Name and address of the responsible person
The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:
Filtration Group GmbH Deutschland
Phone: +49 7941 6466-0
Email: [email protected]
Name and address of the data protection officer
The data protection officer of the responsible person is:
Phone: +49 7144 334 905-40
E-Mail: [email protected]
General information about data processing
Scope of the processing of personal data
We process the personal data of our users only to the extent necessary to provide a functioning website as well as our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 Para. 1 lit. a EU Data Protection Basic Regulation (GDPR) serves as the legal basis. Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. Art. 6 para. 1 lit. d GDPR serves as a legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
Data deletion and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in Union regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
Provision of the website and creation of logfiles
Description and scope of data processing
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
(1) Information about the browser type and the version used
(2) The user’s operating system
(3) The Internet Service Provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user’s system accesses our website
(7) Websites accessed by the User’s system through our Website
The data is also stored in the log files of our system. This does not affect the user’s IP address or other data that enables the data to be assigned to a user. These data will not be stored together with other personal data of the user.
legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
purpose of data processing
The data is stored in log files in order to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
In these purposes also lies our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f GDPR.
Length of storage
If the data is stored in log files, this is the case after seven days at the latest. A storage going beyond this is possible. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
opposition and removal possibility
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.
(a) description and extent of data processing
(1) Language settings
(2) Log-in information
(1) Entered search terms
(2) Frequency of page views
(3) Use of website functions
The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the user.
We collect the following types of information.
user content that you can send to the service. Communication between you and the Filtration Group. For example, we may send you service-related e-mails (e.g., account verification, changes/updates to service features, technical and security notices).
We use third-party analytics tools such as Google Analytics, SalesForce, and Marketo to measure traffic and usage trends for the service. These tools collect information that is sent from your device or our service, including the web pages you visit, add-ons and other information that helps us improve the service.
Cookies and similar technologies:
You have many options for managing cookies on your computer. All common browsers allow you to block cookies or delete them from your system. To learn more about your cookie management options, please read the privacy features in your browser.
Log file information:
Information about the log file is automatically displayed by your browser on each request to access (i.e. visit) a web page or application. It can also be provided when the content of the webpage or app is downloaded to your browser or device.
When you use our Service, our servers automatically record certain log file information, including your web request, IP address (« IP »), browser type, referral pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other information. We may also collect similar information from emails sent to our users that help us track which emails are opened and which links are clicked by recipients. The information will enable us to report more accurately and improve the service.
When you use a mobile device such as a tablet or phone to access our service, we may access, collect, monitor, store and/or remotely store one or more « Device IDs » on your device. Device IDs are small data files or similar data structures stored on or associated with your mobile device that uniquely identify your mobile device. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device’s operating system or other software, or data sent to the device by the Filtration Group.
A Device ID may provide us or a third party with information about how you browse and use the Service and may help us or others provide reports or personalized content and advertisements. Some features of the Service may not function properly if the use or availability of Device IDs is impaired or disabled.
Metadata is usually technical data that is linked to the user content. Metadata can describe, for example, how, when, and by whom part of the user content was collected, and how this content is formatted. Users can add or have metadata added to their user content. This makes your user content more searchable and interactive for others. If you geotag your user content or tag your user content using another company’s application programming interface, your latitude and longitude will be stored along with your user content and can be searched (e.g. by a location or map function) if your user content is published by you according to your privacy settings.
legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR.if the user has given his consent.
purpose of data processing
The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.
In these purposes also our legitimate interest lies in the processing of personal data according to Art. 6 Para. 1 lit. f GDPR.
Length of storage, possibility of opposition and removal
Contact form, online application and e-mail contact
Description and scope of data processing
A contact form is available on our website, which can be used for electronic contacting. If a user makes use of this possibility, the data entered in the input mask (e.g. company, surname, first name, e-mail) will be transmitted to us and saved.
At the time the message is sent, the following data is also stored:
(1) The IP address of the user
(2) Date and time of registration
For the processing of the data your consent is obtained in the context of the sending procedure and referred to this data security explanation.
Alternatively it is possible to contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored.
In this context, the data will not be passed on to third parties. The data will only be used for the processing of the conversation.
legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR.if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Para. 1 lit. f GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
purpose of data processing
The processing of the personal data from the input mask serves us exclusively for the processing of the establishment of contact. If you contact us by e-mail, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Length of storage
The data are deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
Opposition and elimination option
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of establishing contact will be deleted in this case.
Use Google Analytics
We use Google Analytics to analyze website usage. The data obtained from this is used to optimise our website and advertising measures. Google Analytics is a web analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). Google processes the data for website use on our behalf and is contractually obligated to take measures to ensure the confidentiality of the processed data.
The following data is recorded during your website visit:
(1) Pages viewed
(2) Your behaviour on the pages (e.g. clicks, scrolling behaviour and dwell time)
(3) Your approximate location (country and city)
(4) Your IP address (in abbreviated form, so that no clear assignment is possible)
(5) Technical information such as browser, Internet provider, terminal and screen resolution
(6) Source of your visit (i.e. via which website or advertising material you came to us)
This data is transferred to a Google server in the USA. Google will comply with the data protection provisions of the EU-US Privacy Shield agreement .
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognize you on future website visits. The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. These user-related data are automatically deleted after 14 months. Other data remain stored in aggregated form indefinitely. If you do not agree with the collection, you can prevent it with the one-time installation of the Browser-Add-ons to deactivate Google Analytics.
Social Media Plugins
We put on our website on the basis of Art. 6 para. 1 p. 11it. F GDPR Social Media Plugins of the social networks mentioned below to make our company better known. The advertising purpose behind this is to be regarded as a legitimate interest in the sense of the GDPR. So-called social plug-ins (« plug-ins ») of the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (« Facebook »), are used on our website. The plugins are marked with a Facebook logo or the addition « Social Plug-in from Facebook » or « Facebook Social Plugin ». You can find an overview of the Facebook plugins and their appearance here: https://developers.facebook.com/docs/plugins If you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook profile or are not logged on to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook profile. If you interact with the plugins, for example by clicking on the « Like » button or making a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook’s data protection information: http://www.facebook.com/policy.php If you do not want Facebook to associate the data collected through our website directly with your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plugins with add-ons for your browser.
We would like to inform you about the processing of personal data via the function of the InShare button of LinkedIn. You can recognize the button by the character « in » and the suffix « Share » (see https://developer.linkedin.com/plugins/share for more information). According to LinkedIn, LinkedIn receives information about your visits and interactions with services provided by third parties when you log in via LinkedIn or visit third party services that contain the InShare button. We have no control over what data is specifically collected and transmitted and how LinkedIn processes or uses it. Only LinkedIn is responsible for the collection, processing and use of your data. Further information from LinkedIn about the collection, processing and use of your data by LinkedIn can be found at the Internet address https://www.linkedin.com/legal/privacy-policy. We assume no responsibility for the information provided by LinkedIn. If you do not want LinkedIn to associate the information with your LinkedIn profile, you may not register or log out of the LinkedIn social media platform. If you are logged out and click on the respective button, a pop-up window will appear in which you can log in to LinkedIn.
Rights of the affected person
The following list includes all rights of the persons concerned according to the GDPR. Rights that are not relevant for your own website do not have to be mentioned. In this respect, the list can be shortened. If personal data is processed by you, you are the data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the person responsible:
right to information
You can request confirmation from the person responsible as to whether personal data concerning you will be processed by us. In the event of such processing, you may request information from the data controller on the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data that will be processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) the planned duration of storage of the personal data concerning you or, if this is not possible, criteria for determining the duration of storage;
(5) the existence of a right to rectify or delete personal data concerning you, of a right to limit the processing by the controller or of a right to object to such processing;
(6) the existence of the right to appeal to a supervisory authority;
(7) any available information on the origin of the data, if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
Right to delete
a) Deletion obligation You may request the data controller to delete the personal data concerning you immediately and the data controller is obliged to delete this data immediately if one of the following reasons applies:
1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR was based and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data concerning you have been processed unlawfully.
(5) The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
(6) The personal data relating to you have been collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
b) Information to third parties
If the person responsible has made the personal data concerning you public and is obliged to delete them pursuant to Art. 17 para. 1 GDPR, he shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform the persons responsible for data processing who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.
The right to deletion does not exist if the processing is required
(1) for the exercise of freedom of expression and information;
(2) to fulfil a legal obligation which the processing requires under the law of the Union or of the Member States to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR; (4) for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.
right to information
If you have exercised your right to rectify, cancel or limit the processing of your personal data against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, cancellation or limitation of processing, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the person responsible to be informed of these recipients.
Right to data transferability
You have the right to receive the personal data concerning you that you have provided to the responsible person in a structured, common and machine-readable format. In addition, you have the right to communicate these data to another responsible person without being hindered by the responsible person to whom the personal data was provided, provided that
(1) the processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
(2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly by a responsible person to another responsible person, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
right of objection
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless he can prove compelling legitimate reasons for the processing outweighing your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for the purpose of direct advertising, you have the right at any time to object to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is connected with such direct advertising.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your right of objection in relation to the use of Information Society services – notwithstanding Directive 2002/58/EC – by means of automated procedures using technical specifications.
Right to revoke the declaration of consent under data protection law
You have the right to revoke your data protection consent at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke your consent.
Automated decision in individual cases including profiling
You have the right not to be subject to any decision based solely on automated processing – including profiling – that has any legal effect on you or similarly significantly affects you. This does not apply if the decision
(1)is required for the conclusion or performance of a contract between you and the person responsible,
(2) is authorised by legislation of the Union or of the Member States to which the person responsible is subject and such legislation contains
appropriate measures to safeguard your rights, freedoms and legitimate interests or
(3) with your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the responsible person shall take reasonable measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the responsible person, to present his or her point of view and to contest the decision.
Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy.
Status: October 2018
Information obligation according to Art. 13 GDPR
Duty of information online meeting