PRIVACY POLICY

FRITSCH Holding AG and its subsidiaries (hereinafter FRITSCH) processes the personal data of clients and other persons that contact us and/or use our website on the basis of the valid laws, in particular the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act and the regulations based on it.

With the following declaration, we hereby fulfil our statutory information requirements and inform you about our storage of personal data as well as your rights in this regard when you call up our website.

I. General subject of data protection

The subject matter of data protection is personal data that is processed by us (as the controller).

Personal data is deemed to be all information related to an identifiable natural person. An identifiable natural person is deemed to be one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, to a customer number, to location data, to an online identifier or to one or more factors which are specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

Processing is deemed to be any operation or sequence of processing which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storing, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, processing or otherwise making available, alignment or combination, restriction, deletion or destruction.

II. Name and contact data of the controller as laid down in Art. 13 I (a), 14 I (a) GDPR

The controller is:

FRITSCH Holding AG (trade register Würzburg, HRB8533) Bahnhofstr. 27 – 31, 97348 Markt Einersheim, Germany, Phone: +49 9326 83 0, Fax: +49 9326 83 299, E-mail: datenschutz@fritsch-group.com, represented by the CEO: Kirsten Lange, VAT No.: DE238082656, Website: www.fritsch-group.com

III. Contact data of the data protection officer as laid down in Art. 13 I (b), 14 I (b) GDPR

The data protection officer is:

SPIE GmbH
Lyoner Straße 9
60528 Frankfurt am Main, Germany

Phone: +49 69 6649-6920
Fax: +49 30 55166671040

IV. Particular forms of personal data processing

FRITSCH processes personal data as follows:

1. Collection of personal data when visiting our website/creating log files

If you visit our website, the following data shall be collected:

a) Description and extent of data processing
If you use our website just for information purposes, i.e. if you do not transmit any other information via our contact form, we shall only process the personal data that your browser transmits to our server. This means the following data:

  • IP address,
  • Date and time of the enquiry,
  • Time zone difference Greenwich Mean Time (GMT),
  • Content of the request (specific page), pages you call up, name of the file that was called up,
  • Access status/HTTP status code, message whether the call-up was successful.
  • Quantity of transmitted data,
  • Website from where the request was submitted,
  • Browser,
  • Operating system and its interface,
  • Language and version of the browser software,
  • Quantity of transmitted data,
  • Page from where the file was requested (reference URL),
  • Access status (file transmitted, file not found, etc.).

The data shall also be stored in the log files of our system. This data shall not be stored together with other personal data of the user. It shall be passed on to our web hoster Domain Factory.

b) Legal basis for data processing
The legal basis for the temporary storage of the data and log files is Art. 6 Para. 1 (f) GDPR.

c) Purpose of data processing
The data shall be stored in log files to guarantee the functionality of the website. Moreover, the data helps us to optimise the website and to ensure the security and stability of our information technology systems. There shall be no evaluation for marketing purposes undertaken in this context.

These purposes are the basis for our legitimate interest in data processing as laid down in Art. 6 Para. 1 (f) GDPR.

d) Duration of storage
The data shall be deleted as soon as it is no longer required for the purpose of its collection. If the data is stored in log files, it shall be deleted within seven days at the latest. Storage beyond this time is possible. In this case, the IP addresses of the users shall be deleted or alienated so that it is no longer possible to assign them to the accessing client.

e) Information as laid down in Art. 13 II (e) GDPR
We require the data to provide and run our website. You therefore undertake to provide the data to use our website; otherwise, it shall not be possible to do so. You may not object to this.

2. Utilisation of cookies

We use cookies to the following extent on our website.

a) Description and extent of data processing
In addition to the above-mentioned data, cookies shall be stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using. If a user accesses our website, a cookie can be stored on the user's operating system. This cookie contains a characteristic sequence of characters, which allows for clear identification of the browser when the website is called up again.

Our website uses the following types of cookies, the scope and functionality of which we will explain below:

– Transient cookies
– Persistent cookies

Transient cookies are automatically deleted as soon as you close the browser. They include session cookies in particular. They store a session ID, to which different browser enquiries can be assigned to a common session. This is how your computer can be recognised when you return to our website. Session cookies are deleted as soon as you sign off or close the browser.

Persistent cookies are automatically deleted after a preset period of time that may differ from cookie to cookie. You can delete cookies in the settings of your browser.

We use the following cookies:
– DPI cookie: persistent cookie.

b) Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 Para. 1 (f) GDPR.

c) Purpose of data processing
We use this cookie to ensure the use and administration of our website and to provide access to administrators. Therefore, it is a technically necessary cookie. The user data collected shall not be used to create any user profiles.

These purposes are also the basis for our legitimate interest in processing personal data as laid down in Art. 6 Para. 1 (f) GDPR.

d) Duration of storage
Cookies are usually stored on the user's computer and are transmitted to our website by the user. Therefore, you as a user have full control over the use of cookies. If you change the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, you may no longer be able to use our website, or no longer have full use of all the functions of the website.

The cookie we use shall be automatically deleted 1 year after it has been stored.

e) Information as laid down in Art. 13 II (e) GDPR
Use of our cookies is not a statutory or contractual requirement for the supply of the data. This data is also not required to conclude a contract. You are also not obliged to supply this data. However, the use of cookies is mandatory for the provision and operation of the website. If you object to this, you may not use our website, or only use it in a limited capacity.

3. Contacting us via our contact form, e-mail contact, phone, fax

You can contact us via the contact form on our website, by e-mail, phone or fax. In this case, we shall process your data as follows:

a) Description and extent of data processing
If you would like to contact us, you can do so via our contact form on our website, by e-mail, phone or fax. If a user contacts us via the contact form, the data that they enter into the input mask shall be transmitted to us and stored. The data is: e-mail address, possibly your title, first and last name, and your issue. Moreover, the following data shall be stored at the moment of sending the message:

  • The user's IP address.

Alternatively, you may contact us via the provided e-mail address, by phone or fax. In this case, the user's personal data transmitted by e-mail, phone or fax shall be stored.

If the contact is not for the purposes of carrying out precontractual measures and/or fulfilling a contract, the data shall not be transmitted to any third party without your prior consent. The data shall be used by us and our employees exclusively to process the conversation.

If the contact is for the purposes of carrying out pre-contractual measures (in particular, beginning contractual negotiations, initiating or concluding a mandate) and/or fulfilling a contract, we reserve the right to pass the data on to third parties.

The following categories of recipients are deemed to be possible: employees, assignees, payment service providers (in particular, banks and credit institutions), logistics companies, third-party debtors, registration offices, courts and authorities, bailiffs, lawyers and credit agencies.

b) Legal basis for data processing
The legal basis for processing data via the contact form and for processing data transmitted by e-mail, phone or fax shall be Art. 6 Para. 1 (f) GDPR.

Insofar as the contact is necessary to carry out pre-contractual measures at the request of the data subject and/or to fulfil a mandate with us, the legal basis shall be Art. 6 Para. 1 (b) GDPR

c) Purpose of data processing
Personal data sent via the contact form, by e-mail, phone or fax shall be processed solely to help us process the contact request.  It is also in our legitimate interest to store data as laid down in Art. 6 Para. 1 (f) GDPR because it would not be possible to communicate with you without storing said data. The other personal data processed when sending the contact form shall prevent any misuse of the contact form and ensure the safety of our information technology systems.

If the contact is for the purposes of carrying out pre-contractual measures (in particular, beginning contractual negotiations, initiating or concluding a mandate) and/or fulfilling a contract, processing the data shall help us to clarify, justify and carry out the mandate relationship with you.

d) Duration of storage

The data shall be deleted as soon as it is no longer required for the purpose of its collection. Personal data from the input mask of the contact form and data which has been transmitted by e-mail, phone or fax shall be deleted as soon as the respective conversation with the user has ended. The conversation shall be deemed to have ended when the circumstances suggest that the respective issue has been definitively clarified. The additional personal data collected during the sending process shall be deleted after a period of seven days at the latest. The deadline shall start as soon as the conversation has ended.

Insofar as the contact is necessary to carry out pre-contractual measures at the request of the data subject and/or to fulfil a mandate with us, the data shall be stored during the mandate negotiations or for the duration of the client relationship if such a relationship has occurred. After ending the mandate negotiations without mandate justification or if a client relationship occurs after ending the client relationship, we shall check whether we still require your data and if any legal retention periods, in particular as laid down in Section 257 German Commercial Code (HGB) and Section 147 German Fiscal Code (AO), prevent the deletion of said data after a period of 3 years beginning at the end of the year when any mandate negotiations or resulting client relationship end(s).

e) Information as laid down in Art. 13 II (e) GDPR
If you use the contact form or an e-mail only for the purposes of contacting us, you shall not be under any statutory or legal obligation to supply the data. This data shall also not be required to conclude a contract. You shall also not be under any obligation to supply this data. If you object, we shall not be able to contact you and answer your questions.

Insofar as contacting us is necessary to carry out pre-contractual measures at the request of the data subject and/or fulfil a mandate with us, you shall be obliged to supply us with your personal data on the basis of the client relationship. It shall also be necessary to supply the data to justify and implement a client relationship with us. In this case, early deletion of the data shall only be possible if no contractual or legal obligations prevent the deletion of said data.

f) SSL or TLS encryption
Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as any enquiries that you may send us. You will recognise an encrypted connection as the address line of your browser will change from http:// to https:// and the padlock symbol will appear in your browser line. If the SSL or TSL encryption is active, the data that you transmit to us cannot be read by third parties.

V. Rights of the data subject

In the following, we shall inform you about your rights as laid down in Art. 13 II b – d, 14 II c – e GDPR If any personal data concerning you is processed, you shall be deemed the data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:

1. Right to information Art. 15 GDPR

You can ask the controller to confirm whether we will process any personal data concerning you. If such data about you is being processed, you can request information about the following from the controller:

a) the purposes of the data processing;

b) the categories of personal data that are being processed;

c) the recipients or the categories of recipients to whom the concerned personal data has been disclosed or will be disclosed;

d) the planned duration of storage of the personal data concerning you or if specific information about this is not available, the criteria used to determine the duration of storage.

e) the existence of the right to request that the controller corrects or deletes personal data concerning you, the right to restrict the data processing or to object to said data processing;

f) the existence of the right to appeal to a supervisory authority;

g) any available information about the origin of the data if the personal data is not collected from the data subject;

h) the existence of automatic decision-making, including profiling, as laid down in Art. 22 Paras. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the significance and the intended consequences of such processing on the data subject.

You have the right to request information on whether your personal data will be transmitted to any third country or international organisation. In this context, you may request to be informed about the appropriate guarantees as laid down in Art. 46 GDPR in the context of the transmission.

2. Right to correction Art. 16, 19 GDPR

You shall have the right to request that the controller corrects and/or completes the processed personal data which concerns you if it is incorrect or incomplete. The controller shall undertake said correction of the personal data concerning you immediately.

3. Right to restriction of processing Art. 18, 19 GDPR

You may request that the controller restricts the processing of personal data concerning you under the following conditions:

a) if you dispute the accuracy of the personal data concerning you for a period which allows the controller to verify the accuracy of the personal data;

b) the processing is illegal and you object to the deletion of said personal data and instead request the restriction of its use;

c) the controller no longer needs the personal data for the processing purpose, but you need it to enforce, exercise or defend legal claims, or

d) if you have objected to the processing as laid down in Art. 21 Para. 1 GDPR and no definitive decision has been made as to whether the legitimate grounds of the controller outweigh your own.

If the processing of personal data concerning you has been restricted, this data shall – with the exception of storage – only be processed with your consent or to assert, exercise or defend legal claims or for the protection of another natural or legal entity, or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing in accordance with the above-mentioned conditions has been limited, you shall be informed by the controller before the restriction is lifted.

4. Right to deletion Art. 17, 19 GDPR

a) Obligation to delete

You may request that the controller immediately deletes personal data concerning you, and the controller undertakes to do so when one of the following grounds applies:

(1) your personal data is no longer necessary for the purposes that it had been collected or processed in any manner.

(2) You revoke your consent on which the processing was based as laid down in Art. 6 Para. 1 (a) or Art. 9 Para. 2 (a) GDPR and there is no other legal basis for processing said data.

(3) You file an objection against the processing as laid down in Art. 21 Para. 1 GDPR and there are no prevailing legitimate reasons for processing, or you file an objection against the processing as laid down in Art. 21 Para. 2 GDPR.

(4) Your personal data has been processed illegally.

(5) The deletion of your personal data is required to fulfil a legal obligation as laid down in Union or Member State law to which the controller is subject.

(6) Your personal data has been collected in relation to services offered by the information society as laid down in Art. 8 Para. 1 GDPR.

b) Information to third parties

If the controller has published personal data concerning you and if they undertake to delete said data as laid down in Art. 17 Para. 1 GDPR, the controller shall take appropriate measures, even of a technical nature, taking into account the available technology and the costs of implementation to inform the controllers who process the personal data that you as data subject have requested that they delete all links to said personal data or any copies or replications of this personal data.

c) Exceptions

The right to deletion shall not exist as far as the processing is necessary:

(1) to exercise the right to free expression and information;

(2) to fulfil a legal obligation which requires the processing as laid down in Union or Member State law to which the controller is subject to, or to perform a task which is carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the public health sector as laid down in Art. 9 Para. 2 (h) and (i) as well as in Art. 9 Para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes as laid down in Art. 89 Para. 1 GDPR, insofar as the right mentioned under section a) may make it impossible to implement the goals of this processing or may have a significant impact on it, or

(5) to assert, exercise or defend legal claims.

Right to information

If you have enforced your right to correction, deletion or restriction of processing via-à-vis the controller, they undertake to inform all recipients to whom the personal data has been disclosed about this correction or deletion of the data or the restriction of its processing, unless this turns out to be impossible or would involve disproportionate effort.

You shall have the right to obtain information about these recipients from the controller.

5. Right to data portability Art. 20 GDPR

You shall have the right to receive personal data concerning you which you have provided to the controller in a structured, commonly-used and machine-readable format. Moreover, you shall have the right to transmit this data to another controller without any impediment from the controller to whom the personal data has been provided, if

a) the processing is based on consent as laid down in Art. 6 Para. 1 (a) GDPR or Art. 9 Para. 2 (a) GDPR or on a contract as laid down in Art. 6 Para. 1 (b) GDPR and

b) the processing is carried out by automated means.

When exercising this right, you shall also have the right to request that the personal data concerning you is transmitted from one controller to another insofar as this is technically possible. The freedom and the rights of any third person must not be affected.

The right to data portability shall not apply for processing personal data required to perform a task which is carried out in the public interest or in the exercise of official authority vested in the controller;

6. Right to object Art. 21 GDPR 

You shall have the right to object to the processing of your personal data at any time as laid down in Art. 6 Para. 1 (e) or (f) GDPR for reasons due to your particular situation; this shall also apply for profiling based on these provisions.

The controller shall no longer process your personal data, unless they can provide compelling and legitimate reasons for processing which prevail over your interests, rights and your freedom, or the processing shall serve to assert, exercise or defend legal claims.

7. Right to withdraw data protection consent Art. 7 III GDPR

You shall have the right to withdraw your data protection consent at any time as laid down in Art. 6 I (a) or Art. 9 II (a) GDPR. By withdrawing your consent, the lawfulness of the processing on the basis of the consent up until revocation of said consent shall not be affected.

8. Automated decision-making in individual cases, including profiling Art. 22 GDPR

You shall have the right not to be subject to a decision based exclusively on automated processing – including profiling – that shall have a legal effect on you or a significant impact on you in a similar manner. This shall not apply if the decision

a) is necessary to conclude or fulfil a contract between you and the controller,

b) is permitted due to Union or Member State law to which the controller is subject, and if these regulations include appropriate measures to protect your rights, your freedom and your legitimate interests or

c) is made with your explicit consent.

However, these decisions may not be based on special categories of personal data as laid down in Art. 9 Para. 1 GDPR unless Art. 9 Para. 2 (a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedom as well as your legitimate interests.

With regard to the cases mentioned in a) and c), the controller shall take appropriate measures to protect your rights and freedom as well as your legitimate interests, part of which is at least the right to await that the controller expresses their point of view and disputes the decision.

9. Right to complain to a supervisory authority

Without prejudice to any other administrational or legal remedy, you shall have the right to lodge a complaint with a supervisory authority as laid down in Art. 77 GDPR, particularly in the member state of your place of residence or the place of the alleged infringement if you consider that the processing of your data infringes the GDPR.

The supervisory authority where the complaint is lodged shall inform the complainant about the actual situation and the results of the complaint, including the possibility of a judicial remedy as laid down in Art. 78 GDPR.

VI. Information as laid down in Art. 13 II (f), 14 II (g) GDPR

There shall be no automated decision-making.