Data Privacy Declaration
Thank you very much for your interest in our company. In the following document, we will inform you about the ways in which we process your personal data and the purposes for which your data is processed, as well as about your data protection rights in accordance with the General Data Protection Regulation (GDPR).
Data protection is highly important to the general management of MONTI – Werkzeuge GmbH. In general, you can use the MONTI – Werkzeuge GmbH website without providing any personal information. However, if a data subject would like to use specific services provided by our company through the website, or if we need to initiate or carry out a business relationship with the data subject, it may be necessary for us to process their personal information. If we do need to process personal information, and if there is no legal basis for that processing, we will generally obtain consent from the data subject.
We always process personal information such as names, addresses, e-mail addresses, or telephone numbers in accordance with the General Data Protection Regulation and in accordance with the specific national data privacy provisions applicable to MONTI Werkzeuge GmbH. With this Data Privacy Declaration, our company would like to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. In addition, this Data Protection Declaration informs data subjects of their rights.
As the data controller, MONTI – Werkzeuge GmbH has taken many different technical and organizational measures to provide the most seamless protection possible for the personal data we process. However, web-based data transmission may involve gaps in security. All data subjects are free to provide their personal data to us in other ways, for instance over the telephone.
The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions of a legal data protection nature is:
Server log files
Each time a data subject or an automated system accesses the MONTI – Werkzeuge GmbH website, our page collects a range of general data and information. This general data and information is saved in server log files. The following may be collected: (1) the browser type and version used, (2), the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (called a referrer), (4) the sub-pages accessed on our website by an accessing system, (5) the date and time at which the website was accessed, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information that serves to protect against hazards in case of attacks against our IT systems.
MONTI – Werkzeuge GmbH does not use this general information and data in such a way that it can be associated with any data subject. This information is instead used to (1) correctly supply the content of our website, (2) optimize the content of our website and advertisements on the site, (3) ensure the long-term functionality of our IT systems and website technology, and (4) provide criminal prosecutors the information they need for criminal proceedings in case of a cyber-attack. This data and information is recorded anonymously by MONTI – Werkzeuge GmbH for statistical purposes, and is analyzed with the goal of improving data privacy and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data we process. Anonymous server log file data is stored separate from all personal data provided by data subjects.
Collection, processing and use of personal data when processing or beginning a business relationship
Our company undertakes to protect all information and data recorded from our customers, stakeholders, service providers and other contractual partners and to treat it as confidential. We process and use your data in compliance with applicable legal requirements.
In general, we only collect and process personal data that we need to handle or initiate the business relationship. Data must be provided to conclude the contract or for contacting you before the contract comes into force. If you do not provide said data, this means that no contract can be concluded. We process data in accordance with Art. 6 (1) lit. b GDPR and Art. 6 (1) lit. f GDPR. The stored data will be used exclusively for the purposes arising from the business relationship, and stored in accordance with statutory retention periods. We do not store any data longer than necessary.
We use your contact data, which we have received within the context of the sale of goods or services, for the transmission of advertising for our own goods or services which are similar to those which you have already purchased from us, unless you have objected to this use. The processing is carried out based on Art. 6 para. 1 lit. f GDPR out of our predominant legitimate interest in direct advertising. You can object to this use at any time by notifying us.
We strictly observe legal requirements in all cases. The scope of data transmission is limited to a minimum, and all service providers working on our behalf are bound by an order processing contract to comply with data protection regulations.
No data is transferred to third countries.
Collection and processing when using the contact form
To comply with legal regulations, the MONTI – Werkzeuge GmbH website contains information that makes it possible to quickly contact our company electronically or communicate directly with us. This includes a general e-mail address. If the data subject contacts the processor via e-mail or using the contact form, the personal data transmitted by the data subject is automatically saved. Such personal data provided voluntarily by the data subject to the processor is saved for the purposes of processing or contacting said data subject. This personal data is never transmitted to third parties.
The purpose of processing is to decide whether to establish an employment or apprenticeship relationship. The legal basis for this is § 26 para. 1 Sentence 1 BDSG (German Federal Data Protection Act). Within the company, only the persons involved in the selection process have access to this data. Data is not transmitted to third parties. Automated decision-making is not used. Processing may also be carried out electronically. We assume that you have not provided us with any personal data from special categories within the meaning of Art. 9 para. 1 GDPR, unless the provision of such data appeared necessary from your point of view to exercise your rights or fulfill your legal obligations under labor law, social security law, and social protection law. We ask you to only provide us with personal data from special categories in the next steps application process if this appears necessary from your point of view to exercise your rights fulfill your legal obligations under labor law, social security law, and social protection law.
Should the data processor conclude an employment contract with an applicant, the transferred data shall be stored for the purpose of carrying out the employment relationship in accordance with statutory provisions. Should the data controller not conclude a contract of employment or apprenticeship with the candidate, the application documents shall be deleted no later than 6 months after the end of the application procedure, provided you have not consented to further processing or provided no other legitimate interests of the controller preclude deletion. Other legitimate interests in this sense include, for example, the duty to provide evidence in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG).
Using cookies allows MONTI – Werkzeuge GmbH to provide users of this website with more user-friendly services. This would not be possible without saving cookies.
Cookies can be used to optimize the information and services available on our website to benefit users. As we have noted, cookies allow us to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. Users of a website that stores cookies, for example, do not need to input their access details each time they visit the site, since the website and the cookies saved on the user’s computer system handles this function. Another example is the cookie used in an online shop’s shopping basket. The online shop remembers the items a customer has placed in their virtual shopping basket using a cookie.
Data subjects can prevent our website from saving cookies at any time by changing their web browser settings accordingly, thereby permanently objecting to cookies. In addition, cookies saved in the past can be deleted using a web browser or other software program at any time. All current web browsers are capable of deleting such cookies. If the data subject deletes cookies saved in their web browser, all functions of our website may not be available in full.
Storage duration, information, rectification, blocking and deleting data
Statutory retention periods are used as the criteria for how long our company archives personal information. After the end of the statutory retention period, such data is routinely deleted if it is no longer required to fulfill an agreement or initiate a contract.
The data controller processes and stores personal data of data subjects for only as long as is necessary to achieve the purpose for which it was stored, or if provided under European directives and regulations, or under other laws and regulations to which the data controller is subject.
If the purpose for which data was saved is eliminated, or if the archiving term specified by European regulators and issuing bodies expires, personal information is routinely blocked or deleted according to statutory regulations.
You have the right to receive information free of charge on your stored data at any time, and the rights to rectify, restrict and delete or block your data, unless other legal regulations apply. You also have the right to receive your personal data in a structured, commonly used and machine readable format, if stored digitally. If you have any complaints, you can contact the responsible supervisory authority. If you have any questions or would like more information, please contact the central information center indicated in our Legal Notice.
Legal bases for processing
Art. 6 I lit. a GDPR serves as our company’s legal basis for processing if we need to obtain consent for a specific data processing procedure. If personal data must be processed to fulfill a contract to which the data subject is a contractual party, such as is the case with processing necessary to deliver goods or perform other services or return services, then processing is based on Art. 6 lit. b GDPR. The same applies to processing necessary to carry out pre-contractual measures, for instance if we receive any inquiries regarding our products or services. If our company is subject to a legal obligation requiring processing of personal data, for example to fulfill tax-related obligations, then this processing is based on Art. 6 lit. c GDPR. In rare cases, it may be necessary to process personal data to protect the vital interests of the data subject or another natural person. This would be the case, for instance, if a visitor to our company was injured and then needed to provide their name, age, health insurance information, or other vital information to a physician, hospital or other third party. Then processing would be based on Art. 6 I lit. d GDPR. Finally, processing may be based on Art. 6 I lit. f GDPR. Processing not covered by any of the aforementioned legal bases is carried out on this legal basis, if the processing is necessary to safeguard a legitimate interest of our company or a third party, as long as the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh it. We are allowed to carry out such processing, in particular, because it has been specifically mentioned by European law. According to European law, a legitimate interest could exist if the data subject is the customer of a controller (recital 47 sentence 2 GDPR).
Legitimate interests in processing pursued by the controller or a third party
If the processing of personal data is based on Article 6 I lit. f GDPR, then we have a legitimate interest in carrying out our business for the good of all of our employees and our shareholders
Rights of Data Subjects
You are entitled to the following rights as long as the legal requirements are met according to Art. 15 to 20 GDPR: Right to information, rectification, deletion, restriction of processing, and data portability.
In addition, under Art. 21 para. 1 GDPR, you have the right to object to processing based on Art. 6 para. 1 f GDPR, as well as object to processing for the purpose of direct advertisement.
If data processing is carried out based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, or based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, you have the right to object to / revoke your consent to this processing at any time with future effect.
After you have objected / revoked your consent, processing of such data will end and your data set will be deleted, unless processing is necessary to assert, exercise or defend against legal claims.
Furthermore, you have the legal right to submit complaints to the responsible supervisory authority.
If you have any questions or would like to request further information, contact our Data Protection Management Team at firstname.lastname@example.org.
Legal or contractual regulations on providing personal data, necessity to conclude a contract; obligations of the data subject providing personal data; possible consequences of not providing data
Please note that, in some cases, personal data must be provided by law (such as under tax law) or under contractual regulations (such as when providing information to contractual partners). In some cases, it may be necessary for a data subject to provide us with personal data to conclude a contract, after which we must process said data. The data subject must provide us with personal data, for instance, if our company is concluding an agreement with them. Failing to provide such personal data would make it impossible for us to conclude the agreement with the data subject. Before the data subject provides us with personal data, they must contact one of our employees. Our employees will clarify to the data subject on a case-by-case basis whether they must provide such personal data under the law or under the agreement, or if it is required to conclude an agreement, whether there is any obligation to provide the personal data, and what the consequences would be if they elected not to provide the personal data.
Use of automated decision-making
As a responsible company, we do not use automated decision-making or profiling.
Data protection provisions on the use of Facebook
The controller has integrated components from the company Facebook on this website. Facebook is a social network.
A social network is a social hub operated online, an online community that typically allows users to communicate with one another and interact in a virtual space. A social network can be used as a platform for exchanging opinions and experiences, or can allow an internet community to provide personal or company-specific information. Facebook allows users of its social network to create private profiles, upload photos and network with one another via friendship requests.
The company that operates Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The controller responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, if the data subject lives outside of the USA or Canada.
Each time one of the pages on our website operated by the controller is accessed where a Facebook component has been integrated (Facebook plug-in), the Facebook component automatically causes the data subject’s web browser to download a representation of the Facebook component from Facebook. A general overview of all Facebook plug-ins is available at https://developers.facebook.com/docs/plugins/?locale=de_DE. During this technical process, Facebook obtains information on which specific sub-pages of our website the data subject has visited.
If the data subject is logged in at Facebook at the same time, each time the data subject accesses our website, and the entire time they spend on our website, Facebook receives data on which specific sub-pages of our website the data subject has visited. This information is collected by the Facebook components and associated with the data subject’s Facebook account by Facebook. If the data subject presses one of the Facebook buttons integrated on our website, for instance the “Like” button, or if the data subject adds a comment, Facebook associates this information with the data subject’s personal Facebook user account and stores this personal data.
Facebook is always informed through the Facebook component that the data subject has visited our website if the data subject is logged in at Facebook at the same time they access our website; this occurs regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, then they can prevent the transmission by logging out of their Facebook account before accessing our website.
Facebook’s published data guidelines, which are available at https://de-de.facebook.com/about/privacy/, provide information on how Facebook collects, processes and uses personal data. In addition, they explain the settings Facebook offers to protect the data subject’s privacy. Furthermore, there are different applications that can suppress data transmission to Facebook. The data subject can use such applications to suppress data transmission to Facebook.
Data protection provisions on the use of Google Analytics (with anonymization function)
The controller has integrated components of Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics is the collection, recording and evaluation of data on website user behavior. A web analytics service records data on which website the data subject has come from (called a referrer), which sub-pages of the website the user accessed, or how often and for which duration the user viewed a sub-page. Web analytics are generally used to optimize the website and to complete a cost and benefit analysis of web-based advertisements.
The company responsible for operating Google Analytics components is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the suffix “_gat._anonymizeIp” for web analytics using Google Analytics. Google uses this suffix to abbreviate and anonymize the data subject’s IP address for their internet connection if they access our website from a member state of the European Union or another contracting state to the Agreement on the European Economic Area.
The purpose of Google Analytics components is to analyze visitor streams to our website. Google uses the data and information collected to evaluate use of our website in order to create online reports about the activities undertaken on our website, and to provide other services associated with the use of our website.
Google Analytics saves a cookie on the data subject’s IT system. Cookies are explained above in more detail. When Google saves a cookie, this allows the company to analyze the use of our website. Each time one of the pages on our website operated by the controller is accessed where a Google Analytics component has been integrated, the Google Analytics component automatically causes the data subject’s web browser to transmit data to Google for the purpose of online analysis. During this technical process, Google receives personal data such as the IP address of the data subject, which Google can use to track the visitor’s origin and clicks and settle commissions.
Cookies are used, for instance, to store personal data such as the access time, location from which the page was accessed and frequency of visits to our website by the data subject. Each time a data subject visits our website, their personal data, including the IP address of the web connection the data subject is using, is transmitted to Google in the USA. Google stores this personal data in the USA. Google may transmit this personal data collected through the technical process to third parties in some cases.
Data subjects can prevent our website from saving cookies at any time as described above by changing their web browser settings accordingly, thereby permanently objecting to cookies. Changing the settings in this way would also prevent Google from saving a cookie on the data subject’s IT system. In addition, cookies already saved by Google Analytics can be deleted using a web browser or other software programs at any time.
Further information and applicable Google data protection provisions are available at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at the link https://www.google.com/intl/de_de/analytics/.
Data protection provisions on the use of Google AdWords
The controller has integrated Google AdWords on this website. Google AdWords is a web advertisement service that allows advertisers to place adds in Google search engine results and in the Google advertising network. Google AdWords allows advertisers to stipulate keywords used to display an ad in Google search engine results if the user uses the search engine to access a search result for which the keyword is relevant. Ads are distributed to websites relevant to the topic in Google advertising networks via an automated algorithm, considering previously stipulated keywords.
The company responsible for operating Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to advertise for our website by showing advertisements relevant to the user’s interests on third party websites and in Google search engine results, and to show third party advertisements on our website.
If a data subject accesses our website through one of these Google ads, then Google saves a conversion cookie on the data subject’s IT system. Cookies are explained above in more detail. A conversion cookie becomes invalid after thirty days, and is not used to identify the data subject. If the conversion cookie is still valid, it is used to track whether the user has accessed certain sub-pages of our website, such as the shopping basket in our online shop system. Both we and Google can use the conversion cookie to track whether a data subject who has accessed our website via an AdWords ad generates any revenues, or has completed or canceled a purchase.
Data and information collected through use of the conversion cookie is used by Google to create visitor statistics for our website. We use these visitor statistics, in turn, to determine the total number of users sent to us via AdWords ads, and thereby to determine the success or failure of the AdWords ad in question and optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertising customers receive information from Google that could be used to identify the data subject.
The conversion cookie is used to store personal data, for instance on the websites visited by the data subject. Each time a data subject visits our website, their personal data, including the IP address of the web connection the data subject is using, is transmitted to Google in the USA. Google stores this personal data in the USA. Google may transmit this personal data collected through the technical process to third parties in some cases.
Data subjects can prevent our website from saving cookies at any time as described above by changing their web browser settings accordingly, thereby permanently objecting to cookies. Changing the settings in this way would also prevent Google from saving a conversion cookie on the data subject’s IT system. In addition, cookies already saved by Google AdWords can be deleted using a web browser or other software programs at any time.
Furthermore, the data subject can object to Google displaying interest-based advertisements. To do so, the data subject must access the link www.google.de/settings/ads from each of the web browsers they use and change their desired settings there.
Further information and applicable Google data protection provisions are available at https://www.google.de/intl/de/policies/privacy/.
Data protection provisions on the use of LinkedIn
The controller has integrated components from the LinkedIn Corporation on this website. LinkedIn is a web-based social network that allows users to connect with their existing business contacts and to make new business contacts. Over 400 million registered users use LinkedIn in more than 200 countries. Currently, this makes LinkedIn the largest platform available for business contacts and one of the world’s most frequently visited websites.
Each time a user accesses our website that has a LinkedIn component on it (LinkedIn plug-in), the component causes the data subject’s browser to download a representation of the LinkedIn component. Further information on LinkedIn plug-ins is available at https://developer.linkedin.com/plugins. During this technical process, LinkedIn obtains information on which specific sub-pages of our website the data subject has visited.
If the data subject is logged in at LinkedIn at the same time, each time the data subject accesses our website, and the entire time they spend on our website, LinkedIn receives data on which specific sub-pages of our website the data subject has visited. This information is collected by the LinkedIn components and associated with the data subject’s LinkedIn account by LinkedIn. If the data subject presses a LinkedIn button integrated on our website, LinkedIn associates this information with the data subject’s personal LinkedIn user account and stores this personal data.
LinkedIn is always informed through the LinkedIn component that the data subject has visited our website if the data subject is logged in at LinkedIn at the same time they access our website; this occurs regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, then they can prevent the transmission by logging out of their LinkedIn account before accessing our website.
LinkedIn allows users to unsubscribe from e-mail, text messages and targeted ads and managing advertisement settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners like Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, that can save cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. LinkedIn’s data protection provisions are available at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie guidelines are available at https://www.linkedin.com/legal/cookie-policy.
Data protection provisions on the use of YouTube
The controller has integrated components from YouTube on this website. YouTube is a web video portal that allows video publishers to create video clips free of charge, and allows other users to view, rate and comment on these video clips. YouTube allows users to publish all kinds of videos, and complete movies and TV shows as well as music videos, trailers or videos made by users themselves can be accessed via the web portal.
The company responsible for operating YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time one of the pages on our website operated by the controller is accessed where a YouTube component has been integrated (YouTube video), the YouTube component automatically causes the data subject’s web browser to download a representation of the YouTube component from YouTube. Further information on YouTube is available at https://www.youtube.com/yt/about/de/. During this technical process, YouTube and Google receive information on which specific sub-pages of our website the data subject has visited.
If the data subject is logged in to YouTube at the same time, YouTube learns which specific sub-pages of our website the data subject has visited each time the user accesses a sub-page containing a YouTube video. This information is collected by YouTube and Google and associated with the data subject’s YouTube account.
YouTube and Google are always informed through the YouTube component that the data subject has visited our website if the data subject is logged in at Youtube at the same time they access our website; this occurs regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, then they can prevent the transmission by logging out of their YouTube account before accessing our website.
YouTube’s data protection provisions, that are published at https://www.google.de/intl/de/policies/privacy/, provide information on how YouTube and Google collect, process and use personal data.
Last updated: 1/16/2020