Privacy Policy

Thank you for your interest in our online presence. The protection of your personal data is a vital concern of Gräbener Pressensysteme GmbH & Co. KG (hereinafter referred to as “Gräbener”, “we” or “us”). With this data protection declaration, we would like to inform you about the processing of your personal data within the scope of use of the website available under https://www.graebener-minting.com/ and other websites if and to the extent they are referred to below (hereinafter jointly referred to as “websites”) according to the requirements of the EU General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016 – called “GDPR” hereinafter).

1.             Name and contact data of the responsible body

Gräbener Pressensysteme GmbH & Co. KG
Wetzlarer Straße 1
57250 Netphen-Werthenbach
Tel: +49 (2737) 962-0
Fax: +49 (2737) 962-200
E-mail: info@graebener-minting.com

Gräbener Pressensysteme GmbH & Co. KG is represented by the Gräbener Pressensysteme-Verwaltungs GmbH (Wetzlarer Straße 1, 57250 Netphen-Werthenbach), in turn being represented by its Managing Directors Martin Stahlschmidt, Ronny Stöcker.

 

2.             Contact details of the data protection officer

The data protection officer of Gräbener is:

RA Dr. Thorsten B. Behling
WTS Legal Rechtsanwaltsgesellschaft mbH
Sachsenring 83
50677 Köln
E-Mail: dsb@graebener-minting.com

 

3.             Categories of personal data we process

When using our website, we process the following categories of personal data, depending on the services you use:

a.           The use of our website as a whole (so-called surfing):

  • Information about the type of browser you are using and the browser version
  • Your device’s operating system
  • Your Internet service provider
  • Your IP address
  • Date and time of the access
  • Websites from which your system accessed our website
  • Websites that your system accesses from our website
  • Session cookie data (e.g., pseudonym session ID, shopping cart information) insofar as you do no prohibit the collection of this information as explained under Section 8

b.            Generate a customer account

  • Personal master data (e.g. form of address, first name, last name)
  • Contact data (e.g. telephone number, fax number, e-mail address)
  • Company data (e.g. company name, VAT Reg. No.)
  • Address data (e.g. street, postal code, city, country)
  • Password

c.             Use of the request for quotation

  • Personal master data (e.g. form of address, first name, last name)
  • Contact data (e.g. telephone number, fax number, e-mail address)
  • Company data (e.g. company name, VAT Reg. No.)
  • Address data (e.g. street, postal code, city, country)
  • Message on price inquiry

d.            Use of a contact form

  • Personal master data (e.g. name)
  • Company data (e.g. company name)
  • Contact data (e.g. telephone number, e-mail address)
  • Request for callback
  • Content data of your message

e.            Use of “password forgotten” function

  • E-mail address

 

4.            Origin of personal data not collected directly from you

We generally only collect personal data about you from you personally. However, if this is not the case in exceptional cases, we will specifically point this out to you. Within the scope of the processing of the data collected through our online forms and systems, we obtain the data of the person who enters it into the respective form or system.

If you send us the personal data of third parties through our abovementioned services, you must observe all data protection requirements, especially Art. 5 through 9 and 12 ff. GDPR. Otherwise we have no intention to collect such data and reserve the right to take legal action against you.

 

5.             Storage period

The personal data we have collected is stored only as long as required for the fulfillment of the purpose connected with the storage. If this purpose no longer applies, we fundamentally delete or anonymize the data again insofar as no legitimate grounds or obligations to obtain the data (e.g., according to tax-law regulations) exist. In the latter case, the data is processed only with limitations, i.e., to fulfill the grounds or obligation to retain the data and in all other cases only with consent for the assertion, exercise or defense of legal claims, for the protection of the rights of other natural or legal person or for reasons of an important public interest of the European Union (EU) or an EU member state. In case an obligation to retain data or a legitimate reasons for storage exists, we delete or anonymize the data after the certain expiration of the legitimate grounds and/or obligation to retain the data.

When you login to your customer account and click in your account to “delete account” we will delete your data stored in your customer account. Provided that and insofar there are still obligations for storage, the data will only be processed with limitations as described before.  In any other case your customer account will be deleted when there is no activity for a period of two (2) years.

 

6.             Purposes for which the personal data is processed

We observe the basic principle of the specific use of personal data and process your personal data only for the purposes explained in this data protection declaration.
We use the personal data you have provided for the following purposes:

  • To process your inquiry/-ies (e.g. price inquiry, inquiry through the contact forms)
  • To send leaflets
  • Customer care and management
  • Observance of legal requirements (e.g. for the fulfillment of tax and commercial law responsibilities and the implementation of a compliance management system, including compliance inspections)
  • To provide access data for restricted areas of the website

 

7.             Legal basis for processing

The basis for the processing of personal data is the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)) and other European and German ordinances and laws.

 

a.      Overview of the legal basis

The following list provides you with a brief overview of the existing and/or applied legal bases according to GDPR:

 

Legal basis Description / establishment

Consent according to

Art. 6 Sect. 1 Clause 1 a) GDPR

 This legal basis steps in when you have consented to our processing of your data for one or more purposes.

To fulfill the contract or perform  pre-contractual measures according to

Art. 6 Sec. 1 Clause 1 b) GDPR

 If we have concluded a contract with your person (e.g. for the purchase of a machine) or if you have requested that we execute a pre-contractual measure (e.g. creation of a quotation), this legal basis allows us to process all of your data that is required for the fulfillment of the contract or the execution of pre-contractual measures

Fulfilment of a legal obligation according to

Art. 6 Sect. 1 Clause 1 c) GDPR

 This legal basis permits us to process your data if it is required for the fulfillment of a legal obligation (e.g. for the fulfillment of obligations according to commercial or tax law).   

 

Our own legitimate interests or the legitimate interests of third parties according to

Art. 6 Sect. 1 Clause 1 f) GDPR

 To some extent, we base our processing of personal data on our legitimate interests or on the legitimate interests of third parties. All legal, economical and non-material interests not prohibited by the legal system are considered to be legitimate interests.  Examples of our legitimate interests include data processing form communication with our customers and contacts at customers (if not already included under Art. 6 Sect. 1 Clause 1 b) GDPR).

 

 

b. Details regarding the legal bases of data processing

aa. Surfing on our website

For technical reasons related to the provision of our websites, we automatically collect data and information on the computer system of the terminal device calling our websites each time our websites are called. We therefore process your data types listed under Section 3 a). The legal basis for this is Art. 6  Sect. 1 Clause 1a) GDPR, whereby it is our legitimate interest to present our company and our products to interested parties and customers.

bb. Create a customer account

If you create a customer account on our website under http://shop.graebener-minting.com/, we process the data types as specified under Clause 3b), to provide the customer account and to confirm your registration by e-mail.  Through the customer account it is possible for Gräbener to reply to future price inquiries and to assign these inquiries to you. The creation of a customer account serves for a more simple response or preparation of price inquiries and as such for an efficient performance of pre-contractual measures. Besides, you have the possibility to check your price inquiries made in the past and to have access to the last seven products viewed. Moreover, you have the possibility to store up to five contacts, to change your data and your password as well as to notify your account for deletion. The legal basis for the processing of your data for the personal profile is Art. 6  Sect. 1 Clause 1b) GDPR.

If you make use of the possibility to create contacts in your customer account, please only indicate your different business addresses (e.g., other branch offices), without the use of personal data of third parties.The legal basis for the processing of this data is also   Art. 6  Sect. 1 Clause 1b) GDPR., to send you also quotations for other branch offices and addresses.

If you store personal data of any third parties in your contacts you must observe all data protection requirements, especially Art. 5 through 9 and 12 ff. GDPR and to send especially the information of this data protection regulation to any third party concerned. Otherwise we have no intention to collect such data and reserve the right to take legal action against you.

cc. Sending of price inquiries

When generating price inquiries through our website http://shop.graebener-minting.com/ we process your data as listed under Section 3c) for answering your inquiry. If you already have a customer account (see Section 7b) bb)) and you are logged-in, you do not have to enter the data shown (Section 3b)) again. We process the data mentioned before to perform any pre-contractual measures and to send you the quotation you have requested. The legal basis for this is Art. 6  Sect. 1 Clause 1b) GDPR.

dd. Use of our contact forms

If you contact us through the contact forms under „contact” on our website http:/www.graebener-minting.com/ we process the data types mentioned under Section 3d). Only to give your name as well as your e-mail address are mandatory fields so that we can answer you personalized. Besides you can specify whether you want us to call you back. For that we would additionally need a telephone number. Please only provide the data we need to know for answering your inquiry. In case you provide more data than that, we have no intention to collect such data. The legal basis for processing your data is Art. 6 Sect. 1 Clause 1b) or f) GDPR for answering a question within the scope of pre-contractual measures or for the safeguarding of the legitimate interests of Gräbener, whereas it is our interest being able to contact you as a contact person of one of our customers with the purpose to present us and our company.

ee. Use of our contact e-mail address or telephone number

If you contact us by e-mail or by telephone, we process the data given (e.g. e-mail address, telephone number, content of your request). The processing of the data given is required to answer your inquiry and, if pertinent, to perform any pre-contractual measures you have requested (e.g., to send a quotation you have requested). The legal bases for the processing are Art. 6 Sect. 1 Clause 1b) and f) GDPR accordingly. If you act as contact person of one of our customers, our legitimate interest in processing your data is the fulfilment of the contract with our customer or to provide our customer with documents within the scope of pre-contractual measures.

ff. Use of „password forgotten“ function

If you request a new password on our website http://shop.graebener-minting.com/ via the “password forgotten” function, we process your e-mail address initially to send you a confirmation link by e-mail. If you click on this link and thereby confirm that you requested a new password, we send you a second e-mail with a new password generated by our system. The legal basis for this is Art. 6 Sect. 1 Clause 1 b) GDPR.

gg. Other processings and purposes

The data types mentioned in Section 3 can also be processed for the following purposes:

  • Customer care and management as well as direct advertising (e.g. sending of product information), whereby the legal basis is Art. 6 Sect. 1 Clause 1 f) GDPR in this case. Our legitimate interest consists of remaining in contact with you, increasing our sales and processing all of your matters in a Group-uniform, appropriate, timely and efficient manner. Especially data according to Section 3 that we have received from you in connection with the fulfillment of the contract and/or performance of pre-contractual measures (e.g. inquiries) is affected here.
  • Observance of legal requirements (e.g., for the fulfillment of tax and commercial law responsibilities and the implementation of a compliance management system, including compliance inspections), whereby the legal basis is Art. 6 Sect. 1 Clause 1 c) GDPR.                 
  • Data protection and security management including corresponding inspections by our data protection officer and the responsible information security officer at our company. In regard to inspections performed by our data protection officer, the legal basis is Art. 6 Sect. 1 Clause 1 c) GDPR, especially in conjunction with Art. 24 Sect. 2 Clause 2 and Art. 38 Sect. 2 and Art. 39 Sect. 1 b) and c) GDPR, as well as Art. 6 Sect. 1 Clause 1 f) GDPR. Here, our legitimate interest lies in a secure and data-protection-compliant processing of personal data.

 

8.             Use of cookies

We use cookies on our website.Cookies are small data packets generated by our web server and stored on the hard disk of your computer during the communication of your computer with the web server. We use so-called session cookies for a better functionality and navigation on our website. These cookies are deleted again immediately when the browser closes.

You can assert your right to object cookies any time. Irrespective of the other possibilities for preventing cookies described in the following, you can set your browser so that it does not accept cookies or so that you receive a prompt to consent before the setting of a cookie. The details can be found in the help function of your browser. If you do not accept cookies, you will possibly not be able to utilize the full range of website functions.

Please consider that you may have to set your browser again so that it does not accept cookies when you change your browser or end device.

 

9.             Recipient or categories of recipients of personal data

The personal data is passed on to the following recipients:

  • Internal departments involved in the performance of the connected tasks (essentially: Marketing, Human Resources, IT & Security)      
  • Contractors (service providers, such as IT service providers and forwarding agents that may or may not belong to the Schuler and/or Andritz Group)     
  • Our external data protection officer

 

10.          Sending of personal data to third-party countries

We fundamentally do not send personal data collected on these websites to countries outside of the European Union or European Economic Area (third-party countries).             

It is possible, however, that data collected on these website will be sent to third-party countries if required for the fulfillment of the control, for internal communication, customer care and/or customer management or due to the use of a service provider or the involvement of a group company in a third-party country as an intermediary. We involve our data protection officer in such cases. The data is sent only if the receiving body has an appropriate data protection level based on a decision on adequacy or using suitable guarantees (Art. 45 ff. GDPR) or if neither a decision on adequacy nor suitable guarantees are required in exceptional cases (Art. 49 Sect. 1 Clause 2 GDPR). In general, we apply the EU Standard Contractual Clauses to guarantee an appropriate degree of data protection on the part of the pertinent recipient. The guarantees we use can be obtained from our data protection officer. If you would like to obtain more information on the guarantees in individual cases, please contact our data protection officer under the contact data listed under Section 2.

 

11.          Rights with respect to data processing

In regard to our use of your data, you have the following rights arising from Art. 15 through 21 GDPR, as well as the right of the revocation of your consent at any time and the right to complain to a supervisory body as described in the following. You can assert your rights to us informally, either directly using the contact data specified under Section 1 or by involving our data protection officer as an intermediary; the contact information of the data protection officer can be found under Section 2. With the exception of any transmission or connection fees, the assertion of these rights does not entail any costs.

a.      Right of information (Art. 15 GDPR)

You have the right to request a confirmation from us as to whether and which personal data on your person are processed and to obtain information regarding this data, especially in regard to the purposes and legal basis of the processing (refer to Sections 6 and 7), the categories of the data we process (Section 3), the categories of recipients (Section 9) and our intention to transfer to data to recipients in a third-party country (Section 10). This also comprises information on the origin of the data insofar as it was not collected from you personally. You also have the right to obtain a copy of the personal data being processed insofar as the rights and freedoms of other people are not infringed in regard to their own personal data.

b.      Right to correction (Art. 16 GDPR)

You also have a right to demand the correction of any incorrect personal data we have on you immediately. You also have the right to demand the completion of incomplete personal data, even by means of a supplementary declaration, under consideration of the purpose for processing.

c.      Right to deletion (Art. 17 GDPR)

You have the right to request the immediate deletion of your personal data if one of the following reasons applies and none of the exceptions explained in the following comes into play:

    • The data you processed are no longer required for the purposes described in this data protection declaration.    
    • You have revoked your granted consent (for more information, refer to Section 11. i)) and we have no other legal basis for the processing of your data.  
    • The data was unlawfully processed, or  
    • the deletion is required for the fulfillment of a legal obligation according to the law of the European Union or the member states to which we are subject.    
    • You have objected our processing of your data (for more information, refer to Section 11. g)) and we have no overriding grounds for the processing your data.   

We must not and/or may not implement your wish for deletion if one of the following reasons applies:  

    • The processing is required for the exercising of the right to freedom of expression and information.  
    • The processing is required to fulfill a legal requirement to which we are obliged according to the law of the European Union or a member state (e.g., legal storage obligations).
    • The processing is required for the assertion, exercise or defense of legal claims, or
    • The processing is required for reasons of public interest within the scope of public health.  

d.      Right to the limitation of processing  (Art. 18 GDPR)

You also have a right to demand the limitation of the processing of your personal data. You particularly have this right if one of the following reasons applies:

    • You dispute the correctness of your data. 
    • The processing of the data is unlawful and you reject the deletion of the data.
    • We no longer require your data, but you require it for the assertion, exercise or defense of legal claims, or
    • you have objected to the process (for more information, see Section 11 g)) and we are still checking whether our legitimate grounds for processing have priority over your legitimate grounds for objection.

e.      Right to notification (Art. 19 GDPR)

If you have asserted your right to correction, deletion or limitation of processing to Gräbener, we are obliged to inform all recipients to which your personal data has been disclosed of the correction or deletion of your data or the limitation of its processing unless such an undertaking proves impossible or is associated with undue effort. You have the right to be notified of such measures by the recipient. 

f.       Right to data transferability (Art. 20 GDPR)

You have the right to obtain the pertinent personal data in a structured, common, machine-readable format and send it or have us send it to another responsible party insofar as you have provided this data to use on the basis of consent or a contract and the data is processed in an automated manner. You have the right to have us send the data directly to the new responsible part if technically feasible and the rights and freedoms of other people are not violated.   

g.      Right to objection (Art. 21 GDPR)

For reasons arising from your particular situation, you have the right to object to the processing of your personal data at any time insofar as the processing of this data is required for the safeguarding of the legitimate interests of Gräbener or a third party or for the performance of a task that lies in the public interest.

You can object to the processing of your data for advertising purposes with future effect at any time. We will always comply with such a request.     

h.      Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

In addition, you can lodge a complaint at any time with the responsible data protection authority, for example at your place of residence or at the place of the alleged infringement.

The following data protection authority is responsible for us:

State Officer for Data Privacy and Freedom of Information North Rhine-Westphalia
Kavallierstr. 2-4
40213 Düsseldorf
E-mail: poststelle@ldi.nrw.de

i.       Right to the revocation consent

Insofar as you have provided us with a declaration of consent for the processing of your data, you have the right to revoke this consent with future effect at any time. Through such a revocation, the legality of any processing based on the provided consent up to the point in time of the revocation, the revocation affects only the legality of future processing.

     

12.          No obligation for the provision of data by you

No legal or contractual obligation exists that would require you to provide us with your data.

If you technically prevent us from collecting data that is required for the use of our website, it is possible that you will not be able to use the services listed under Section 3 or you will be able to use them only in a restricted manner.

The provision of data according to Section 3b) when generating a customer account is also voluntary. However, if you do not provide us with the data required, we cannot set up a customer account for you and you cannot follow up your inquiries over your profile.

You are not obliged to provide us with your personal data within the scope of an inquiry.  However, if you do not provide us with the data required it is not possible for us to send you a quotation and to answer your inquiry. This may complicate or retard the conclusion of a contract on the inquired product.

The provision of your data within the scope of our contact form is also voluntary according to Section 3d. Without the specification of a contact possibility, however, we will not be able to answer your inquiry. The same applies to contacting us directly by e-mail or telephone. If you do not provide us with the required data we cannot respond to your inquiry.

You are not obliged to provide us with your personal data when using the “password forgotten” function. However, if you do not provide us with this data, it is not possible for us to send you any information on the change of your password.

 

13.          Automated decisions, including profiling, in the sense of Article 22 GDPR

Your personal data will not be used for automated decision-making, including profiling, pursuant to Article 22 Para. 1 and 4 GDPR.

 

14.          Data security

We take technical and organizational security measures to protect your personal data against unintentional or unlawful deletion, editing or loss, as well as any unauthorized passing on to third parties or unauthorized access.

 

15.          Status and modifications of this data protection declaration

This data protection declaration corresponds with the status named below. We reserve the right to modify this data protection declaration. We therefore request that you regularly check the data protection declaration in order to remain informed of any changes.

 

Status: May 2018