We process your personal data (in short “data”) exclusively on the basis of the statutory provisions. With this data protection information, we would like to inform you about the processing of your data in our company and the data protection claims and rights to which you are entitled comprehensively within the meaning of Articles 13 and 14 of the General Data Protection Regulation (DSGVO).
For information on the responsible office and the data protection officer, please refer to the data protection information on the homepage: https://www.fristam.de/en/privacy-policy/
FRISTAM Pumpen KG (GmbH & Co.) is a manufacturer of stainless steel pumps and processes personal data for the following purposes:
As a rule, we receive data from customers and suppliers from the latter themselves, on knives, by recommendation or research in publicly accessible data sources, e.g. the Internet.
We receive data from applicants personally, via the employment agency, web portals or recruiters.
We process your data
The legal basis for the processing of applicant data is § 26 BDSG.
Consent is always voluntary. If it is not given, no disadvantages will arise. Your consent can be revoked or amended at any time without giving reasons with effect for the future. Data processing that has already taken place remains unaffected. Please send your revocation either to our postal address or to datenschutz@FRISTAM.de.
You can object to the use of your personal data for advertising purposes at any time. To do so, please use the address given above or the e-mail address datenschutz@FRISTAM.de.
We are entitled, under the legal conditions of § 7 Abs.3 UWG, to use the e-mail address of clients and suppliers, which was given when the contract was concluded, for direct advertising for our own similar services.
If you do not wish to receive advertising by e-mail from us, you can object to the use of your data for this purpose at any time. A message in text form to datenschutz@FRISTAM.de is sufficient for this purpose.
In addition to the cases explicitly mentioned in this data protection declaration, your personal data will only be passed on without your express prior consent if this is permitted or required by law.
If we use a service provider in the sense of commissioned processing, we nevertheless remain responsible for the protection of your data. All commissioned processors are contractually obligated to treat your data confidentially and to process it only in the context of providing the service. The processors we commission receive your data insofar as they require the data to fulfill their respective service. These are, for example, IT service providers that we require for the operation and security of our IT system as well as software providers for the implementation of our business processes.
In the context of contractual cooperation or projects, personal data may be passed on to other project partners in individual cases. This is done in the legitimate interest of all parties involved.
In addition, we transfer your personal data to other recipients outside the company, insofar as this is necessary to fulfill our contractual and legal obligations (e.g. tax advisors, authorities).
As a rule, we do not transfer any data to a third country. A transfer takes place in individual cases only on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate guarantees or your express consent.
We use the following services with data transfer to third countries:
2.1 To provide our store system, the management of our customer data, we use systems of Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich (“Salesforce”). The aim of this is to improve customer relationship management (CRM). We use Salesforce based on our legitimate interest according to Art. 6 (1) f DSGVO. Our legitimate interest is the simplification of administrative and IT processes, customer management and communication, the processing of inquiries, the increase of efficiency as well as the efficient implementation of marketing measures.
Salesforce is a group with subsidiaries worldwide. The parent company of the group is salesforce.com Inc, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA. Data may therefore be transferred to the USA in the course of data processing at Salesforce.
With regard to data transfers to the USA, there is no adequacy decision by the EU Commission. However, Salesforce ensures an adequate level of data protection through so-called Binding Corporate Rules (BCR). These are binding internal rules that have been approved by a European supervisory authority. You can access a copy of the BCR at the following link: https://compliance.salesforce.com/en/salesforce-bcrs.
In addition, Salesforce ensures an adequate level of data protection through the EU Standard Contractual Clauses. You can access a copy of the clauses at the following link: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf
Data is encrypted during transmission and at rest.
We use Microsoft 365 from Microsoft to carry out our office work as well as for communication for telephone conferences, online meetings, video conferences and for online collaboration. We use Microsoft 365 based on our legitimate interest according to Art. 6 (1) f DSGVO. Our legitimate interest is the simplification of administrative and IT processes, customer management and communication, processing of inquiries, increasing efficiency and the efficient implementation of marketing measures.
Microsoft 365 is a service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown Dublin 18, Ireland. When using Microsoft 365, personal data is also processed. For this purpose, we have concluded an order processing agreement with Microsoft. A corresponding order processing agreement is included in the Online Service Terms (OST).
When using Microsoft 365, Microsoft processes a variety of data.
Data processing outside the European Union (EU) generally does not occur, as we have limited our storage location to data centers in the European Union. However, telemetry or diagnostic data, the support hotline and possible other data processed in Microsoft’s area of responsibility outside the EU are excluded from this.
Furthermore, due to legal obligations, personal data may be passed on or disclosed to third parties (in particular authorities), also to third countries (USA) with a different level of data protection.
To achieve the required secure level of data protection, in addition to internal organizational measures, the so-called Standard Contractual Clauses (SCC) have been concluded with Microsoft, which are part of the Data Protection Addendum (DPA) as an annex to the above-mentioned OST.
Data is encrypted in transit and at rest. This includes messages, files (video, audio, etc.), meetings, and other content. Teams also uses TLS and MTLS to encrypt chat messages.
We use the tool “Microsoft Teams” to conduct presentations, meetings, joint project processing, team meetings, conferences, trainings and seminars.
Type of data
The legal basis for data processing when conducting “online meetings” is Art. 6 (1) b DSGVO, insofar as the meetings are conducted in the context of contractual relationships. If there is no contractual relationship, the legal basis is Art. 6 (1) f DSGVO. Our legitimate interest is the effective conduct of online meetings.
Audio or video content is only recorded with your consent; you will be informed of this in advance in each case. The legal basis for this is Art. 6 (1) a DSGVO.
Further information on the processing of personal data in Microsoft Teams can be found above or here: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.
Data of persons of the customer/supplier will be deleted after expiry of the purpose. Individual data may be subject to longer storage obligations for legal, fiscal or commercial reasons and may only be deleted after these legal obligations have expired. Data is also used for a longer period of time for the technical support of long-standing customers.
In the event of legal disputes in which the data is required as evidence, the data will not be deleted until the legal disputes have been concluded.
Data of applicants are usually deleted 6 months after the end of the application process, longer storage is only with the consent of the applicant.
Data subjects have the right to information, correction, blocking, deletion or restriction of the processing of their data at any time. You can revoke consents with effect for the future, the data processing remains legal until the effect of your revocation. You can receive your stored personal data under certain circumstances for data transmission in electronic form or as a copy.
FRISTAM Pumpen KG (GmbH & Co.) does not perform automated profiling.
If we process your data for legitimate interest, you may object to this data processing at any time. This would also apply to any profiling.
We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
If you are of the opinion that we violate German or European data protection law when processing your data, please contact us to clarify any questions. Please contact us either by mail (address see above) or by e-mail: datenschutz@FRISTAM.de. In case of doubt, we may request additional information to confirm your identity.
In addition, the supervisory authority of the Federal State of Hamburg is available to you as a contact.
This document was adopted and published by the management on 18.03.2022.
It is checked regularly – but at least every two years – for topicality and adjusted if necessary.
Current version 0.9