, please contact our Data Protection Officer.
22. Information for customers, suppliers and other third parties pursuant to Articles 13 / 14 GDPR
Diese InformYou will find this information here.
23. Information on Processing Employee Data
You will find this information here.