Data protection information: www.vem-group.com
At VEM Group we take the protection of your personal data very seriously. Personal data is only collected on this website as far as it is required for technical reasons. Under no circumstances will we give the data that we have collected to third parties.
With the following data protection information, we, the VEM Group, VEM GmbH, Pirnaer Landstraße 176, 01257 Dresden, as the data controller within the meaning of the General Data Protection Regulation (GDPR), would like to explain which personal data we process when you visit our website and use our online services. We would like to point out that, by default, all data transfers in connection with our website are made via an encrypted connection.
We reserve the right to modify our data protection information from time to time so that it always corresponds to the current legal requirements or reflects the changes in our services. We therefore recommend that you read the data protection information regularly to get the latest information on the protection of the personal data we process.
Logging and creation of log files
Some technical data gets logged when you access our website. This general data and information are stored in the log files of the server. Your IP address, your browser identification and domain, name of the retrieved file, date and time of retrieval, amount of data transmitted and the successful retrieval are recorded in a log file. Personal data is processed for making the website available, eliminating errors and investigating acts of abuse or fraud due to a legitimate interest in accordance with Art. 6 (1) Sentence 1 lit. f GDPR. The log files are anonymised after seven days, and anonymised data is also deleted every quarter following a statistical evaluation.
Cookies are used on our website in connection with the following services:
- Google Analytics, Google Ireland Limited - web analysis
On the basis of your consent pursuant to Art. 6 (1) lit. a GDPR, we employ Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"), using the Google Tag Manager. We have concluded a contract with Google for order processing in accordance with Art. 28 GDPR for this purpose. Furthermore, in the event of data transfer to the parent company Google LLC, which is based in USA, appropriate safeguards are in place for the protection of data subjects within the meaning of Art. 46 (1) GDPR by concluding standard data protection clauses in accordance with Art. 46 (2) lit. c GDPR. Your declaration of consent also expressly includes the possible worldwide transfer and processing of data by other group companies of Google LLC. In this regard, we wish to stress the existence of potential risks, for example the difficult enforcement of data protection rights of data subjects.
Cookies set by Google Analytics are used to process usage data (e.g., visited websites, access times) and communication data (e.g., IP addresses, device information) on our behalf in order to evaluate the use of our online service, compile reports on activities within our online service and provide other services associated with the use of our online service. Here, it is also possible to create pseudonymised user profiles.
- Google Maps, Google Ireland Limited – map display
On the basis of your consent pursuant to Art. 6 (1) lit. a GDPR, we integrate Google Maps, an online map provider from Google Ireland Limited ("Google") using European server locations, for an appealing presentation of our location and for any directions. Your declaration of consent also expressly includes the possible worldwide transfer and processing of data by other group companies of Google LLC. In this regard, we wish to stress the existence of potential risks, for example the difficult enforcement of data protection rights of data subjects.
By integrating and using the map content, Google can process both usage data (e.g., access times, addresses entered for route planning, if any) and communication data (e.g., IP addresses). We have no influence on the further processing of personal data by Google. The cookies set by Google Maps to ensure functionality are deleted at the end of the session.
- Google reCaptcha, Google Ireland Limited – captcha service
In order to check and avoid interactions on our website by automated accesses by means of so-called bots, we employ Google reCaptcha, a captcha service of Google Ireland Limited ("Google"), using European server locations. In order to fulfill the processing purpose described above, the service places a cookie on your computer for the duration of the query. Your input is transmitted to Google and further used there. By using the service, Google can identify the website from which a request has been sent and the IP address from which the so-called reCaptcha input box has been used. In addition to your IP address, Google may collect other information necessary to provide and maintain this service.
Since, on the basis of the information available to us, it cannot be ruled out beyond doubt that Google will combine the personal data processed in this way with other Google data and use it for advertising purposes, among other things, we integrate Google reCaptcha exclusively on the basis of your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. Your declaration of consent also expressly includes the possible worldwide transfer and processing of data by other group companies of Google LLC. In this regard, we wish to stress the existence of potential risks, for example the difficult enforcement of data protection rights of data subjects.
Moreover, only technically required cookies are used on the basis of a legitimate interest pursuant to Art. 6 (1) lit. f GDPR. The legitimate interest of the VEM Group in this respect is to ensure that the website is made available in accordance with data protection requirements (e.g., storage of the selection made with regard to the cookie banner) and to ensure the unrestricted technical functionality of the website, in particular, of the login area (e.g., TYPO3-specific cookies). These cookies are stored for the duration of the session.
Sendinblue, Sendinblue GmbH – newsletter distribution
In order to provide our newsletter service, we have incorporated a data-entry box of Sendinblue, our service provider, for the registration of email addresses on our website based on a legitimate interest in accordance with Art. 6 (1) lit. f GDPR. To be able to provide the newsletter service, we have concluded a contract with Sendinblue for order processing in accordance with Art. 28 GDPR.
Newsletter subscription always takes place within the scope of your consent in accordance with Art. 6 (1) lit. a GDPR. All we need to ensure that you receive our newsletter is your email address. To guarantee the correctness of your data and to verify your consent, you will receive a corresponding confirmation email from us. Based on previous case law, we log your email address, your IP address and the date and time of registration, as well as the confirmation, when you subscribe to our newsletter.
Naturally, you will be able to revoke your consent at any time with effect for the future. Please use the Unsubscribe link which you will find at the end of every email notification from us. If you click it, your personal email address details will be deleted and you will not receive any further notifications via email in the future.
A contact form, which can be used for electronic contact, is available on our website. When you make use of the contact form, we process the personal data provided by you to resolve your query. This particularly includes your name, email address and your expressed query, and additionally the IP address and the time of use so as to prevent and clarify cases of misuse. The aforementioned personal data is processed based on a legitimate interest in accordance with Art. 6 (1) lit. f GDPR or – insofar as contractual matters or contract-preparatory measures are concerned – in accordance with Art. 6 (1) Sentence 1 lit. b GDPR.
The personal data you provide will be treated confidentially by us, it will only be used to process your query and will not be passed on to third parties unless this is necessary in individual cases due to the nature of your query. Personal data is deleted after the final clarification of your query or if you object to its storage. The logged IP address and the time of contact are deleted after seven days. The deletion periods described here apply only if they are not in conflict with the legal retention periods.
Use of the customer login/electronic catalogue “VEMeKAT”
VEM Group customers are assigned user accounts to use the login area. The respective email addresses of authorised users are processed for creating these user accounts. Passwords are set by the authorised users themselves. Furthermore, additional personal data, in particular personal master data and contact data, can be provided within the scope of the access. Personal data is processed on the basis of the owner and user relationship and the existing contractual relationship in accordance with Art. 6 (1) Sentence 1 lit. b GDPR. Personal data is deleted upon termination of the usage relationship and the associated deletion of the user account, insofar as this is not in conflict with the stipulated legal retention periods.
The electronic catalogue "VEMeKAT" may be used without restriction via guest access. With freely-selectable user names and passwords we offer you the opportunity to create shopping baskets for rapid access to previous searches. You can delete the shopping carts later-on by yourself. Here again, data processing is carried out on the basis of the respective free usage relationship in accordance with Art. 6 (1) Sentence 1 lit. b GDPR.
Use of service providers for making the website available
To make the website available, we use service providers who process personal data on behalf of the VEM Group or whose access to personal data cannot be excluded. We have concluded contracts with all these service providers for order processing in accordance with Art. 28 GDPR. In addition to the service providers already mentioned, we also use the services of Host Europe GmbH (hosting) and mellowmessage GmbH (technical support).
Rights of data subjects and contacting the data protection office
At any time, data subjects can request information concerning the personal data relating to them and, where applicable, correction and erasure of this personal data. It is also possible to request that the processing be restricted or to object to the processing. In addition, a right of data portability exists in their favour. Furthermore, should the data processing take place in accordance with the consent of the data subject, it is possible to revoke this at any time with effect for the future. In order to claim their rights, data subjects can contact our data protection officer, Dresden Institute for Data Protection, via datenschutz[at]vem-group.com (further contact information is available via the following link: www.dids.de). In addition, in accordance with Art. 77 GDPR, each data subject has the right to complain to a data protection supervisory authority, should he or she be of the opinion that the processing of the personal data is taking place unlawfully.
Data protection information for our social media presences
In order to actively communicate with our users and to provide information concerning our activities, we, the VEM Group, maintain various social media presences, in part under joint responsibility with the social media pro-viders listed below.
Within the framework of the use of our presences in the social networks referred below by our users, we wish to point out that personal data of the users can also be processed by the operators of the social networks outside of the European Union and European Economic Area. This can lead to risks for the users, for example the claiming of their rights as data subjects under data protection laws can be made more difficult. However at the same time, we would like to point out that if the operators of the social networks support this, we are working towards the con-clusion of agreements concerning joint responsibility in accordance with Article 26 GDPR as well as standard data protection clauses in accordance with Article 46 Paragraph 2 Letter d) GDPR.
In addition, we wish to make clear that the personal data of the users is also generally processed by the operators of the social networks for their own market research and advertising purposes. Any use profiles which are gener-ated from the use behaviour can be used to display adverts which are tailored to the interests of the users, also outside of the social networks. For this purpose, cookies are generally placed on the computers of the user by the operators of the social networks, which means that information relating to the device, use behaviour and interests of the users can also be processed even if the user does not hold a profile in the respective network. Further in-formation in this respect and details concerning any rights of objection can be found in the data protection infor-mation and additional information provided by the respective operators of the social networks. We have provided links to these below.
The following applies to the processing of personal data:
Processed data categories
The processed data categories include core data (for example name), contact data (for example email addresses), content data (for example text entries), use data (for example interest in content), as well as meta and communica-tion data (for example device information and IP addresses).
Purpose and legal basis of the processing
Data processing takes place for the purposes of information provision, communication, marketing and bandwidth measurement, should this be subject to our responsibility. The operation of the social media presences takes place in line with a legitimate interest in accordance with Article 6 Paragraph 1 Sentence 1 Letter f) GDPR, whereby the respective interests are represented by the purposes referred to above.
Duration of saving
The categories of data processed by us are only saved within the respective social network. In most cases, we have no influence over the concrete duration of the saving, as this is determined by the providers of the social net-works. You can obtain information in this respect in the data protection information of the respective provider. Should it be possible for us to influence the duration of the saving in individual cases, the data is deleted once the purpose has been fulfilled, in compliance with the statutory retention obligations.
Services and service providers used by us and network-specific information
Below, we wish to inform you of the services and service providers used by us and to provide you with network-specific information, naming the respective responsible locations within and outside of the EU / EEA. No further data transfer is carried out by us.
LinkedIn, LinkedIn Ireland Unlimited Company / LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085
Information concerning the rights of data subjects
At any time, data subjects can request information concerning the personal data relating to them and, where applicable, correction and erasure of this personal data. It is also possible to request that the processing be restricted or to object to the processing. In addition, a right of data portability exists in their favour. Furthermore, should the data processing take place in accordance with the consent of the data subject, it is possible to revoke this at any time with effect for the future. In order to claim your rights, you can contact our data protection officer, the Dresdner Institut für Datenschutz (Dresden Institute for Data Protection) via firstname.lastname@example.org (further contact information is available via the following link: www.dids.de). In addition, in accordance with Article 77 GDPR, each data subject has the right to complain to a data protection supervisory authority, should he or she be of the opinion that the processing of the personal data is taking place unlawfully.
In relation to the claiming of rights of data subjects, we wish to point out that in order to obtain comprehensive measures, it is advisable to address such claims directly to the respective operator of the social network. Only the operators of the social networks have access to all of the personal data of the users which has been gathered and are able to provide comprehensive information and take any applicable measures accordingly. Should you require any assistance in this respect, it goes without saying that you can contact our data protection officer at any time.