Privacy Policy for ULTRA PRÄZISION MESSZEUGE GmbH
for the ultra-germany.com, ultra-germany.de, ultra-germany.shop websites
(Last updated Juli 2021)
We take the protection of your personal data seriously and would like to inform you here about data protection in our company.
Additional obligations have been imposed on us within the scope of our responsibility under data protection law as a result of the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) in order to guarantee the protection of the data subject’s personal data (we will refer to you as “customer”, “user”, “you”, or “the data subject”).
A. General
(1) Definitions
Following the example of Art. 4 GDPR, this privacy policy is based on the following definitions:
• “Personal data” (Art. 4(1) GDPR) is any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information relating to their physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of link to such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (even photographs, video or audio recordings may contain personal data).
• “Processing” (Art. 4(2) GDPR) means any process that involves handling personal data, whether or not by means of automated (i.e. technology-based) processes. This includes in particular the collection (i.e. acquisition), recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the modification of a purpose or use for which data processing was originally intended.
• “Controller” (Art. 4(7) GDPR) is the natural or legal person, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• “Third party” (Art. 4(10) GDPR) means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are authorised to process the personal data; it also includes other group-affiliated legal entities.
• “Processor” (Art. 4(8) GDPR) means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g. IT service provider). In particular, a processor is not a third party in the sense of data protection law.
• “Consent” (Art. 4(11) GDPR) by the data subject means any freely given specific, informed and unambiguous indication of their wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies their agreement to the processing of personal data relating to them.
(2) Name and address for the controller
We are the controller of your personal data within the meaning of Art. 4(7) GDPR:
ULTRA PRÄZISION MESSZEUGE GmbH,
Weitzkaut 3, 63864 Glattbach/ Germany
+49 (0) 60 21 42 999 00
+49 (0) 60 21 42 999 01
contact form
(3) Legal basis for data processing
In principle, any processing of personal data is prohibited by law and only allowed if the data processing falls under one of the following justifications:
• Point (a) of Art. 6(1) (1) GDPR (“Consent”): If the data subject has freely given their consent, in an informed and unambiguous manner, by means of a declaration or any other unambiguous affirmative act, to the processing of personal data concerning them for one or more specified purposes;
• Point (b) of Art. 6(1) (1) GDPR: If the processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject’s request;
• Point (c) of Art. 6(1) (1) GDPR: If processing is necessary for compliance with a legal obligation which the controller is subject to (e.g. a legal obligation to keep records);
• Point (d) of Art. 6(1) (1) GDPR: If processing is necessary in order to protect the vital interests of the data subject or of another natural;
• Point (e) of Art. 6(1) (1) GDPR: If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or
• Point (f) of Art. 6(1) (1) GDPR (“Legitimate interests”): If processing is necessary for the purposes of the legitimate (in particular legal or economic) interests of the controller or of a third party, except where such interests are overridden by the conflicting interests or rights of the data subject (in particular where the data subject is a minor).
For the processing operations carried out by us, we indicate the applicable legal basis in each case below. Processing may also be based on several legal bases.
(4) Data erasure and storage period
For the processing operations carried out by us, we indicate in each case below how long the data will be stored by us and when it will be erased or blocked. If no explicit storage period is specified below, your personal data will be erased or blocked as soon as the purpose or legal basis for the storage no longer applies. In principle, your data will only be stored on our servers in Germany, subject to a possible transfer in accordance with the regulations in A.(6) and A.(7).
However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is provided for by statutory regulations to which we are subject as the responsible party (e.g. Art. 257 HGB [German Commercial Code], Art. 147 AO [German Fiscal Code]). If the storage period prescribed by legal regulations expires, the personal data will be blocked or erased unless further storage by us is necessary and there is a legal basis for this.
(5) Data security
Wir bedienen uns geeigneter technischer und organisatorischer Sicherheitsmaßnahmen, um Ihre Daten gegen zufällige oder vorsätzliche Manipulationen, teilweisen oder vollständigen Verlust, Zerstörung oder gegen den unbefugten Zugriff Dritter zu schützen (zB TSL-Verschlüsselung für unsere Webseite) unter Berücksichtigung des Stands der Technik, der Implementierungskosten und der Natur, des Umfangs, des Kontextes und des Zwecks der Verarbeitung sowie der bestehenden Risiken einer Datenpanne (inklusive von deren Wahrscheinlichkeit und Auswirkungen) für den Betroffenen. Unsere Sicherheitsmaßnahmen werden entsprechend der technologischen Entwicklung fortlaufend verbessert.
Nähere Informationen hierzu erteilen wir Ihnen auf Anfrage gerne.
(6) Cooperation with processors
As with any large company, we use external domestic and foreign service providers to handle our business transactions (e.g. for IT, logistics, telecommunications, sales and marketing). They will only act according to our instructions and have been contractually obligated to comply with the data protection provisions in accordance with Art. 28 GDPR.
If personal data from you is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing order processing relationships.
(7) Conditions for the transfer of personal data to third countries
As part of our business relationships, your personal information may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively to fulfil contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer at the relevant places below.
(8) No automated decision making (including profiling)
We do not intend to use any personal data collected from you for any automated decision making process (including profiling).
(9) No obligation to provide personal data
We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case within the scope of the products presented below and offered by us, you will be informed of this separately.
(10) Legal obligation to transfer specific data
We may, under certain circumstances, be subject to a specific legal or statutory obligation to make the lawfully processed personal data available to third parties, in particular public bodies (point (c) of Art. 6(1) (1) GDPR).
(11) Your rightsYou can assert your rights as a data subject with regard to your processed personal data at any time by contacting us using the contact details given at the beginning under A.(2). As the data subject you have the right:
• Pursuant to Art. 15 GDPR, to request access to information about your data that we process. In particular, you may obtain access to information regarding the purposes of the processing, the categories of data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged storage period, the existence of the right to request rectification, erasure, restriction of processing or to object to the processing, the right to lodge a complaint, the source of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, where applicable, meaningful information about its particulars;
• Pursuant to Art. 16 GDPR, to request the immediate rectification of inaccurate data or the completion of your data that we have saved;
• Pursuant to Art. 17 GDPR, to request the erasure of your data stored by us, unless its processing is required in order to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or in order to assert, exercise or defend legal claims;
• Pursuant to Art. 18 GDPR, to request the restriction of the processing of your data, insofar as the correctness of the data is contested by you or the processing is unlawful;
• Pursuant to Art. 20 GDPR, to receive the data which you have provided to us in a structured, common and machine-readable format, or to request its forwarding to another data controller;
• Pursuant to Art. 21 GDPR, to object to the processing, provided that the processing is based on point (e) or (f) of Art. 6(1) (1) GDPR. This is particularly the case if the processing is not necessary for the fulfil a contract with you. Unless it is an objection to direct marketing, if you exercise such an objection, please explain why you do not want us to process your data as we do. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing;
• Pursuant to Art. 7(3) GDPR, to revoke your consent given once (also before the GDPR came into force, i.e. before 25.5.2018) – i.e. your voluntary will, made understandable in an informed manner and unambiguously by means of a declaration or other unambiguous confirmatory act, that you agree to the processing of the personal data in question for one or more specific purposes – at any time towards us, if you have given such consent. This has as a consequence that we will in future no longer be allowed to continue any data processing that was based on this consent and
• Pursuant to Art. 77 GDPR, to complain to a data protection supervisory authority about the processing of your personal data in our company, for example to the data protection supervisory authority responsible for us: -Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27, 91522 Ansbach https://www.lda.bayern.de-
(12) Changes to the privacy policy
In the context of the further development of data protection law as well as technological or organisational changes, our data protection information is regularly reviewed to determine whether it needs to be adapted or supplemented. You will be informed about changes in particular on our German website at [company website address]. This privacy policy was last updated in July 2021.
B. Visiting websites(1) Explanation of the function
Information about our company and the services we offer can be found in particular at https://www.ultra-germany.de/ together with the associated sub-pages (hereinafter collectively referred to as: “websites”). When you visit our websites, personal data may be processed.
(2) Personal data processed
When using the websites for information, the following categories of personal data are collected, stored and processed by us:
“Log data”: When you visit our websites, a log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:
• The page from which the page was requested (referrer URL)
• The name and URL of the requested page
• The date and time the page was viewed
• Description of the type, language and version of the web browser used
• The IP address of the requesting computer, which is abbreviated in such a way that it cannot be attributed to a specific person
• The transmitted data volume
• The operating system
• Notification whether the page was accessed successfully (access status/http status code)
• The GMT time zone difference
“Contact form data, registration and login to the online store”: When using contact forms, etc., the data transmitted in this way is processed (e.g. title, surname and first name, address, company, email address and time of transmission).
In addition to the purely informative use of our website, we offer the subscription to our newsletter, with which we inform you about current developments in business law and events. If you register for our newsletter, the following "newsletter data" will be collected, stored and processed by us:
• The page from which the page was requested (referrer URL)
• The date and time the page was viewed
• Description of the type of web browser used
• The IP address of the requesting computer, which is abbreviated in such a way that it cannot be attributed to a specific person
• The email address
• The date and time of registration and confirmation
(3) Purpose and legal basis of data processing
We process the personal data described in more detail above in accordance with the provisions of the GDPR, other relevant data protection regulations and only to the extent necessary. If the processing of personal data is based on point (f) of Art. 6(1) GDPR, the aforementioned purposes also represent our legitimate interests.
The processing of the log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection (legal basis is point (f) of Art. 6(1) GDPR).
Contact form data is processed to handle customer enquiries (legal basis is point (b) or (f) of Art. 6(1) (1) GDPR).
Newsletter data is processed for the purpose of sending the newsletter. When registering for our newsletter, you consent to the processing of your personal data (legal basis is point (a) of Art. 6(1) GDPR). We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration, we will send an email to the specified email address in which we ask you to confirm that you want to receive the newsletter. This serves as a means of proof of your registration and, if applicable, to solve any potential misuse of your personal data. You may withdraw your consent to the transmission of the newsletter and unsubscribe at any time. You can submit your withdrawal by clicking on the link provided in each newsletter email, per email to
datenschutz(at)ultra-germany.com
or by sending a message to the contact details specified in the Legal Notice.
(4) Data processing duration
Your data will only be processed for as long as is necessary to achieve the processing purposes mentioned above; the legal bases indicated in the context of the processing purposes apply accordingly.
Third parties engaged by us will store your data on their systems for as long as is necessary in connection with the provision of services for us in accordance with the respective order.
(5) Transferring personal data to third parties; basis for justification
The following categories of recipients, which are usually processors (see A.(6)), may have access to your personal data:
• Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for computer centre services, payment processing, IT security). The legal basis for the transfer is then point (b) or (f) of Art. 6(1) (1) GDPR, insofar as it does not involve order processors;
• Government agencies/authorities, insofar as this is necessary to fulfil a legal obligation. The legal basis for the transfer is point (c) of Art. 6(1) (1) GDPR;
• Persons engaged in the conducting of our business (e.g., auditors, banks, insurance companies, legal counsel, regulators, parties involved in acquisitions or the formation of joint ventures). The legal basis for the transfer is then point (b) or (f) of Art. 6(1) (1) GDPR.
For the guarantees of an adequate level of data protection in case of transfer of data to third countries, see A.(7).
In addition, we will only transfer your personal data to third parties if you have given your express consent to do so in accordance with point (a) of Art. 6(1) (1) GDPR.
(6) Use of cookies
We use cookies on our websites. Cookies are small text files that are assigned accordingly by the browser that you use and stored on your hard drive, which allow the entity that places the cookie to then receive certain information. Cookies cannot run programmes or transmit viruses to your compute and therefore cannot do any damage. They serve to make the websites more user-friendly and effective, i.e. more pleasant for you.
Cookies may contain data that make it possible to recognise the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. Cookies cannot directly identify a user though.
This website uses the following types of cookies, their scope and how they work are explained below:
– Transient cookies (see b)
Transient cookies are automatically erased when you close your browser. These include, in particular, session cookies. These store what is referred to as the “session ID”, by which various requests from your browser can be assigned to the shared session. This will allow your computer to be recognised if you return to our website. Session cookies are erased as soon as you log out or close your browser.
– Persistent cookies (see c).
Persistent cookies are automatically erased after a set period of time, which may differ depending on the cookie. You can erase the cookies in your browser security settings at any time.
You can configure your browser setting according to your requirements and can, for example, decline the acceptance of third-party cookies or any cookies at all. We would like to draw your attention to the fact that you probably will not be able to use all this website’s functions in this case.
We use cookies so that we can identify you on subsequent visits you make to our website if you have an account with us. Otherwise, you have to log in again for every visit.
The Flash cookies used are not collected by your browser but by your Flash plug-in. Furthermore, we use HTML5 storage objects, which are stored on your end device. These objects store the necessary data independent of the browser you are using, and do not have an automatic expiry date. If you do not want any processing of Flash cookies, you have to install a corresponding add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by putting your browser in private browsing mode. We also recommend that you regularly erase your cookies and browser history manually.]
(7) Right of objection
Information about your right of objection pursuant to Art 21 GDPR
For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data relating to you which is carried out on the basis of point (e) of Art. 6(1) GDPR (data processing in the public interest) and point (f) of Art. 6(1) GDPR (data processing on the basis of a balance of interests).
If you do raise objections, we will no longer process your personal data in future unless we have proof of compelling and entitled to grounds for processing which prevail over your interests, rights and freedoms, or where the processing is necessary to establish, exercise of defend legal claims.
Recipient for objections
The objection can be made informally by stating your name and address. The objection should be addressed to:
ULTRA PRÄZISION MESSZEUGE GmbH,
Weitzkaut 3, 63864 Glattbach/ Germany
+49 (0) 60 21 42 999 00
+49 (0) 60 21 42 999 01
contact form