Privacy policy

SAHM GmbH + Co. KG

Westerwaldstraße 13
56203 Höhr-Grenzhausen
Phone: +49 26 24 1 88 0
Fax: +49 26 24 1 88 11
Email: sahm@sahm.de

We are delighted that you are visiting our website. Your privacy and, by association, protection of your personal data are important to us. This is why our business operations comply with the applicable legal regulations relating to data protection and data security. We are very keen to ensure that you feel safe visiting our website. This is why both we and our data protection officer ensure compliance with the stipulations under data protection legislation.

We are aware of the significance of the data you entrust us with and would like to inform you of the following:

Please read through the explanations below carefully. You can contact our data protection officer if you have any questions. You will find the contact details further on in this privacy policy.

1. Definitions

Data protection is a complex topic. We have compiled some fundamental terms and definitions to make it easier for you to understand this privacy policy.

In simplified terms, “processing” under the terms of Art. 28 of the General Data Protection Regulation (GDPR) is understood to mean a service where personal data is collected, processed and/or used by a service provider (processor according to the GDPR) on the behalf of and under the instruction of the “controller”. Before an order such as this is placed with a service provider, we conclude a special contract with the service provider and implement other measures to protect your personal data.

“Cookies” are small text files which are stored on your terminal device (e.g. computer or smartphone) and save certain settings and data concerning exchange with our system through your browser. A cookie usually contains the name of the visited web page from which the cookie data was sent, information about how old the cookie is, and an alphanumerical ID. Cookies enable the systems to recognise the user’s device and make any default settings immediately available.

A third party is any natural or legal person or agency other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process personal data, cf. Art. 4, Para. 10 of the GDPR. A person is not, therefore, considered a third party if, for example, personal data is disclosed to a service provider during the course of processing according to Art. 28 of the GDPR.

IP addresses are numerical sequences which can be assigned to individual IT devices or a group. In a similar way to postal addresses, the IP is used to be able to assign data to the correct recipient.

“Personal data” is understood to mean all information which relates to an identified or identifiable natural person, particularly their first name and surname, date of birth, email address, postal address, and bank and payment details, as well as health data, cf. Art. 4, Para. 1 of the GDPR.

The “controller” according to Art. 4, Para. 7 of the GDPR is any person or agency who, either alone or together with others, decides on the purposes and means of personal data processing. (In this situation: the website operator).

2. Controller

The controller in relation to your personal data on this website is:

SAHM GmbH + Co. KG

Westerwaldstraße 13
56203 Höhr-Grenzhausen
Phone: +49 26 24 1 88 0
Fax: +49 26 24 1 88 11
Email: sahm@sahm.de

If an agency other than the one mentioned above is the “controller” under the terms of the General Data Protection Regulation, you shall be explicitly and separately informed to this effect, if this is not obvious.

3. Using the website / log files

Every time this website is accessed, data is logged automatically; this also applies to file retrieval (log data). In this regard, we collect and use the technically necessary data in order to make the website available to you. The technically necessary data transmitted to our web server by your browser includes the following: browser type / browser version, the operating system used, the referrer URL, the pages accessed, the IP address, and the date and time of access.

We need this data to ensure the website’s functionality and to make your visit to this website as pleasant as possible. We reserve the right to analyse the logged data specifically for the purpose of data security. We do not use the technically necessary data to create individual profiles which provide information about your personalised user behaviour. The log data is not linked or merged with other sources of data.

The legal basis for processing the described data – if it is personal – is Art. 6, Para. 1, lit. f of the GDPR. Our legitimate interest is to offer you an appealing, user-friendly and technically functional website.

3.1. Cookies

We use cookies to make it easier for you to use our site. To this end, we firstly use what are known as “session cookies”, which are automatically deleted once the browser session is ended. Secondly, we also use cookies which are stored on your terminal device for a longer period of time and are used to save information about you and your preferences with regard to our website for any visits you might make to our website in future. The collected information relates to technical information such as your browser, a time stamp and a unique ID. Almost all browsers permit general blocking of cookies, the deletion of set cookies or a warning function to prevent / manage the setting of cookies. For more information about the browser settings you can make to manage the setting and administration of cookies, please refer to your browser’s Help file or further instructions issued by your browser provider. Please note that blocking cookies can lead to you being unable to use our website, or to you using it, but with restrictions. Our external data protection officer provides you with guidelines entitled “Receiving alerts for, removing and deleting cookies – data protection with Firefox, Safari, Chrome, Internet Explorer, etc.” on their website (note: external link). If you use another browser, you can also find out about cookies on your browser provider’s website. As a precaution, we have also provided information about the use of cookies when you visit this website.

3.2. Communication by email, phone or fax, or using the contact form

If you contact us by email, fax, phone or post, we use your details for contact purposes and to process and respond to your request in a purpose-related manner. Your data is not disclosed to third parties. Your information shall be deleted within an appropriate period of time following completion of our processing activities, provided that there are no other legal regulations to the contrary and your request does not serve the purpose of preparation to conclude a contract.

The legal basis for processing is Art. 6, Para. 1, lit. f of the GDPR. Our legitimate interest lies in appropriately responding to and processing your request. If your request serves the purpose of preparing / initiating the process of concluding a contract with you, Art. 6, Para. 1, lit. b of the GDPR forms an alternative legal basis.

4. Disclosing your data, using service providers

We collect and use your data in line with the legal requirements and only for our own purposes. Disclosure to “third parties” does not take place unless there is a legal obligation to this effect, you have given your consent to such disclosure, or disclosure is necessary to fulfil a contract concluded between you and ourselves.

Insofar as we engage other service providers to enable provision of the products and services we offer and potentially grant such service providers necessary access to your data, we have naturally concluded a commissioned data processing contract (known as a “CDP contract” for short) according to Art. 28 of the GDPR with our commissioned data processing service providers (known as “processors” for short). We also still remain responsible for protecting your data. By concluding the contract, the engaged service providers shall not be considered “third parties”.

5. Integration of third-party services and contents

5.1. General

Third-party contents, such as YouTube or Vimeo videos, Google Maps map materials, RSS feeds or graphics from other websites may be integrated into this website based on our legitimate interests (i.e. our interest in analysing, optimising and commercially running our website under the terms of Art. 6, Para. 1, lit. f. of the GDPR). This always requires the provider of such content (hereinafter referred to as the “third-party provider”) to record the user’s IP address. This is because they would generally be unable to send the content to the respective user’s browser without the IP address. The IP address is therefore required to show this content. We strive to only use content from such providers who only use the IP address to deliver content. However, we have no control over whether third-party providers save the IP address for statistical purposes, for example. We shall inform users to this effect as soon as we become aware of such practices.

5.2. Use of Typotheque’s web fonts

We integrate fonts (web fonts) provided by Typotheque VOF (Zwaardstraat 16, 2584 TX The Hague, The Netherlands). When our website is accessed, your browser loads the required web fonts to your browser cache to display texts and font types correctly. This always requires Typotheque VOF to record your IP address, because the contents cannot be sent to your browser without the IP address. The IP address is therefore required to show this content. You can read details about Typotheque VOF’s data processing practices in the Typotheque VOF privacy policy: https://www.typotheque.com/ordering/privacy

6. Duration of data use / retention

Your personal data is deleted provided that there are no legal retention requirements to the contrary and if you have asserted a claim for deletion, if the data is no longer required to fulfil the purpose pursued by storage, or if storage of the data is impermissible on other legal grounds.

7. Place of data use

Your data is generally processed in Germany. In exceptional cases, information which you transmit to us may be stored on servers within the European Union (EU). We shall notify you accordingly if we deviate from this regulation as the “controller”.

8. Data security / secure data transmission

We would like to explain to you that security loopholes can occur during data transmission over the Internet (e.g. via email). We cannot, therefore, offer complete protection against access by third parties. We back up our IT systems (including the web pages / website) using what are known as technical and organisational measures (known as “TOMs” for short) to protect against unwanted: access, admission, disclosure, entry, loss, dissemination, destruction and alternation by unauthorised individuals.

Your personal data is transmitted over the Internet in encrypted format using the Secure Socket Layer coding system (256-bit SSL encryption).

9. Rights of the data subject / data protection officer

9.1. Right of access

Under the legal requirements set forth in Art. 15 of the GDPR, you can naturally and at any time request information as to whether we process personal data about you. If we do process personal data about you, you can request information about the circumstances and form of processing, and more detailed information about the processed data.

9.2. Right to correction

According to Art. 16 of the GDPR, you can request that incorrect information about you be corrected if you cannot make the change yourself.

9.3. Right to deletion

Under the legal requirements set forth in Art. 17 of the GDPR, you are entitled to request that we delete personal data concerning you without delay. To name but a few examples, the right to deletion does not exist if processing of the personal data is necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation to which we are subject (e.g. legal retention requirements), or for establishing, exercising or defending legal claims.

9.4. Right to restriction of processing

According to Art. 18 of the GDPR, you can request that processing of your personal data be restricted.

9.5. Right to data portability

Under the requirements set forth in Art. 20 of the GDPR, you are entitled to request that we provide you with the personal data concerning you which we process in a structured, common and machine-readable format.

9.6. Right to object

Under the requirements set forth in Art. 21 of the GDPR, you have the right to object to the processing of your personal data and request that we stop our processing activities. The right to object only exists to the extent stipulated by law. Legitimate interests necessitating further processing may be in conflict with your objection.

9.7. Right of revocation

According to Art. 7, Para. 3 of the GDPR, you can revoke the consent you granted with respect to processing of your personal data at any time and with effect for the future, without incurring any costs exceeding the transmission costs according to the basic tariffs.

9.8. Duty to notify

According to Art. 19 of the GDPR, we are obligated to inform all recipients to whom personal data was disclosed of corrections, deletions and restrictions on processing with regard to your personal data. Exceptions to this rule may exist in this regard if doing so is impossible or would involve a disproportionate effort. We shall provide you with information about these recipients upon request.

9.9. Automated individual decision-making, including profiling

We also guarantee your rights according to Art. 22 of the GDPR. You or your data do not, therefore, form the subject matter of decisions based on automated processing – including profiling – on our website.

9.10. Right to lodge complaints / supervisory authority

According to Art. 77 of the GDPR, you have the right to lodge complaints with a supervisory authority or a competent agency if you have grounds to do so, particularly if you suspect that processing of your personal data is not in accordance with the legal requirements and the stipulations set forth in this privacy policy.

9.11. Data protection officer

If you would like to assert your rights as a data subject, such as your right to delete or block data, please contact our data protection officer – preferably in writing – with sufficient identification:

Brands Consulting | Data Protection & Consulting
Mr Bernhard Brands
Auf dem Hahn 11
D-56412 Niedererbach (Westerwald)
Website: https://brands-consulting.eu
Email: Sahm@Brands-Consulting.eu

Alternatively, you are also more than welcome to contact the data protection officer using SAHM GmbH + Co. KG’s address:

Data protection officer – personal –
SAHM GmbH + Co. KG
Westerwaldstraße 13
56203 Höhr-Grenzhausen

10. External links and information on the website

We are not liable for external links and third-party sites made accessible in this way. We would further like to point out that the information provided on this website is only for information procurement purposes and does not aim to produce any legal binding effect.

11. Amendments to the privacy policy

To name but a few examples, technological advancement, legal requirements or even modified processes can have an impact on this privacy policy. We therefore reserve the right to amend this privacy policy at any time with effect for the future. You will find the current version of the privacy policy on this website. Please visit the Home page regularly to find out about the applicable provisions.

Last updated: 24.07.2018