Data Privacy Statement

All data collected here is handled within our area of responsibility according to the provisions of the European General Data Protection Regulation (GDPR) and in accordance with the applicable state-specific data protection provisions such as the Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).

Name and address of the controller

The controller in the sense of the General Data Protection Regulation and other national data protection laws in the Member States as well as other statutory data protection provisions is:

Fabmatics GmbH
Managing Directors: Dr. Steffen Pollack, Heinz Martin Esser
Zur Steinhöhe 1
01109 Dresden

Tel.: +49 351 65237-0
Fax: +49 351 65237-190

info@fabmatics.com
www.fabmatics.com

Name and address of the data protection officer

The controller’s external data protection officer is:

Johanna Thoelke
DAPROSEC GbR
Tieckstraße 17
D-01099 Dresden
Email: info@daprosec.de
Phone: (0351) – 31 905 088

SSL encryption

The website operators use SSL encryption to provide the best possible protection for your data. You can identify an encrypted connection by the prefix “https://” in the page link in your browser’s address line. SSL encryption protects all data that you provide to this website – for instance during inquiries or logins – from third-party access.

General information about data protection

1. Scope of processing for personal data

We fundamentally process our users’ personal data only to the extent that this is necessary in order to provide them with a functional website along with our content and services. As a rule, our users’ personal data is only processed with the user’s consent. Exceptions apply in cases where it is not possible to obtain prior consent for practical reasons, and where processing of the data is permitted by statutory provisions.

2. Legal basis for processing personal data

If and to the extent that we obtain consent from the data subject for processing transactions, Art. 6 Sec. 1 lt. a EU General Data Protection Regulation (GDPR) serves as the legal basis. In processing personal data that is needed in order to fulfill a contract with the data subject, Art. 6 Sec. 1 lt. b GDPR serves as the legal basis. This also applies to processing transactions that are necessary in order to perform pre-contractual measures. If and to the extent that personal data must be processed in order to fulfill a legal obligation to which our company is subject, Art. 6 Sec. 1 lt. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require personal data to be processed, Art. 6 Sec. 1 lt. d GDPR serves as the legal basis. If processing is necessary in order to protect a legitimate interest of our company or a third party and unless the data subject’s interests, basic rights and basic freedoms override the former interest, Art. 6 Sec. 1 lt. f GDPR serves as the legal basis for processing.

3. Data erasure and storage period

The data subject’s personal data shall be erased or blocked as soon as the storage purpose no longer applies. Longer storage may occur where required by European or national law in Union ordinances, laws or other regulations to which the controller is subject. The data shall also be blocked or erased if a storage period established by the abovementioned standards expires, unless the data must continue to be stored in order to conclude or fulfill a contract.

Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information about the accessing computer system. This includes information about the browser type and version used, the user’s operating system, the user’s internet service provider and IP address, date and time of access, websites from which the user’s system accesses our web page, and websites that the user’s system accesses via our website. This data is stored in log files in our system, with the exception of the user’s IP addresses or other data that can be used to identify a user. This data is not stored together with other personal data concerning the user.

2. Legal basis for storage

The legal basis for temporary storage of the data is Art. 6 Sec. 1 lt. f GDPR.

3. Purpose of data processing

The system must temporarily store the IP address in order to deliver the website to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session. This also constitutes our legitimate interest in data processing as per Art. 6 Sec. 1 lt. f GDPR.

4. Duration of storage

Data shall be erased as soon as it is no longer needed to achieve the purpose for which it was collected. In the case of data collection for the purpose of making the website available, this is the case when each session ends.

5. Objection right

Data must be collected in order to make the website available, and stored in log files in order to operate the website. Therefore, the user does not have the right to object to this.

Technically necessary cookies

1. Description and scope of data processing

Our website uses cookies that are technically necessary. Cookies are text files stored in the user’s web browser and/or by the web browser in the user’s computer system. When a user accesses a website, a cookie may be placed in the user’s operating system. This cookie contains a unique sequence of characters that allows the browser to be clearly identified the next time the website is accessed. We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identified even after switching to a new page. The user data collected by technically necessary cookies is not used to create user profiles.

2. Legal basis for data processing

The legal basis for processing personal data by means of cookies is Art. 6 Sec. 1 lt. f GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify website use for the users. Some of the functions on our website cannot be offered without the use of cookies. These functions require the browser to be recognized even after switching pages. This also constitutes our legitimate interest in processing personal data as per Art. 6 Sec. 1 lt. f GDPR.

4. Duration of storage, objection and/or blocking right

Since the cookies are stored on the user’s computer, only the user can block or restrict the transmission of cookies by changing his or her own settings in the web browser. Previously stored cookies can be erased at any time. This can also take place automatically. If cookies are blocked for our website, you may no longer be able to fully use all of the website functions.

Email contact

1. Description and scope of data processing

Our website provides an email address that you can use to contact us. In this case, the user’s personal data provided in the email shall be stored. Data provided in this context is not shared with third parties. The data is exclusively used to process the conversation.

2. Legal basis for data processing

The legal basis for processing data provided while sending an email is Art. 6 Sec. 1 lt. f GDPR. If the aim of the email contact is to conclude a contract, an additional legal basis for processing is Art. 6 Sec. 1 lt. b GDPR.

3. Purpose of data processing

Processing of personal data from the email exclusively allows us to process the contact request. This also constitutes our necessary legitimate interest in processing the data.

4. Duration of storage

The data shall be deleted as soon as it is no longer needed to achieve the purpose for which it was collected, in other words when the respective conversation with the user has ended. The conversation has ended when circumstances indicate that the issue in question has been definitively resolved.

5. Objection right

The user has the right to object to the storage of his or her personal data at any time. In order to assert this objection right, please send an email to the following address: info@fabmatics.com. All personal data stored in the context of the contact request shall then be erased. In this case, the conversation cannot be continued.

Contact form for Dresden and Salt Lake City locations

1. Description and scope of data processing

Our website provides a contact form for each location, which can be used to contact us electronically. If a user takes advantage of this option, data entered on the entry screen shall be transmitted to us and stored. If the form for Salt Lake City is used, data shall be transmitted to the United States; this is considered sharing data with third parties in an unsafe third country, since different framework conditions apply for data protection in the United States. At a minimum, this data includes the name, email address and message. When the message is sent, the user’s IP address and the date and time of the contact are also stored. Data is not shared with third parties in this context. The data is exclusively used for the purpose of processing the conversation.

The following declaration of consent is provided for the Dresden location, with reference to this Data Privacy Statement:

“I agree that my data will be used to respond to my inquiry according to the Data Privacy Statement. I can withdraw this consent at any time with effect for the future by sending an email to info@fabmatics.com.”

The following declaration of consent is provided for the Salt Lake City location, including a reference to this Data Privacy Statement:

“I agree that my data will be used to respond to my inquiry according to the Data Privacy Statement. This requires my data to be transmitted to the United States, which is subject to lower data protection standards than the EU member states. I can withdraw this consent at any time with effect for the future by sending an email to info@fabmatics.com.”

2. Legal basis for data processing

The legal basis for processing data where consent has been provided by the user is Art. 6 Sec. 1 lt. a GDPR, and for transmission to the United States, consent as per Art. 49 Section 1 Sentence 1 a).

3. Purpose of data processing

We exclusively process personal data from the entry screen in order to handle your contact request. All other personal data processed during the submission transaction is used to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage

Data from the contact form shall be erased as soon as it is no longer needed to achieve the purpose for which it was collected, in other words when the respective conversation with the user has ended. The conversation has ended when circumstances indicate that the issue in question has been definitively resolved. Any additional personal data collected during the submission transaction shall be erased within seven days at the latest.

5. Withdrawal right

The user has the right at any time to withdraw his or her consent for the processing of personal data. In order to assert this right, please send an email to the following address: info@fabmatics.com. All personal data stored in the context of the contact request shall then be erased. In this case, the conversation cannot be continued.

Application by email

1. Description and scope of data processing

Our website provides an email address that can be used to apply for our posted job openings. The application materials you submit shall exclusively be used to review your suitability for the posted job and to complete the application process. They shall not be shared with third parties.

2. Legal basis for data processing

The legal basis for processing data submitted to us as part of an application is § 26 Section 1 Sentence 1 BDSG.

3. Purpose of data processing

We shall exclusively process personal data from the email for the purpose of processing your application.

4. Duration of storage

The data shall be erased when the application process has ended, in other words, when the job is filled or the application process is canceled.

5. Erasure right

The user has the right at any time to withdraw his or her application and to request the erasure of the personal data. In order to assert this erasure right, please send an email to the following address: info@fabmatics.com. All personal data stored in the context of the application shall then be deleted unless different statutory storage periods apply.

Newsletter

1. Description and scope of data processing

Our website provides the option of subscribing to our free newsletter (provide name, topic). When you subscribe to the newsletter, your email address as well as the name and address provided on the entry screen are transmitted to us. In addition, we collect the IP address of the accessing computer and the date and time of your registration. The newsletter shall be sent via our internal newsletter delivery system through our server area. Newsletters contain a “web beacon,” a pixel-sized file that is accessed by our delivery service when the newsletter is opened. This access initially includes technical information, such as information about the browser and your system, as well as your IP address and the time of access. The statistical information collected also determines whether the newsletter was opened, when it was opened and which links were clicked. The following declaration of consent is obtained in order to process data for the registration process, including a reference to this Data Privacy Statement:

“I agree that my data will be used to deliver the newsletter according to the Data Privacy Statement, and that newsletter tracking will be used to track my behavior in using the newsletter as well as to improve the newsletter. I can unsubscribe from the newsletter at any time by clicking on the corresponding link in the newsletter.”

No data shall be shared. Data shall exclusively be used to deliver and improve the newsletter.

2. Legal basis for data processing

The legal basis for processing data following the user’s registration for the newsletter, where the user has provided consent, is Art. 6 Sec. 1 lt. a GDPR.

3. Purpose of data processing

Collecting the user’s email address allows us to deliver the newsletter. The collection of other personal data in the context of the registration process allows us to prevent misuse of the services and of the provided email address. Information obtained from tracking shall be used for making technical improvements to the services using the technical data or target groups as well as your reading behavior, based on the access locations (which can be determined using the IP address) or access times. For technical reasons, this information can be assigned to individual newsletter recipients, but it shall only be analyzed in order to identify our users’ reading habits and to tailor our content to them, or to deliver varying content according to our users’ interests.

4. Duration of storage

Data shall be erased as soon as it is no longer needed to achieve the purpose for which it was collected. Thus, the user’s email address shall be stored as long as the newsletter subscription is active and/or where other legal bases continue to apply. As a rule, other personal data collected in the context of the registration process shall be erased within seven days.

5. Withdrawal right

The user in question can unsubscribe from the newsletter at any time. To this end, each newsletter includes a corresponding link, which is also used to withdraw consent for storage of the personal data collected during registration.

Analysis using SlimStat

1. Scope of data processing

This website uses WP-SlimStat (http://wordpress.org/extend/plugins/wp-slimstat), a web analytics service. We have set WP-SlimStats to block cookies and mask the IP addresses. We use this information to analyze the use of our website. This information is stored in our server area in Germany and is not shared with third parties.

2. Legal basis

Web analysis is performed on the basis of Art. 6 Sec. 1 lt. f GDPR.

3. Purpose

We have a legitimate interest in the anonymized analysis of user behavior in order to optimize our web offering as well as our advertising.

4. Duration of storage

The duration of storage shall be a maximum of 426 days (14 months), after which the data shall be erased.

5. Blocking option

If you choose the Do Not Track (DNT) function in your browser, your page visit shall not be analyzed.

Google Maps

1. Scope of data processing

This website uses Google Maps API to visually represent geographic information. When Google Maps is used, Google also collects, processes and uses data about visitors’ use of the map function. More information about data processing by Google can be found in the Google privacy statement.

2. Legal basis

The legal basis is Art. 6 Section 1 Sentence 1 f GDPR.

3. Purpose

The purpose and our legitimate interest consist in providing you with the clearest possible directions.

4. Duration of storage, blocking right

Detailed instructions for managing your own data in conjunction with Google products can be found here. You can also change your personal data protection settings in the privacy center.

Embedded YouTube videos

1. Scope of data processing

We embed YouTube videos on some of our web pages. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. As a rule, when a page containing YouTube videos is opened, cookies are placed and information is collected about the visitor. However, we have embedded the videos in expanded data protection mode, which means that a connection shall be established with YouTube, but cookies shall only be placed if you actually open the video. If you have an account with the service or with partners of the service and are logged in to this account, your surfing behavior can be assigned to you personally when a cookie is placed. You can prevent this by logging out of the service account before opening the video.

2. Legal basis

The legal basis is Art. 6 Section 1 Sentence 1 lt. f GDPR.

3. Purpose

The purpose of embedding videos is to ensure effective publicity for Fabmatics. This also constitutes our legitimate interest.

4. Duration, blocking right

Information about the service’s data protection policies, particularly the storage and erasure periods, can be found in the provider’s data privacy policy under:

https://www.google.de/intl/de/policies/privacy/

Rights of the data subject

If personal data concerning you is processed, you are considered a data subject in the sense of the GDPR and you have the following rights with regard to the Controller:

1. Right of access

You have the right to request confirmation from the Controller as to whether personal data concerning you is being processed by us. Where this is the case, you can request information from the Controller about the following:

(1) the purposes for which personal data is being processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom the personal data has been or shall be disclosed;

(4) the envisaged period for which your personal data shall be stored, or, if this is not known, the criteria used to determine that period;

(5) the existence of a right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information as to the source of the data, where the personal data was not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Art. 22 Sec. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether your personal data is transferred to a third country or an international organization. In this context, you can request information about the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to obtain from the Controller the rectification and/or completion of inaccurate personal data concerning you if your processed personal data is incorrect or incomplete. The Controller shall perform such rectification without undue delay.

3. Right to restriction of processing

Under the following conditions, you can request a restriction of processing for your personal data:

(1) if you contest the accuracy of your personal data, for a period enabling the Controller to verify the accuracy of the personal data;

(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3) if the Controller no longer needs the personal data for the purposes of the processing, but you require it in order to establish, exercise or defend legal claims; or

(4) if you have objected to processing pursuant to Art. 21 Sec. 1 GDPR pending verification of whether the legitimate grounds of the Controller override your ground.

Where processing of your personal data has been restricted, this data shall, with the exception of storage, only be processed with your consent or in order to establish, exercise or defend legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If processing has been restricted pursuant to the above requirements, you shall be informed by the Controller before the restriction is lifted.

4. Right to erasure

a) Erasure obligation

You have the right to obtain from the Controller the erasure of personal data concerning you, and the Controller has the obligation to erase such data without undue delay where one of the following grounds applies:

(1) Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent on which the processing was based pursuant to Art. 6 Sec. 1 lt. a or Art. 9 Sec. 2 lt. a GDPR, and where there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21 Sec. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Sec. 2 GDPR.

(4) Your personal data was unlawfully processed.

(5) Your personal data must be erased for compliance with a legal obligation under Union or Member State law to which the Controller is subject.

(6) Your personal data was collected in relation to the offer of information society services pursuant to Art. 8 Sec. 1 GDPR.

b) Information shared with third parties

Where the Controller has made your personal data public and is obliged pursuant to Art. 17 Sec. 1 GDPR to erase the personal data, the Controller, taking account of the available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers that are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.

c) Exceptions

The erasure right shall not apply to the extent that processing is necessary:

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation that requires processing under Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

(3) for reasons of public interest in the area of public health pursuant to Art. 9 Sec. 2 lt. h and i as well as Art. 9 Sec. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 Sec. 1 GDPR, in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) to establish, exercise or defend legal claims.

5. Notification right

If you have asserted your right to rectification, erasure or restriction of processing toward the Controller, the Controller shall notify all recipients to whom your personal data has been disclosed about this rectification or erasure of personal data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to obtain information from the Controller about these recipients.

6. Right to data portability

You have the right to receive your personal data, which you have provided to the Controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data was provided, where:

(1) the processing is based on consent pursuant to Art. 6 Sec. 1 lt. a GDPR or Art. 9 Sec. 2 lt. a GDPR or on a contract pursuant to Art. 6 Sec. 1 lt. b GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others. The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on Art. 6 Sec. 1 lt. e or f GDPR, including profiling based on these provisions. The Controller shall no longer process your personal data unless the Controller can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing serves the purpose of establishing, exercising or defending legal claims. Where your personal data is processed for direct marketing purposes, you shall have the right to object at any time to the processing of your personal data for the purpose of such marketing; this includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes. In the context of the use of information society services, notwithstanding Directive 2002/58/EC, you may exercise your objection right by automated means using technical specifications.

8. Right to withdraw consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawal of your consent shall not affect the lawfulness of any processing that took place on the basis of your consent before the time of the withdrawal.

9. Automated individual decision-making, including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:

(1) is necessary for entering into, or performance of, a contract between you and the Controller,

(2) is authorized by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

(3) is based on your explicit consent.

However, such decisions shall not be based on special categories of personal data pursuant to Art. 9 Sec. 1 GDPR unless Art. 9 Sec. 2 lt. a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in points (1) and (3), the Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express your own point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant about the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.