SAHM GmbH + Co. KG
Phone: +49 26 24 1 88 0
Fax: +49 26 24 1 88 11
We are delighted that you are visiting our website. Your privacy and, by association, protection of your personal data are important to us. This is why our business operations comply with the applicable legal regulations relating to data protection and data security. We are very keen to ensure that you feel safe visiting our website. This is why both we and our data protection officer ensure compliance with the stipulations under data protection legislation.
We are aware of the significance of the data you entrust us with and would like to inform you of the following:
In simplified terms, “processing” under the terms of Art. 28 of the General Data Protection Regulation (GDPR) is understood to mean a service where personal data is collected, processed and/or used by a service provider (processor according to the GDPR) on the behalf of and under the instruction of the “controller”. Before an order such as this is placed with a service provider, we conclude a special contract with the service provider and implement other measures to protect your personal data.
“Cookies” are small text files which are stored on your terminal device (e.g. computer or smartphone) and save certain settings and data concerning exchange with our system through your browser. A cookie usually contains the name of the visited web page from which the cookie data was sent, information about how old the cookie is, and an alphanumerical ID. Cookies enable the systems to recognise the user’s device and make any default settings immediately available.
A third party is any natural or legal person or agency other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process personal data, cf. Art. 4, Para. 10 of the GDPR. A person is not, therefore, considered a third party if, for example, personal data is disclosed to a service provider during the course of processing according to Art. 28 of the GDPR.
IP addresses are numerical sequences which can be assigned to individual IT devices or a group. In a similar way to postal addresses, the IP is used to be able to assign data to the correct recipient.
“Personal data” is understood to mean all information which relates to an identified or identifiable natural person, particularly their first name and surname, date of birth, email address, postal address, and bank and payment details, as well as health data, cf. Art. 4, Para. 1 of the GDPR.
The “controller” according to Art. 4, Para. 7 of the GDPR is any person or agency who, either alone or together with others, decides on the purposes and means of personal data processing. (In this situation: the website operator).
The controller in relation to your personal data on this website is:
SAHM GmbH + Co. KG
Phone: +49 26 24 1 88 0
Fax: +49 26 24 1 88 11
If an agency other than the one mentioned above is the “controller” under the terms of the General Data Protection Regulation, you shall be explicitly and separately informed to this effect, if this is not obvious.
Every time this website is accessed, data is logged automatically; this also applies to file retrieval (log data). For this purpose, we or the hosting provider (see section 4.2) collect and use the technically necessary data to make the website available to you. The technically necessary data transmitted by your browser includes: browser type / browser version, the operating system used, the referrer URL, the pages accessed, the IP address, and the date and time of access.
This data is required to ensure the functionality of the website and to make your visit to this website as pleasant as possible. We reserve the right to analyse the logged data specifically for the purpose of data security. We do not use the technically necessary data to create individual profiles which provide information about your personalised user behaviour. The log data is not linked or merged with other sources of data.
The legal basis for processing the described data – if it is personal – is Art. 6, Para. 1, lit. f of the GDPR. Our legitimate interest is to offer you an appealing, user-friendly and technically functional website.
In accordance with Art. 6 Para. 1 lit. f GDPR, the data processing is based on our legitimate interest in having a user-friendly design of our website and to enable us to optimise our online offering.
If you contact us by email, fax, phone or post, we use your details for contact purposes and to process and respond to your request in a purpose-related manner. Your data is not disclosed to third parties. Your information shall be deleted within an appropriate period of time following completion of our processing activities, provided that there are no other legal regulations to the contrary and your request does not serve the purpose of preparation to conclude a contract.
The legal basis for processing is Art. 6, Para. 1, lit. f of the GDPR. Our legitimate interest lies in appropriately responding to and processing your request. If your request serves the purpose of preparing / initiating the process of concluding a contract with you, Art. 6, Para. 1, lit. b of the GDPR forms an alternative legal basis.
We collect and use your data in line with the legal requirements and only for our own purposes. Disclosure to “third parties” does not take place unless there is a legal obligation to this effect, you have given your consent to such disclosure, or disclosure is necessary to fulfil a contract concluded between you and ourselves.
Insofar as we engage other service providers to enable provision of the products and services we offer and potentially grant such service providers necessary access to your data, we have naturally concluded a commissioned data processing contract (known as a “CDP contract” for short) according to Art. 28 of the GDPR with our commissioned data processing service providers (known as “processors” for short). We also still remain responsible for protecting your data. By concluding the contract, the engaged service providers shall not be considered “third parties”.
We have entrusted Formrausch GmbH (Schenkendorfstraße 22, 56068 Koblenz) with the management of our online presence.
Salesforce.com, Inc. is certified under the Privacy Shield Agreement and is committed to European data protection standards. ( https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active
Third-party contents, such as YouTube or Vimeo videos, Google Maps map materials, RSS feeds or graphics from other websites may be integrated into this website based on our legitimate interests (i.e. our interest in analysing, optimising and commercially running our website under the terms of Art. 6, Para. 1, lit. f. of the GDPR). This always requires the provider of such content (hereinafter referred to as the “third-party provider”) to record the user’s IP address. This is because they would generally be unable to send the content to the respective user’s browser without the IP address. The IP address is therefore required to show this content. We strive to only use content from such providers who only use the IP address to deliver content. However, we have no control over whether third-party providers save the IP address for statistical purposes, for example. We shall inform users to this effect as soon as we become aware of such practices.
Social networks and platforms We use a number of social networks and platforms to inform customers and interested parties who are active in the respective networks about our offers and to communicate with them. We use the social media networks / platforms exclusively within the scope of our presence on these sites.
The processing of personal data in the context of social media use also includes processing purposes for market research, advertising and the collection of statistical data. The social media providers can create usage profiles based on usage behaviour (tracking) and use these, among other things, to display interest-based advertising and provide the operator of a social media channel with statistical data on the usage of the services. To record user behaviour and to create and store user profiles, cookies are usually set by the social media service provider and stored on the user’s devices. If you have an account with a social media service and are registered/logged in to it, usage data may be collected and stored regardless of the device you use.
The processing of your personal user data and the data for statistical evaluation of use is based on our legitimate interests (in accordance with Art. 6 Para. 1 lit. f GDPR) in effective user information and communication.
Further information on the scope of the processing of personal data by social media providers, the processing purposes, the deletion periods, the legal basis of the processing as well as your rights and the possibility of adjusting specific settings (opting out), can be found in the data protection notices of the respective social media service providers listed below.
If you wish to obtain information about the processing of your personal data in connection with social media services or to assert your data rights in this context, we would like to point out that this is most effectively possible if you address your request directly to the respective service provider. If you wish to assert your request for information or other rights against us, we will be happy to forward your request to the service provider, as they have access to the relevant user data and can take measures in accordance with your user rights.
When using social media services, the processing of personal user data outside the European Union (EU) cannot be ruled out. The processing of personal data outside the EU involves fundamental risks with regard to the enforcement of the rights of the persons concerned and the maintenance of the general protection goals of data protection. The social media service providers we use regularly process personal data in the USA, i.e. outside the EU. If the US providers used are certified under the EU–US Privacy Shield, they have thus undertaken to comply with EU data protection standards.
Additional information on data protection (external links) of the social media services we use:
We use ‘Facebook’ and ‘Instagram’, provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (parent company: Facebook, Inc., 1601 Willow Road, Menlo Park, California, 94025, USA):
Your personal data is deleted provided that there are no legal retention requirements to the contrary and if you have asserted a claim for deletion, if the data is no longer required to fulfil the purpose pursued by storage, or if storage of the data is impermissible on other legal grounds.
We would like to explain to you that security loopholes can occur during data transmission over the Internet (e.g. via email). We cannot, therefore, offer complete protection against access by third parties. We back up our IT systems (including the web pages / website) using what are known as technical and organisational measures (known as “TOMs” for short) to protect against unwanted: access, admission, disclosure, entry, loss, dissemination, destruction and alternation by unauthorised individuals.
Your personal data is transmitted securely over the Internet using the Transport Layer Security coding system (256-bit TLS encryption).
The contact for protecting your rights as a data subject is our external data protection officer (see below for contact details).
Under the legal requirements set forth in Art. 15 of the GDPR, you can naturally and at any time request information as to whether we process personal data about you. If we do process personal data about you, you can request information about the circumstances and form of processing, and more detailed information about the processed data.
According to Art. 16 of the GDPR, you can request that incorrect information about you be corrected if you cannot make the change yourself.
Under the legal requirements set forth in Art. 17 of the GDPR, you are entitled to request that we delete personal data concerning you without delay. To name but a few examples, the right to deletion does not exist if processing of the personal data is necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation to which we are subject (e.g. legal retention requirements), or for establishing, exercising or defending legal claims.
According to Art. 18 of the GDPR, you can request that processing of your personal data be restricted.
Under the requirements set forth in Art. 20 of the GDPR, you are entitled to request that we provide you with the personal data concerning you which we process in a structured, common and machine-readable format.
Under the requirements set forth in Art. 21 of the GDPR, you have the right to object to the processing of your personal data and request that we stop our processing activities. The right to object only exists to the extent stipulated by law. Legitimate interests necessitating further processing may be in conflict with your objection.
According to Art. 7, Para. 3 of the GDPR, you can revoke the consent you granted with respect to processing of your personal data at any time and with effect for the future, without incurring any costs exceeding the transmission costs according to the basic tariffs.
According to Art. 19 of the GDPR, we are obligated to inform all recipients to whom personal data was disclosed of corrections, deletions and restrictions on processing with regard to your personal data. Exceptions to this rule may exist in this regard if doing so is impossible or would involve a disproportionate effort. We shall provide you with information about these recipients upon request.
We also guarantee your rights according to Art. 22 of the GDPR. You or your data do not, therefore, form the subject matter of decisions based on automated processing – including profiling – on our website.
If you would like to assert your rights as a data subject, such as your right to delete or block data, please contact our data protection officer – preferably in writing – with sufficient identification:
Brands Consulting | Data Protection & Consulting
Mr Bernhard Brands
Auf dem Hahn 11
D-56412 Niedererbach (Westerwald)
Alternatively, you are also more than welcome to contact the data protection officer using SAHM GmbH + Co. KG’s address:
Data protection officer – personal –
SAHM GmbH + Co. KG
We are not liable for external links and third-party sites made accessible in this way. We would further like to point out that the information provided on this website is only for information procurement purposes and does not aim to produce any legal binding effect.
Last updated: 26.02.2020