DATA PROTECTION NOTICE

We take the protection of your personal data very seriously. Processing is performed in compliance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, "BDSG”). Through the information provided here, we would like to give you an overview of how our company processes your personal data, and about your rights under data protection law. Your personal data will not be communicated to any third parties for any purposes other than those described here. We will pass your personal data onto third parties only if:

  • in accordance with Art. 6 (1) 1st sentence point a) GDPR, you have given your explicit consent,
  • in accordance with Art. 6 (1) 1st sentence point f) GDPR , the transfer is necessary for the purposes of legitimate interests and there is nothing to indicate that such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data,
  • in accordance with Art. 6 (1) 1st sentence point c) GDPR, the transfer is necessary for compliance with a legal obligation, and
  • this is lawful and, in accordance with Art. 6 (1) 1st sentence point b) GDPR, is necessary for the performance of a contract with you.
  • In detail:

1. Name and contact data of the controller

This Data Protection Notice applies to data processing performed through the controller:

Controller/contact information of the

Metalix Metallhandel AG
Gurzelenstrasse 5
CH - 4512 Bellach
Tel.: +41 32 617 39 39
Fax.: +41 32 617 39 40
info@metalix.ch
www.metalix.ch

Wieland-Werke AG
Graf-Arco-Strasse 36
89079 Ulm, Germany
Tel.: +49 731 944 0
Fax: +49 731 944 2772
info@wieland.com
www.wieland.com

Controller/contact information of the affiliated companies of the Wieland-Group and of-fices located in Germany and worldwide with their respective contact data are available here.

Data protection inquiries can be sent to the above address, for the attention of the Data Protection Officer, or by email datenschutz@wieland.com.

Our external data protection officer: www.kt-datenschutz.de.

2. Collection and storage of personal data, and the nature and purpose of its use

a) When visiting our website

When you visit our website www.metalix.ch, the browser of your terminal device will automatically send information to our website server. This information will be temporarily stored in a log file. The following information will be recorded without any intervention by you, and stored until it is automatically deleted:

  • Request (file name of the requested file) (such as www.example.de/index.html)
  • Browser type/version (such as Mozilla Firefox 33, Google Chrome, Safari)
  • Browser language (e.g.: German)
  • Applicable operating system (e.g.: Windows 10)
  • Interim resolution of the browser window
  • Screen resolution
  • JavaScript activated: “Yes” or “No”
  • Java on/off
  • Cookies on/off
  • Colour depth
  • Referrer URL (the previously visited page)
  • Truncated IP address for geographical recognition
  • Time of the access (time stamp)
  • Clicks
  • Where applicable, content of forms (in the case of free-text fields, such as “Name” and “Password", only the information “completed” or “not completed” will be communicated).

We will process the specified data for the following purposes:

  • to guarantee smooth access to our website,
  • to ensure our website is userfriendly,
  • for the analysis of system security and stability and
  • other administrative purposes, and in order to
  • detect abuses and eliminate faults

The legal basis for the data processing is Art. 6 (1) 1st sentence point f) GDPR. Our legitimate interest is based on the collection of data as described above. Under no circumstances do we use the collected data to draw conclusions about you personally. In addition, we use cookies and analysis services when you visit our website. You will find further information on the topic under Paragraph 4 and 5 of this Data Protection Notice.

b) When subscribing to our newsletter and white paper

If you have issued your explicit consent in accordance with Art. 6 (1) 1st sentence point a) GDPR, we will use your email address in order to send you our regular newsletter, or to send you a specific white paper. You only need to provide your email address to receive the newsletter. We will also use this for the confirmation mail as part of the double opt-in procedure, to verify that the owner of the email address has agreed to receive the newsletter.

You can cancel your subscription at any time, for example by using the link located at the end of each newsletter. Alternatively, you can of course send your cancellation request by email at any time to newsletter@wieland.com. The data provided to us will only be transferred to our technical service providers and the partner companies that we use to perform the technical processes for sending our newsletter and whitepaper. However, in this case we will restrict the scope of the transferred data to the minimum necessary. Our service provider for delivering the newsletter is the Germany-based company sc-networks.com, which uses the Evalanche software. If the newsletter subscription is cancelled, your email address will be erased from our servers and from the servers of our service provider.

c) When using our contact form

For questions and queries of any kind, we offer you the option of contacting us using the form made available on this website. This requires you to enter a valid email address, in order that we can know who sent the inquiry, and how we can respond to it. Further information can be provided voluntarily. The processing of data for the purposes of making contact with us is performed in accordance with Art. 6 (1) 1st sentence point a) GDPR on the basis of the consent voluntarily provided by you. Once your inquiry has been fully resolved, we will erase the personal data collected using the contact form. This will be the case if the circumstances indicate that the relevant matter has been conclusively clarified, and provided there are no contrary statutory retention obligations.

d) When transferring your data by another means with your consent (Article 6 (1) a) GDPR)

The processing is lawful if you have consented to the processing of your personal data for specific purposes (such as communicating the contact data from your business card within the Wieland Group). Any consent issued may be revoked at any time. This also applies to revoking consents issued before the EU General Data Protection Regulation came into force, i.e. before 25 May 2018. Please note that this cancellation of consent has future effect. Data processing activities performed prior to the cancellation of the consent, are not affected. You may, at any time, contact us using the contact data set out above, to request information concerning the consents you have issued to us, and the personal data that has been processed.

3. Transfer of data

Your personal data will not be communicated to any third parties for any purposes other than those described here. We will pass your personal data onto third parties only if:

  • In accordance with Art. 6 (1) 1st sentence point a) GDPR, you have given your explicit consent,
  • In accordance with Art. 6 (1) 1st sentence point f) GDPR, the transfer is necessary for the purposes of the legitimate interests and there is nothing to indicate that such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data,
  • In accordance with Art. 6 (1) 1st sentence point c) GDPR, the transfer is necessary for compliance with a legal obligation, and
  • This is lawful and, in accordance with Art. 6 (1) 1st sentence point b) GDPR, is necessary for the performance of a contract with you.

If we provide links to thirdparty web pages, this process is performed by opening another browser window on your computer, to which your IP address and the target URL address (i.e. the target address of the destination website) are supplied. We have no knowledge of how these data are subsequently used on the thirdparty website; however, we have only provided links to those we deem to be trusted providers. The assurances contained in this Data Protection Notice therefore do not apply there, of course.

4. Cookies

We use cookies (or “session cookies”) during your visit to individual pages of this website, in order to make it more user-friendly to visit our website. These cookies are small text files that are stored on your hard disk only for the duration of your visit to website, and which are erased once the browser is closed. Cookies do not harm your computer and do not retrieve any of the personal information stored on your hard disk. The data processed by cookies is necessary for specified purposes, in order to fulfil our legitimate interests and those of third parties in accordance with Art. 6 (1) 1st sentence point f) GDPR.

We use the following cookies for web controlling purposes:

  • last click (for session time-out, lifetime: one session)
  • session cookie (for session recognition, lifetime: one session)
  • evercookie (for detecting new/existing customers, lifetime: 60 months/5 years)

The majority of browsers accept cookies when configured as standard. However, you can con-figure your browser’s security settings to block cookies, or configure your browser to notify you when cookies are active. Of course, the data stored in our cookies will not be linked with your personal data (name, address, etc.).

If you do not want cookies to be stored on your computer, you will be asked to switch off the relevant option in your system’s settings. Cookies stored on your computer can erased using the system settings of the browser. Blocking cookies may lead to restrictions in the functions of this online site.

You may opt out of the use of cookies for reach measurement and promotional purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) as well as the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

5. Webtrekk.com tracking analysis tool

We use the services of the German company Webtrekk GmbH, in order to collect data concerning the use of our website and to correspondingly optimise our online service. The tracking measures we employ are carried out on the basis of Art. 6 (1) 1st sentence point f) GDPR. Webtrekk GmbH always takes care that the collection and processing of tracking data is performed in accordance with the latest standards for data protection and data security.

This also ensures that data is not transferred abroad. We use these tracking measures to design our website in line with users’ needs, and to continuously optimise it. The access data is recorded anonymously here, so that no link can be made to a particular user. This is performed particularly through the anonymisation of the IP address. Only authorised persons have access to this anonymised data. These interests are legitimate within the definition of the regulations set out here. Further information on the data protection provided by Webtrekk is available here: https://www.webtrekk.com/de/legal/opt-out-webtrekk/.

6. Content and services from Google Maps and Google Fonts and other third parties

For our online site, we use third-party content and services on the basis of our legitimate inter-est within the definition of Art. 6 (1) point f) GDPR.

In our case, the third-party content or services are maps or fonts from Google that we include on our individual pages (third-party content). This is always conditional on the third-party pro-viders knowing your IP address, as without it they could not be able to send their content to your browser. The IP address is therefore required in order to display such content. We make every effort to only use that content whereby the providers in question only use the IP address for the purpose of delivering the content. Third parties may use “pixel tags” (hidden graphics, also known as “web beacons”) for statistical or marketing purposes. These pixel tags can be used to evaluate information such as visitor traffic to pages on this website. The pseudonymous infor-mation may be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referrer web pages, visit time, and other information regarding the use of our online site. Third-party providers and links to their privacy policies, which contain information on data processing, are listed here. Opt-out methods are available there.

Here are “Infochoices” providing you with transparency and options regarding your Google ac-tivities: https://www.google.com/policies/privacy/#infochoices.

Google Fonts:

The contents are external fonts of Google Inc. that are incorporated into the website: https://www.google.com/fonts (“Google Fonts”). The integration of Google Fonts is carried out via a server request made to Google (usually in the USA). Your browser asks Google servers if there were any changes to the fonts or the CSS file. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

Google Maps:

Google Maps: maps from “Google Maps” provided by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

7. Social media plug-ins

Our website does not include any provider-based social plug-ins to social networks; we only offer links to our profile on Facebook, Xing, LinkedIn and Twitter.

8. Storage, erasure and blocking of data

We process and store personal data in accordance with the principles of data avoidance and data economy, meaning only for the period necessary to achieve the purpose of the storage (such as responding to inquiries, performing contracts) or insofar as prescribed by legal regulations to which our company was subject.

Once the purpose for storage no longer exists, or the applicable statutory storage period has expired, the personal data will be routinely blocked or erased in accordance with the statutory regulations. The storage duration criterion is the relevant statutory retention period.

9. Rights of the data subject

Every data subject has the right,

  • in accordance with Art. 15 GDPR, to obtain confirmation from us whether or not his per-sonal data is being processed. In particular, you may request information about the pur-poses of the processing, the category of the personal data, the categories of recipients to whom your data is or has been disclosed, the planned storage period, the existence of a right of rectification, erasure, to object to or limit the processing of your data, the exist-ence of a right to lodge a complaint, the origin of your data insofar as it was not collect-ed by us, about the existence of an automated decision-making process (including profil-ing) and any significant information regarding the details of this;
  • in accordance with Art. 16 GDPR, to request that any incorrect or incomplete personal data belonging to you and which is stored by us be rectified without delay;
  • in accordance with Art. 17 GDPR, to request that personal data belonging to you, and which is stored by us, be erased insofar as the processing of said data is not required for exercising the right to free expression of opinion and information, for fulfilling a legal requirement, and is not needed on the grounds of public interest or for the purposes of asserting, exercising or defending legal claims;
  • in accordance with Art. 18 GDPR, to request that the processing of your personal data be limited insofar as you dispute the correctness of the data or the processing of said data is unlawful, but you do not wish for the data to be erased; in this case, the data are no longer required by us but are needed by you for the purposes of asserting, exercising or defending legal claims or you have objected to the processing of said data in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to request that your personal data provided to us be made available to you or another authorised party in a structured, standard and ma-chine-readable format;
  • in accordance with Art. 7(3) GDPR, to revoke the consent that you previously provided to us, at any time. This means that in future we will not be permitted to continue pro-cessing the data based on this consent, and
  • to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. For this purpose you can contact the supervisory authority - State Commissioner for Data Protection - for your usual place of residence or work, or that of our company's main of-fice.
  • The restrictions pursuant to Sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply to the right to information and the right to demand erasure of data.

10. Right of objection

Insofar as your personal data is processed based on legitimate interests as defined under Article 6(1) 1st sentence f) GDPR, you have the right - in accordance with Art. 21 GDPR - to object to your personal data being processed, provided that there are grounds pertaining to your particular circumstances or that the objection is directed towards direct advertising. In the latter case, you have a general right of objection, which we will implement without the indication of any special circumstances.

If you wish to exercise your right to revoke consent or your right to object, simply send us an email to dataprotection@wieland.com. You may however us contact using any other informal means.

You can contact our external Data Protection Officer at www.kt-datenschutz.de.

11. Automated decision-making processes, including profiling

In principle we do not use any fully automated decisionmaking process according to Article 22 GDPR for the establishment and performance of business relationships with you. We will separately inform you if this is legally prescribed, and insofar as we use these processes in individual cases.

12. Profiling

We process customer data using a partially automated method, for the purpose of evaluating certain personal aspects (profiling). For example, we use this method in the following cases: statutory regulations mean we are duty bound to combat money laundering and fraud. In this context, data analyses are performed in the area of payment transactions; this is also for your protection. It is only possible to send targeted information to our customers and to provide them with targeted advice about our frequently highly technical applications, if we are able to use suitable analysis tools, which enable us to deliver needs-based and customer-friendly communications, information and advertising, including market and opinion surveys. We may use scoring procedures for assessing the creditworthiness of our customers. At this point, mathematical-statistical methods are employed to calculate a probability, which enables the risk of non-payment to be assessed. Apart from the business relationship history with the company to date, information is also obtained on the contractually-compliant repayment of previous loans, as well as reports for credit agencies.

Information on the right to object in accordance with Article 21 EU General Data Protec-tion Regulation (GDPR)

1. Right to object in individual cases

For reasons pertaining to your particular situation, you have the right, at any time, to object to the processing of your personal data if this is based on Article 6 (1) point e GDPR (processing carried out in the public interest) and Article 6 (1) point f) GDPR (processing based on a weigh-ing-up of interests); this also applies to profiling within the definition of Article 4 (4) GDPR, which relies on this provision.

If you raise an objection, we will refrain from processing your personal data any further, unless we are able to present an imperative legitimate interest for the processing, which overrides your interests, rights and freedoms, of if the processing serves the purposes of asserting, exercising or defending legal claims.

2. Right to object to the processing of data for advertising purposes

In individual cases, but only if we are entitled to do so, we will process your personal data for the purpose of direct advertising. You have the right, at any time, to object to the processing of your personal data for the purposes of such advertising; this also applies to profiling activities, if this is linked with this type of direct advertising. If you raise an objection to processing for the purposes of direct advertising, we will no longer use your personal data for these purposes.

Your objection is not subject to any formalities and should be preferably sent to datenschutz@wieland.com. However, you can contact us by other means.

13. Other data protection queries

If you are unable to find answers here to any other questions, comments or queries regarding your personal data you may have, please contact us at: datenschutz@wieland.com, or contact our Data Protection Officer.