Data privacy statement
The protection of your personal data is important to us, therefore we would like to give you information about possible contact methods and about the data concerned as simply and as exactly as possible.
First of all, you will receive information about the possible methods of contacting our data protection officer as well as possible methods for encrypted contacting. We will then introduce you to the legal and technical terms that will be used later. You will then receive an overview of the rights of the person concerned. Following that, you will be provided with the details of the person in charge. Finally, the technologies used, services and our management are described.
Contacting the data protection officers
Oliver Offenburger, M.Sc.
E-Mail: [email protected]
Telefon: 07721 69724 00
Fax: 07721 69724 01
Information pursuant to §5 TMG (German Telemedia Act):
79379 Muellheim (Baden)
Telefon: +49 (0) 7631 93688-0
Telefax: +49 (0) 7631 93688-109
E-Mail: [email protected]
Entry in the commercial register:
Register court: Freiburg i. Br.
Register number: HRB 700224
VAT identification number pursuant to §27a of the Value Added Tax Act:
Persons responsible for the content in accordance with § 55 para. 2 RStV (German Broadcasting Agreement):
79379 Muellheim (Baden)
Sources for images and graphics used:
Markus Heimbach, Hamburg
Jochen Rolfes, Duesseldorf
1 Contacting the data protection officers
With the following contact details, you can contact our external data protection officer at any time should you have any questions or require Information:
Oliver Offenburger, M.Sc.
E-Mail: [email protected]
Phone: 07721 69724 00
Fax: 07721 69724 01
The preferred way to contact us is by e-mail. However, you can also contact the data protection officer by post or telephone. Should you wish to encode your e-mail to our data protection officer, we recommend that you read the following section.
Notes concerning queries:
If you send us an enquiry by e-mail during regular business hours, we will confirm receipt of the message on the same day. If you do not receive confirmation, please contact us by telephone.
If you make a postal request, we will send you the confirmation of receipt on the same day of delivery, but no later than one day after delivery. If you do not receive confirmation, please contact us by telephone.
If you wish to contact us by telephone, please use the telephone number of our data protection partner, eye-i4 GmbH
1.1 Encrypting e-mails for our data protection officer
We highly recommend encrypted transmission by e-mail. We therefore offer you the option of encrypting your enquiries to the data protection officer in order to maintain confidentiality and integrity.
We use PGP for encryption. For more information about free usage options and facilities on the website of our data protection partner, kindly refer to the following link:
You can download our PGP key via the following link:
If you wish to verify your fingerprint, please contact our data protection partner eye-i4 GmbH.
If you have any further questions regarding encryption, please contact our data protection officer.
2 Concepts in the legal framework
Before we deal with legal issues, we would first like to introduce you to the relevant terms:
2.1 EU-GDPR (also referred to as GDPR)
The term EU-GDPR (hereinafter also referred to as “GDPR”) refers to the basic data protection regulation. It is a basic regulation of the European Union which regulates how personal data may be processed. For information, legislative text of the GDPR can be checked out via the following link:
2.2 Person in charge
“Person in charge” denotes the natural or legal person, authority, agency or other body which alone or together with others decides on the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down by Union law or by the law of the Member States, in order that the person in charge may be designated and the specific criteria for his designation may be laid down in Union law or in the law of the Member States.
2.3 Personal data and data subject
“Personal data” denotes any information that relates to an identified or
identifiable natural person (hereinafter referred to as the “concerned person”); by identifiable
we mean a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or one or more specific characteristics which express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is carried out with or without the aid of automated means relating to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available in other form, alignment or association, qualification, erasure or destruction.
2.5 Restriction of the processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting its future processing.
“Processor” means a natural or legal person, authority, agency or
any other body which processes personal data on behalf of the person in charge of data control.
The “recipient” is a natural or legal person, authority, agency or other body to whom personal data is disclosed, whether or not it is a third party. Authorities which, within the framework of a specific investigation mandate, may receive personal data in accordance with Union law or the law of the Member States are not considered to be recipients; the processing of this data by the said authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing.
2.8 Third party
By “Third party”, we mean a natural or legal person, authority, agency or other body, other than the person concerned, the controller in charge, the processor and persons who is authorised to process the personal data under the direct responsibility of the controller or processor
“Consent” of the person concerned means any voluntary, informed and unambiguous expression of his or her will in the particular case, in the form of a statement or other unambiguous confirmatory act, by which the concerned person indicates his or her consent to the processing of his or her personal data.
2.10 Violation of the protection of personal data
“Violation of the protection of personal data” means a breach of security that results in
destruction, loss, or alteration, whether unintentional or unlawful, or
unauthorised disclosure of, or access to, personalised data that has been transmitted, stored or processed in any other way.
2.11 Medical record
“Medical record” means personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, and revealing information about that person’s state of health
“Company” means any natural or legal person pursuing an economic activity, whatever its legal form, including partnerships or associations regularly pursuing an economic activity.
2.13 Supervisory authority
By “supervisory authority”, we mean an independent government body established by a Member State in accordance with Article 51.
2.14 Relevant and well-grounded objection
The “relevant and well-grounded objection” means an objection with regard to whether
there has been or has not been an infringement of this regulation, or whether the proposed action against the person in charge or processor is in accordance with this regulation, with the objection clearly indicating the extent of the risks presented by the draft decision in relation to the fundamental rights and freedom of the persons concerned and, where appropriate, also in relation to the freedom of movement of such persons.
3 Concepts in the legal framework
Before we deal with technical issues, we would first like to introduce you to the relevant terms:
3.1 File system
“File system” denotes any structured collection of personal data accessible according to specific criteria, whether centralised, decentralised or organised according to functional or geographical criteria.
Cookies are text files that are stored on your terminal device by a website using your browser. These text files can be used to execute technical issues such as a shopping cart mechanism or to determine the user-behaviour. For this purpose, the text files can be provided with identification features and additional information. You have the option of preventing the storage of cookies in the browser of the device at your end. It is possible that deactivated cookies may result in technical restrictions in the use of the website.
3.3 Server logs
Server logs are log files which are created by the web server and allow access to a website. A lot of information can be collected in a log entry, for instance access time, browser type, IP address of the visitor, etc.
The referrer is the name of the website from which the page of person in charge was accessed. For instance, the referrer can be read out for server logs.
4 Rights of the person concerned
The rights of the persons concerned ensue from the GDPR as well as from the respective national legal provisions on data protection. Should you wish to assert your rights, we ask you to contact our data protection officer using the option described at the beginning. In the following, we would like to draw your attention to your rights resulting from the GDPR, in particular Chapter 3:
4.1 Duty to provide information
The person concerned has the right to obtain information on the stored
personal data of the person concerned, whether the data was collected
from the concerned person or if the data was not collected from the concerned person. This is regulated in Chapter 3 Art. 13 and 14 of GDPR.
4.2 Right to information
The concerned person has the right to ask the person in charge for a confirmation
of the processing of the personal data in question; if this is the case,
he has the right to information about this personal data and to further information
pursuant to Art. 15 of GDPR.
4.3 Right to rectification
The concerned person shall have the right to demand rectification of inaccurate personal data concerning him or her from the person in charge without delay.
Taking into account the purposes of the processing, the concerned person shall have the right
to request the completion of incomplete personal data – also by means of a supplementary declaration.
4.4 Right to deletion
The concerned person shall have the right to demand the person in charge to delete personal data relating to him or her without delay and the person in charge shall be obligated to delete personal data without delay if one of the reasons set out in Art. 17 of GDPR applies.
4.5 Right to limitation of processing
The concerned person has the right to request the person in charge to restrict the processing if one of the conditions set out in Art. 18 of GDPR applies.
4.6 Obligation to notify
The person in charge shall notify all recipients to whom personal data have been disclosed of any rectification or deletion of the personal data or of any restriction on processing pursuant to Art. 16, Art. 17 Para. 1 and Art. 18 of GDPR, unless this proves impossible or involves an unreasonable amount of effort.
The person in charge shall inform the concerned person of such recipients when requested to do so by the concerned person.
4.7 Right to data transferability
The concerned person shall have the right to obtain the personal data concerning him which he has provided to a person in charge in a structured, common and machine-readable format and shall have the right to communicate such data to another person in charge without obstruction by the person in charge to whom the personal data has been provided.
4.8 Right of objection
The concerned person shall have the right to object at any time, on grounds relating to his/her particular situation, to the processing of personal data concerning him/her carried out pursuant to Article 6 Para. 1 (e) or (f), including profiling based on those provisions. The person in charge shall no longer process personal data unless he can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedom of the concerned person or the processing is for the purpose of enforcing, pursuing or defending legal claims.
4.9 Complaint to the supervisory authority
According to Art. 77 of GDPR, you have the right to complain to a supervisory authority. As a general rule, you can contact the supervisory authority of your habitual place of residence or workplace or the office of the person in charge.
Our competent supervisory authority is:
State Commissioner for Data Protection and Freedom of Information, Stuttgart
5 Details of the person responsible
The person in charge pursuant to Art. 24 of GDPR is given below:
micrometal GmbH Renkenrunsstraße 24 79379 Müllheim
Further information about the person in charge can be found in the imprint.
6 Used web technologies
6.1 Encryption of the data transmission
We use the SSL procedure (Secure Socket Layer) to encrypt the transmission and request of data to our website. For this we use a 128-bit key with SHA 256 hash.
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction and also against unauthorised access by third parties. We continuously improve our security measures in line with technological developments.
6.2 Server logs
If you only use the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to youm and to ensure stability and security (legal basis is Art. 6 Para. 1 sentence 1 lit. f of GDPR):
– Anonymised IP-address,
– Date and time of the request,
– Time zone difference to Greenwich Mean Time (GMT),
– Content of the request (concrete page),
– Access status/HTTP status code,
– the amount of data transferred in each case,
– Website from which the request comes (referrer),
– Operating system and its interface,
– Language and version of the browser software.
When you use our website, cookies are stored on your computer. You can configure your browser settings according to your wishes and, for example, reject the acceptance of Third- Party cookies or all cookies. We would like to point out that if you do so, you may not be able to use all the functions of this website.
This website uses the following types of cookies, the scope and functionality of which are explained below:
– Transient Cookies,
– Persistent Cookies.
6.3.1 Transiente Cookies
Transient cookies are automatically deleted when you close your browser. These particularly include session cookies. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close your browser.
6.3.2 Persistente Cookies
Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
6.4 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how visitors use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is enabled on this website, Google will previously truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to and truncated by Google on servers in the United States. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.
by downloading the browser plug-in available under the following link and
This website uses Google Analytics with the extension “_anonymizeIp()”. This would allow for
IP addresses to be further processed in shortened form, thus excluding the possibility of personal references. If the data collected about you has a personal reference, it is excluded immediately and the personal data is deleted immediately.
We use Google Analytics to analyse and regularly improve the use of our website. The statistics we have obtained allow us to improve our offer and make it more interesting for you as a user. In the event of the exceptional cases in which personal data is transferred to the US, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. legal basis for the use of Google Analytics is Art. 6 Para. 1 sentence 1 lit. f of GDPR.
Overview of data protection: http://www.google.de/intl/de/policies/privacy.
It is possible to prevent the use of Google Analytics by activating the opt-out: http://tools.google.com/dlpage/gaoptout?hl=en.
6.5 Google Maps
On this website, we use the offer of Google Maps. This allows us to show you interactive maps directly on the website and allow you to conveniently use the map feature. By visiting the website, Google receives the information that you have accessed the corresponding sub-page of our website. This is done irrespective of whether Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as user profiles and uses them for advertising, market research and / or needs-based design of its website. Such an evaluation is carried out particularly (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the provider’s data privacy statements. There you will also find further information about your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal information in the US and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
6.6 Google Font API
This site uses so-called web fonts provided by Google for the uniform representation of fonts. When you access a page, your browser loads the required web fontsinto your browser cache to display texts and fonts correctly.
To do this, the browser you use must connect to Google’s servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our online services This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f of GDPR.
If your browser does not support web fonts, a default font will be used by your computer. For more information about Google Web Fonts, kindly refer https://developers.google.com/fonts/faq and Google’s data privacy statement: https://www.google.com/policies/privacy/.
7 More online presence
In addition to our website, we use other online presences and digital channels, such as social media, to get in touch with our prospective parties and customers. They are listed below.
We use Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)
to establish contact and represent the company. For the data privacy statement and
opt-out options, kindly refer to: https://privacy.xing.com/de/datenschutzerklaerung.
8 Dauer der Speicherung
Unless specifically stated, we will only store personal data for as long as is necessary to fulfil the purposes for which it was collected.
In some cases, the law provides for the retention of personal data, for example in tax or commercial law. In these cases, the data is only stored by us for these legal purposes, but is not processed elsewhere and is deleted after the legal retention period has expired.
9 Passing on to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only pass on your personal data to third parties, if:
– you have given your explicit consent to this pursuant to Art. 6 Para. 1 S1. lit a. of GDPR,
– the disclosure is necessary according to Art. 6 Para. 1 sentence 1 lit. f of GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
– in the event that there is a legal obligation to pass on data pursuant to Art. 6 (1) sentence 1 lit. c of GDPR and
– this is legally permissible and necessary for the execution of contractual relationships with you pursuant to Art. 6 Para. 1 sentence 1 lit. b of GDPR.