Transparency and information duties for customers, contractual partners, interested parties (m/f/d)
Transparency and information obligations for applicants (m/f/d)
Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with applicable personal data protection legislation, in particular the GDPR and our country-specific implementation laws, which provide comprehensive information about the processing of your personal data by Sielaff GmbH & Co. KG Automatenbau Herrieden and your rights.
Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address and IP address. Anonymous data means, that no personal reference to the individual/user can be made.
Responsible body and data protection officer
Sielaff GmbH & Co. KG
Münchener Straße 20
Company’s contact information
Tel.: +49 9825 18-0
Fax: +49 9825 18-311155
Contact Info DPO
Your rights as a data subject
We would first like to notify you of your rights as a data subject. These rights are set out in Articles 15 - 22 GDPR, and include:
- The right of access (Art. 15 GDPR),
- The right to rectification (Art. 16 GDPR),
- The right to data portability (Art. 20 GDPR),
- The right to object to data processing (Art. 21 GDPR),
- The right to erasure / right to be forgotten (Art. 17 GDPR),
- The right to restriction of data processing (Art. 18 GDPR).
To exercise these rights, please contact: datenschutz(at)sielaff.de. The same applies if you have any questions regarding data processing in our company or when you withdraw your consent. You also have a right of appeal to the relevant data protection supervisory authority.
Right to object
Please note the following with respect to your right to object:
If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing.
If you object to the processing for direct marketing, we will no longer process your personal data for such purposes. The objection is free of charge and can be made informally, where appropriate to: datenschutz(at)sielaff.de.
Should we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions.
We will then cease to process your personal information unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
Purposes and legal bases of data processing
The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Art. 6 GDPR.
We use your data to initiate business, to fulfil contractual and legal obligations, to conduct the contractual relationship, to offer products and services and to consolidate customer relationships, which may include marketing and direct marketing.
Your consent also constitutes a legal basis for data processing. In this respect, we will inform you of the purposes of data processing and the right to withdraw your consent. If the consent also relates to the processing of special categories of personal data, we will explicitly notify you in the consent process.
Processing of special categories of personal data within the meaning of Art. 9 (1) GDPR may only take place where necessary on the grounds of legal regulations and there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data.
Data transfers / Disclosure to third parties
We will only transmit your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the supervisory authorities or law enforcement authorities).
Data recipients / categories of recipients
In our organisation, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data. In many cases, service providers assist our specialist departments to fulfil their tasks. The necessary data protection contract has been concluded with all service providers.
Transfers of personal data to third countries
A transfer of data to third countries (outside the European Union or the European Economic Area) shall only take place if required by law, if necessary for the conclusion or performance of a contract concluded or if you have provided your consent for such a transfer. We do not transfer your personal data to service providers or group companies outside the European Economic Area.
Period of data storage
We store your data for as long as such is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This relates in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). The data will be routinely deleted after use unless a further period of retention is required.
We may also retain data if you have given us your permission to do so, or in the event of any legal disputes and we use the evidence within the statutory limitation period, which may be up to 30 years; the standard limitation period is 3 years.
Secure transfer of data
We implement the appropriate technical and organisational security measures to ensure the optimal protection of the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards.
The data exchange to and from our website is encrypted. We provide HTTPS as a transfer protocol for our website, and always use the current encryption protocols (SHA-256 with RSA encryption). It is also possible to use alternative communication channels (e.g. surface mail).
Obligation to provide data
A range of personal data is required to establish, implement and terminate the obligation and the fulfilment of the relevant contractual and legal obligations. The same applies to the use of our website and the various functions we provide.
We have summarised the relevant details in the above point. In some cases, legal regulations require data to be collected or made available. Please note that it will not be possible to process your request or execute the underlying contractual obligation without this information.
Data categories, sources and origin of data
The data we process is defined by the relevant context: it depends on whether, for example, you place an order online, enter a request on our contact form or if you want to send us an application or submit a complaint.
Please note that we may also provide information at specific points for specific processing situations separately where appropriate, e.g. when uploading application documents or when making a contact request.
We collect and process the following data when you visit our website:
- Name of the Internet service provider
- Web browser and operating system used
- Information on the website from which you visited us
- The IP address by your allocated Internet service provider
- Files accessed, volume of data transferred, downloads/file export
- Information on websites accessed on our site, including date and time
For reasons of technical security (in particular to safeguard against attempts to attack of our web server), this data is stored in accordance with Article 6 (1) lit f GDPR. Anonymisation takes place no later than after seven days by abbreviating the IP address so that no reference is made to the user.
We collect and process the following data as part of a contact request:
- First name
- Contact information
- Info on wishes and interests
We process the following data during registration in the download area:
- First name
- Company name
- Customer number
- E-mail address
- Street address
- Postal Code
- Place of residence
- Phone number
We process the following data as part of the training registration:
- Customer number
- First name
- Street address
- City (head office)
- Telephone number
- Fax number
Automated decisions in individual cases
We do not use purely automated processing to make decisions.
Cookies (Art. 6 (1) lit. a, f GDPR, § 25 (1), (2) TTDSG)
Cookies enable us to analyse how users use our websites so we can design the website content in accordance with the visitor’s needs. Cookies also allow us to measure the effectiveness of a particular ad and, for example, to place it based on the user's interests
The legal basis is Art. 6 (1) lit. f GDPR, § 25 (2) TTDSG for the essential cookies and Art. 6 (1) lit. a GDPR, § 25 (1) TTDSG for the cookies which require your consent.
We use the following cookies:
This type of cookies is directly controlled by us. Depending on their purpose, they remain stored permanently - even after the session has ended - (so-called persistent cookies, e.g.: implementation of opt-out) or are deleted when the browser is closed (so-called session cookies; they are only valid for one browser session).
For this purpose, so-called temporary/permanent cookies are used, which are automatically deleted after the specified time (usually 6 months). These temporary/permanent cookies are stored on your device and delete themselves after the specified time. The cookies of our partner companies also contain only pseudonymous mostly even anonymous data. They allow our partners to track which products you have viewed, whether something was purchased, which products were searched for, etc. In this context, some of our advertising partners also collect information beyond our web pages about which pages you have previously visited or which products you were interested in, for example. This makes it possible to display individualized advertising. This pseudonymous data is at no time merged with your personal data.
Most web browsers accept cookies automatically. You can of course also manually deactivate, restrict or delete cookies on your end device via the settings of your browser or software-supported.
Please note: If you deactivate the placing of cookies on your device, you may not be able to access all our website functions in certain circumstances.
User profiles / web tracking procedures (Art. 6 (1) lit a GDPR)
Matomo (formerly Piwik)
On this website we use the web analytics software Matomo Analytics (www.matomo.org), a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, ("Matomo").
We use Matomo to improve the user-friendliness of the site and for statistical purposes (statistical evaluation of visitor access) on the basis of your consent pursuant to Art. 6 (1) lit a GDPR.
The information generated by the cookie about your use of this website (including your IP address) remains on the servers of Sielaff GmbH & Co. KG Automatenbau Herrieden and will not be passed on to third parties unless it is required by law. The data is recorded anonymously. An allocation of further information to your IP address does not take place in any case. Matomo allows us to analyse the flow of visitors to this website. It helps to understand how a visitor came to this website (e.g. via the so-called referrer), which pages are accessed how often and for how long, or which browser was used for viewing. This data helps us to improve the services offered on this website. We can thus see which offers are most interesting, where navigation can be improved or whether technical requirements need to be created so that this website can be displayed without errors.
IP addresses are automatically anonymised before the analysis data is stored. Matomo has also been configured so that only the anonymised IP address is used for processing the data. Matomo also respects the "Do-not-track" setting of your browser.
The data is stored for 30 days.
If you do not agree to the storage and evaluation of this data, you can object to its storage and use at any time by clicking the link below. In this case, a so-called opt-out cookie will be stored in your browser, which means that we will not collect any session data.
Google Maps (Art. 6 (1) lit a GDPR)
We use Google Maps (API) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on the basis of your consent pursuant to Art. 6 (1) lit a GDPR. Google Maps is a web service for displaying interactive maps in order to visually present geographical information.
When you call up those sub-pages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out on the basis of your consent in accordance with Art. 6 (1) lit a GDPR and enables the display of personalised advertising, market research and/or needs-based design of the website.
You can revoke your consent at any time with effect for the future. To do so, simply call up our Consent banner (link below) and change the settings accordingly. Please note that the change in the Consent Banner settings must be made individually for each end device.
Social media links
You will find links to the social media services of Facebook, Xing, LinkedIn, YouTube and Instagram on our website. You can recognise these links by the respective company logo. If you follow these links, you will reach the company website of Sielaff GmbH & Co. KG Automatenbau Herrieden at the respective social media service. When you click on a link to a social media service, a connection is established to the servers of the social media service. The fact that you have visited our website will be transmitted to the servers of the social media service. In addition, further data is transmitted to the provider of the social media service. For example:
- Address of the website on which the activated link is located.
- Date and time when the website is accessed or the link is activated
- Information about the browser and operating system used
- IP address
If you are already logged in to the corresponding social media service at the time the link is activated, the provider of the social media service may be able to determine your user name and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media service. You can exclude this possibility of assignment to your personal user account, if you log out of your user account beforehand.
The servers of the social media services are located in the USA and other countries outside the European Union. Therefore, the data may also be processed by the provider of the social media service in countries outside the European Union.
Contact form / Contact via email (Art. 6 (1) lit a, b GDPR)
A contact form is available on our website which can be used to contact us electronically. If you write to us using the contact form, we will process the data you submitted in the contact form to respond to your queries and requests.
In so doing, we respect the principle of data minimisation and data avoidance, such that you only have to provide the information we require to contact you, which is your email address and the message field itself. Your IP address will also be processed for technical reasons and for legal protection. All other data is voluntary, and additional fields are optional (e.g. to provide a more detailed response to your questions).
If you contact us by email, we will process the personal information provided in the email solely for the purpose of processing your request. If you do not contact us using the forms provided, no additional data will be collected.
Registration / Customer account (Article 6 (1) lit a, b GDPR)
On our website, we offer users the opportunity to register by providing personal data. Registration is therefore necessary to perform a contract with you or required to implement pre-contractual measures, or possible if guest access is provided as an option.
The principle of data minimisation and data avoidance is observed here, as only the mandatory data fields required for registration are marked with an asterisk (*). This is e.g. the email address, password and password re-entry.
For the order in our download centre we also require information on the billing address (first name, surname, address).
When you register on our website, the user’s IP address and the date and time of registration are also stored (technical background data). Activate the "Register now" to consent to the processing of your data.
Please note: We will encrypt the password you entered which will be stored with us. Our company employees cannot view this password and cannot therefore assist you if you forget it.
In this event, use the "Forgotten password" function, which will send you an automatically generated new password by email. No employee is authorised to request your password by telephone or in writing. Please never disclose your password should you receive such requests.
You can of course cancel or delete the registration or your customer account. To do so, please contact registrierung(at)sielaff.de.
Registration for a training course (Art. 6 (1) lit b GDPR)
You have the option of registering for a training course via our website. If you register, we will process the data you provide as part of the registration for the registration and implementation of the training for which you have registered.
In doing so, the principle of data economy and data avoidance is observed in that you only have to provide the data that we absolutely need for the training registration and implementation. Without this data, participation in a training course is not possible.
Marketing purposes (Article 6 (1) lit f GDPR)
We are interested in maintaining a good customer relationship with you and would be happy to send you information and offers about our products / services. Therefore, we process your data in order to send you relevant information and offers by e-mail.
If you do not wish this, you can object at any time to the use of your personal data for direct marketing purposes; this also applies to profiling insofar as it is related to direct marketing. If you object, we will no longer process your data for this purpose.
The objection can be made free of charge and without formalities without giving any reasons and should be sent by e-mail to email@example.com if possible or by post to Sielaff GmbH & Co. KG Automatenbau Herrieden, Münchener Straße 20, D-91567 Herrieden.
Data protection declaration / information on data protection in social media
We maintain presences on various "social media" platforms, presently on Facebook, Instagram, LinkedIn, Xing and YouTube. Insofar as we have control over the processing of your data, we ensure that the applicable data protection provisions are complied with.
Below, you will find the most important information on data protection law in relation to our presences.
Name and address of the person responsible for the company
In addition to us, the person responsible for the company presences within the meaning of the EU General Data Protection Regulation (GDPR) as well as other data protection regulations is
(Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
(Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
(Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland)
(LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
(XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)
However, you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
We would also like to point out that your data may be processed outside the European Union. With regard to the US providers, we would like to point out that these providers are obliged by corresponding contractual regulations to comply with the data protection standards of the EU. Data processing or storage in third countries can also take place on the basis of your consent (Art. 49 (1) 1 lit a GDPR); in this case, you will be informed separately of this and of the associated risks when obtaining your consent.
Purpose and legal basis
We ourselves maintain the fan pages in order to communicate with visitors and to inform them about our offers.
In addition, we collect data for statistical purposes in order to be able to further develop and optimise the content and to make our offers more attractive. The data required for this purpose (e.g. total number of page views, page activities and data provided by visitors, interactions) are processed by the social networks and are made available to us. We have no influence on the generation and presentation.
Furthermore, your personal data is processed by the providers of the social media, but also by us for market research and advertising purposes. For example, it is possible that usage profiles are created based on your usage behaviour and the resulting interests. This allows, among other things, advertisements to be placed within and outside the platforms that correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected on your end devices may also be stored in your usage profiles. The storage and analysis also takes place across devices; this applies in particular, but not exclusively, if you are registered as a member and if you are logged in to the respective platforms.
We do not collect or process any other personal data.
The processing of your personal data by us is based on our legitimate interests in effective information and communication pursuant to Art. 6 (1). 1 lit f GDPR.
If you are asked for consent to data processing, i.e. if you declare your consent by confirming a button or similar (opt-in), the legal basis of the processing is Art. 6 (1) lit a, Art. 7 GDPR.
Your rights / possibility to object
If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data with the respective network, you must
- log out of the respective network before visiting our fan page,
- delete the cookies on your device and
- close and restart your browser.
However, after logging in again, you will once more be recognisable to the network as a specific user.
For a detailed description of the respective processing and the opt-out options, please refer to the information linked below:
Opt-Out: https://www.facebook.com/settings?tab=ads and
Opt-Out: http://www.networkadvertising.org/managing/opt _out.asp and
- Youtube Privacy
Opt-Out: https://tools.google.com/dlpage/gaoptout?hl=de und
Overall, you have the following rights regarding the processing of your personal data:
Right of access; Right to rectification; Right to erasure; Right to restriction of processing; Right to object; Right to data portability; Right to complain about unlawful processing of your personal data to the competent data protection authority.
However, as we do not have full access to your personal data, you should contact the social media providers directly when asserting your rights, as they each have access to their users' personal data and can take appropriate action and provide information.
If you still need help, we will of course try to support you. Please contact datenschutz(at)sielaff.de.
Links to other providers
Our website also contains clearly identifiable links to the Internet sites of other companies. Although we provide links to websites of other providers, we have no influence on their content, and no guarantee or liability can therefore be assumed for such. The content of these pages is always the responsibility of the respective provider or operator of the pages.
The linked pages were checked at the time of linking for potential legal violations and identifiable infringements. No illegal content was identified at the time of linking. However, a permanent content control of the linked pages is not reasonable without concrete evidence of an infringement and, upon notification of a violation of rights, such links will be promptly removed.
Cookies are small text files used by websites to make the user experience more efficient.
By law, we can store cookies on your device if they are strictly necessary for the operation of this site. For all other cookie types we need your permission. This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.
Please include your consent ID and date when contacting us regarding your consent.