We, viastore SYSTEMS GmbH (hereinafter referred to as "viastore") are pleased to welcome you to our website and about your interest in our company, products and services. We take the protection of your personal data seriously and treat it with utmost confidentiality.
Your personal data is processed exclusively in compliance with the legal provisions under the European Union's data protection law, the General Data Protection Regulation (hereinafter referred to as "GDPR") in particular and supplementary to the German Data Protection Act (new).
The purpose of this privacy statement is to inform you of how your personal data is processed and about your rights as the data subject to the extent that you use our website. The terms used, such as "personal data" or "processing" are in accordance with the definitions provided in Art. 4 GDPR.
1. Controller and Data Protection Officer
The controller for data processing as understood under the data protection laws is viastore SYSTEMS GmbH, Magirusstrasse 13, 70469 Stuttgart, Germany. View our Legal page by clicking here.
Please do not hesitate to contact us with questions or suggestions relating to data protection by clicking on the firstname.lastname@example.org.
Our data protection officer can be reached as follows:
Dr. Oliver Meyer-van Raay
Rechtsanwalt, Fachanwalt für IT-Recht
Ludwig-Erhard-Allee 6, 76131 Karlsruhe
2. Subject matter and principles of data protection
Subject matter of data protection relates to personal data. This includes all information relating to an identified or identifiable natural person ("data subject"). Among such information are, for example, details such as the name, postal address, e-mail address or phone number, but also information which is necessarily created during the use of our website, such as details about the beginning, ending and extent of use as well as the transmitted IP address.
We process personal data in compliance with relevant data protection provisions. This means that your data is only processed by us if consent or legal permission is given, for example if, in order to provide our contractual services (such as the processing of orders), data processing is necessary or legally required or by reason of our legitimate interests as understood under Art. 6 (1f) GDPR (for example, our interest in the analysis, optimization and secure operation of our online web pages).
We take organizational, contractual and technical security measures based on the state of technology to ensure compliance with data protection regulations and in order to protect the data that we process against accidental or deliberate manipulation, loss, destruction and/or access by unauthorized persons.
3. Data Processing When Visiting our web pages
Generally, use of our web pages does not require the visitor to register or to provide personal data. Even if you use our web pages for purely informational purposes, personal data may also be collected and processed automatically. Below is an overview of the type, scope, purposes and legal principles of the data processed on our web pages.
a. Staging of our web pages
When you access our website from your end device, the following data is automatically collected and processed by us in the server log files.
- Date and time the website was accessed;
- Type of end device;
- Operating system used;
- The functions that you use;
- Volume of sent data;
- Referrer URL;
- Domain name
- IP address
- Status code of the server for a request (e.g. 404 etc.)
We process this data on the basis of our legitimate interests as defined under Art. 6 (1f) GDPR, meaning in order to stage and display the web pages, to ensure and maintain technical operation, for the purpose of detecting and eliminating faults and for security reasons (such as to clarify misuse or cases of fraud). This data is automatically processed when our website is pulled up. Without the provision of this data, you would not be able to use our web pages. We do not use this data for the purpose of establishing your identity.
As a rule, the data collected is deleted after seven days, unless we need it longer for any of the purposes specified above in exceptional cases. In those cases, we delete the data without delay after the purpose has ceased to exist.
Some cookies we use because they are absolutely necessary for our website and its functions to be able to work properly. These cookies are stored automatically when our website is pulled up or a certain function is run, unless you have prevented cookies from being set by making the relevant adjustments in your browser. In contrast, cookies that are not absolutely necessary are stored in order to improve the comfort and performance of our web pages, for example, or to store certain settings that you made. We also use these kinds of cookies to determine information on how often certain areas of our web pages are accessed, so that we can tune them more specifically to your needs in the future.
Most of the cookies are only needed for the duration of the current service in use or of your session and is then deleted again or loses its validity as soon as you have closed our website or your current session has expired ("session cookies"). Only in individual cases are cookies stored for a longer period of time, for example in order to recognize you the next time to pull up our website in the future and in order to be able to open the stored settings ("persistent cookies"). This allows you to be able to access our website more quickly and comfortably without having to make certain settings again. Persistent cookies are deleted automatically after expiration of a pre-defined period of time, which may vary depending on the type of cookie and its function when you visit the page or the domain that the cookie belongs to.
Accepting cookies is not mandatory when using our web pages. If you do not want cookies to be used, you can make the relevant settings in your browser that will prevent cookies from being stored on your end device or you can use the separate opt-out options. Please keep in mind that this may limit the functional capability and the scope of functions on our web pages. You can delete stored cookies in the system settings of your browser at any time. An overview of the currently used cookies can be found at here.
c. Google Analytics
Google will process the information transmitted on our behalf in order to evaluate the users' utilization of our online content and to generate reports for us on the activities within the online content and on other services associated with the use of our web pages. In the process, pseudonym user profiles of the users may be created.
We only use Google Analytics with the IP anonymization feature enabled. What this means is that the user's IP address is abbreviated by Google within the Member States of the European Union or in other contracting parties to the agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there. The IP address transferred by your browser is not combined with any other Google data. You can prevent cookies from being stored by making an adjustment in your browser software. Moreover, you can also prevent the data created by the cookie that relates to your use of the web pages from being generated by downloading and installing the browser plug-in available from the following link.
You can find more information on the use of data by Google, adjustments and opt-out options on the Google websites, by clicking on the following link: http://www.google.de/intl/de/policies/privacy/.
d. Social media plug-ins
We have integrated the following social media plug-ins on our web pages: Facebook, Google+ (only FR), Twitter and LinkedIn. You can recognize the plug-ins' provider by the first few letters or by the logo of the corresponding icon or button. Here, we mainly make use of the so-called two-click solution, i.e. when you visit our web pages, initially no personal data is shared with the plug-in provider. Only by clicking on the highlighted icon, thus enabling it, does the plug-in provider receive the information that you have pulled up the relevant webpage on our website. At some places in the website, e.g. in the News segment, we also use Sharrif. Shariff is an open-source program that was developed by c’t and heise online. In contrast to usual Share buttons, it does not track a visitor at the start of a visit to the website. The Shariff button does not establish the direct contact between the social network and the visitor until the visitor actively clicks on the Share button. That way, Shariff prevents that you leave a digital trace on every visited website, thus improving data protection for you.
The content of the plug-in is then transferred by the relevant provider directly to your end device to be displayed. In return, personal data, particularly you IP address, is transferred by your end device to the plug-in provider. So when you activate the plug-in, your personal data is transferred to the plug-in provider and stored there (in the United States where this relates to US providers). However, in some cases the IP address is abbreviated by the providers before they are transferred. We have no influence on the data collected and the data processing methods, nor are we knowledgeable about the full scope of the data collection, the processing purposes, nor the storage deadlines. We also have no information on how the collected data is erased by the plug-in provider.
The plug-in provider stores the data it collected on you in the form of user profiles and uses the data for advertising purposes, for market research and/or for the needs-based design of its web pages. An analysis of this kind is done particularly in order to display needs-based advertising and to inform other users on the social network about your activities on our web pages. You have the right to opt out of having these user profiles created, however in order to exercise this right, you must contact the respective plug-in provider. We offer you the option with the plug-ins to interact with the social networks and other users, which allows us to improve our web pages and to improve their design to make them more interesting for you as the user. Accordingly, data is processed on the basis of our legitimate interests as defined in Art. 6 (1f) GDPR, i.e. our interests in the analysis, the optimization and improvement of our website, especially to make it possible and easier for you to use social networks to share specific content from our website.
Data sharing takes place irrespective of whether you have an account with the plug-in provider and are logged in there. When you are logged into the plug-in provider, your data is assigned directly to the account that you have with your plug-in provider. By pressing the activated icon and linking the page, for example, the plug-in provider stores this information in your user account as well and publicly notifies your contacts about this.
More information on the purpose and extent that data is collected and how it is processed by the plug-in provider can be found in the privacy statements of these providers issued in the following; in them, you will also receive additional information on your rights in this regard and the opt-out options available to you to protect your privacy.
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA:
- (Facebook is subject to the EU-US Privacy-Shield)
- Google LLC, 1600 Amphitheater Parkway, Mountainview, California 94043, USA:
- (Google is subject to the EU-US Privacy-Shield)
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
- Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA:
- (Twitter is subject to the EU-US Privacy-Shield)
- Xing AG, Gänsemarkt 43, 20354 Hamburg, DE:
e. Integration of YouTube videos
We have integrated YouTube videos on our website which are hosted by YouTube, but which you can play directly on our website. YouTube is a Google product. Not until you play the videos is data transferred. We have no influence on this data transfer. The videos are all integrated in the 'expanded data protection mode,' i.e. according to YouTube if you do not play the videos, no data about you as the user is transmitted to YouTube." If you do not want the information collected and transmitted to be assigned to your YouTube or Google profile, you must log out before you play the video. YouTube stores your data in the form of user profiles and uses the data for advertising purposes, market researches and/or for the needs-based design of its products. You can find more information on data processing and notes about data protection by YouTube or Google under www.google.de/intl/de/policies/privacy/.
4. Services, newsletters, contact forms, event registrations, etc. that do not require registration
In addition to the purely informational use of our website, we offer several services or functions that may be of interest to you. To use them, you will generally be required to provide additional personal data, which we use to render the relevant service or function as described below.
a. Contacting us
If you provide us with personal data via e-mail or using a contact form, this will always be on a voluntary basis. Your information is used by us to process your contact request and to process it pursuant to Art. 6 (1b) GDPR and may in this context also be shared with affiliated companies or third parties. The details may also in thus far be stored by us in our Customer Relationship Management (CRM) system. We erase the data you provided us with as soon as the collection purpose has been completely eliminated and no other legal principle applies (such as further processing of the data is or becomes necessary in order to fulfill a concluded contract). Insofar as legal storage obligations exist, we will not erase the data until the relevant deadlines have expired.
If users leave comments on our website or post any other information, their IP addresses are stored for seven days on the basis of our legitimate interests as defined under Art. 6 (1f) GDPR. We do this for our security in case someone leaves illegal content in the comments or posts (insults, prohibited political propaganda, etc.). In this case, we ourselves could be legally responsible for the comment or post, which is why the identity of the author is of interest to us.
b. viastore information distribution list, newsletter, customer magazine, event invitations, etc.
There is an option on our website to subscribe to the viastore information distributor. We send newsletters, e-mails, invitations to trade shows and events (hereinafter referred to as "information distributor") electronically and/or via postal mail with advertising information on our products, services, sales and about our company. In the notes below, we will clarify the methods used for subscribing, sending and statistical analysis as well as the rights that you have in connection with this.
By registering to be included on one or more information distributors, you declare your consent to the receipt of the requested information and the methods described. Inclusion in our information distributor is based on a "double opt-in method". This means, after subscribing, you receive an e-mail asking you to confirm your subscription. This confirmation is necessary so that no one else can subscribe using a false address. The requests to be added to the distributor are recorded in order to be able to demonstrate the consent process according to legal requirements. The registration process is recorded on the basis of our legitimate interests pursuant to Art. 6 (1f) GDPR in operating a user-friendly and secure information system.
You may revoke your consent to receiving our information at any time, particularly by unsubscribing from the respective information distributor, the newsletter, for example. You can find an unsubscribe link to exercise this right at the end of each newsletter. If you have only subscribed to our newsletter, we will erase your personal data in the event that you unsubscribe.
Statistical surveys and analyses - newsletters sent by e-mail include image files with "tracking pixels", which are pulled up by the mail server when the newsletter is opened. In the process of pulling them up, initially technical information, such as information about the browser and your system is collected, as well as your IP address and the time the newsletter is opened. This information is used to technically improve the service based on the technical data or the target group and their reading habits based on the locations where the newsletter is opened (which can be determined with the IP address) or the access times. Also included in the statistical surveys is the determination as to whether the newsletters are being opened, when they are opened and which links are being clicked. For technical reasons, this information may in fact be assigned to each of the newsletter recipients. However, our goal is not to watch each individual user. Instead, the purpose of these analyses is to recognize the reading habits of our users and to adjust our content accordingly or to send a variety of content based on the interests of our users.
The use of a mailing service, the implementation of the statistical surveys and analyses as well as the recording of the reading habits are all based on our legitimate interests pursuant to Art. 6 (1f) GDPR. Our interests are geared towards utilizing a user-friendly and secure user information system, which not only serves our business interests, but also meets the expectations of the users.
c. Registration in the my.viastore customer portal
Registration with setting up a user account is required in order to be able to use the my.viastore customer portal on our website. User profiles can only be created for viastore customers. In my.viastore, customers can review the processing status of their recent hotline calls as well as the relevant manufacturer information with important documents on setting up customers.
We create a user account for you on request. In the process, the following data is collected and stored in the user profile, after it was checked whether the user has a qualified viastore customer status:
- User name (e-mail)
- First name
- Last name
- Password (encrypted via a salted hash)
- Telephone number, if applicable
We process the data that you provide during registration on the basis of Art. 6 (1b) GDPR in order to create your profile, to be able to identify you during each log-in and to be able to provide you the services offered in the area of our website that require registration. We erase this data as soon as the collection purposes no longer apply, in particular at the time that you want to delete your user account with us.
d. Processing applicant data
On the career pages of our website, you have the opportunity to submit your applications for open positions, via e-mail, for example. We process the data that you send to us in connection with your application so that we can review your qualification for the advertised position (or any other positions within the viastore Group) and complete the application process. After you application has been received, your applicant data is viewed by the HR Department and the department supervisors in our company. Within our company, as a rule only those persons are granted access to your data who require such in order to complete the application process.
The legal basis for the processing of your personal data within the application process is Section 26 Federal Data Protection Act (BDSG) in particular. According to this provision, data processing is permitted to the extent required in connection with a decision on establishing an employment relationship. Additional information, which you may have provided voluntarily, is stored on the basis of Art. 6 (1) (f) GDPR due to our legitimate interest in also processing the voluntarily provided additional information for the purposes of completing the application process. If, after an unsuccessful conclusion of the application process, you consent to allow us to continue to store your personal data in our applicant pool, the legal basis for the further processing associated with that is your consent pursuant to Art. 6 (1)(a) GDPR. You may withdraw your consent at any time with effect for the future without providing reasons.
Generally, if the application is turned down, the applicant's personal data is erased after a period of four months. If you have consented to allowing us to further process your personal data in our applicant pool, the data is erased once they are no longer needed for the purposes for which it was collected and processed, typically after a period of 1 year after it was added to the applicant pool. If, upon completion of the application process, you have been chosen for a position, your data is transferred to our personnel management system and processed there to the extent necessary for us to establish and implement the employment relationship.
5. viastore in Social Networks
Online social networks offer viastore an excellent opportunity to communicate and network with employees, customers and leads. This is why viastore has its own presence on Facebook, Twitter, YouTube, LinkedIn, Xing, etc. We would be delighted to connect with you on any of those networks, where you can get more information about our work and we can get to know each other on a personal level. Where we bear the responsibility for data privacy for any data processing in social networks, we treat data on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR, i.e. our interest in optimizing and improving the information we provide online.
We take the current discussion relating to data protection on social networks very seriously. Currently, it has yet to be conclusively resolved in legal matters whether and in how far the services offered by common social networks conform to European data protection laws. As soon as new legal aspects are developed in this regard that relate to the operation of our online presence on these sites, we will comply with and implement them. Until then, we ask that you carefully review which personal data you publish on social networks.
We would like to expressly make you aware of the fact that according to their data protection guidelines, Facebook, Google and YouTube also store the data of their users (such as your personal information, your IP address, etc.) outside of Germany and use this data for business purposes. Generally, we have no influence on the data collection and further use thereof by the social networks. We neither have any way to distinguish nor influence the scope of the data stored nor where and for how long such data is stored, in how far the networks comply with existing erasure obligations, how it is analyzed and linked and with whom it is shared. This is why we ask that you carefully review which personal data you publish as a user on those sites. We recommend that you check your settings on the social networks you use to protect your privacy.
You can find additional information on how data is processed by each of the social networks by following the links below:
- Facebook: https://www.facebook.com/viastoreGROUP/
(Facebook data privacy notice: https://www.facebook.com/privacy/explanation)
- LinkedIn: https://de.linkedin.com/company/viastore-systems-gmbh
(LinkedIn data privacy notice: https://www.linkedin.com/legal/privacy-policy)
- Twitter: https://twitter.com/viastore
(Twitter data privacy notice: https://twitter.com/de/privacy)
- Xing: https://www.xing.com/companies/viastoregroup
(Xing data privacy notice: https://privacy.xing.com/de/datenschutzerklaerung)
- YouTube: https://www.youtube.com/user/viastoresystems
(YouTube data privacy notice: https://policies.google.com/privacy)
6. Recipients of personal data
Within our company, only those persons have access to personal data who require them for the purposes specified in each case. We only share your personal data with external third parties if doing so is necessary to transact or process your requests, a different legal permission exists or we have your consent to do so.
In particular, third-party recipients may be affiliated companies or third-party service providers that we use for the provision of services as processors, for example in the areas relating to technical infrastructure and maintenance of our website. We use utmost care in selecting these processors and inspect them regularly. They may use the data solely for the purposes we have specified and according to our instructions.
Moreover, it is also possible that we have to transmit personal data to official agencies and government institutions for compelling reasons, such as to district attorneys, courts or financial authorities. The data will in thus far be transmitted based on Art. 6 (1c) GDPR.
Furthermore, we may share your personal data with third parties if we offer sales activities, sweepstakes, conclude contracts or similar services in coordination with partners or service providers (such as transport service providers). In such cases, data will be shared on the basis of consent given, in order to implement a contract with you or to protect our legitimate interests pursuant to Art. 6 (1a), (1b) and/or (1f) GDPR. You can receive more information in this regard by providing your personal data in connection with the specific processing operation.
7. Data processing in third countries
If data is transmitted to offices the headquarters of which or the location of the data processing is not within a Member State of the European Union nor in other contracting parties to the agreement on the European Economic Area, we shall ensure prior to sharing such data that outside of legally permitted exceptional cases there is either an appropriate data security level in place at the recipient's location (e.g. by way of a suitability resolution by the European Commission, with suitable guarantees such as a self-certification from the recipient for the EU-US Privacy Shield or by way of agreeing on "EU standard contractual clauses" of the European Union with the recipient) or that your consent has been given for the transmission of data.
8. Storage duration
For information on the storage duration of personal data, please review the corresponding description of relevant product or service. In addition, or unless defined otherwise in the relevant description of the product or service, the following applies generally: we store your personal data only for as long as required to meet the processing purposes or, in the event that consent is given, as long as you have not revoked your consent. In the event that you object, we will erase your personal data, unless further processing thereof is permitted in accordance with relevant legal provisions. We will also erase your personal data if we are required to do so for legal reasons. Insofar as legal storage obligations exist, we will not erase the data until the relevant deadlines have expired.
9. Rights of the data subject
As a data subject, you have a number of rights that you can exercise. In detail, they include:
- Right to information: you have the right to obtain information on your personal data that we store.
- Right to rectification and erasure: you may obtain from us that we rectify inaccurate data and erase your data.
- Restriction of processing: you may obtain from us that we restrict the processing of your data..
- Data portability: if you provided your data to us on the basis of a contract or consent, we may request from us to receive the personal data which concerns you in a structured, commonly used and machine-readable format and that we transmit those data to another controller.
- Object to data processing with respect to the legal grounds "legitimate interest": you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data provided it is based on the legal grounds "legitimate interest". Should you make use of your right to object, we will discontinue processing your data, unless we can demonstrate compelling legitimate grounds for further processing that outweigh your rights.
- Withdrawal of consent: if you have given your consent to processing your data, you may withdraw your consent with immediate effect at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
- Right to appeal with the supervisory authority: you may also submit an appeal with the responsible supervisory authority if you feel that the processing of your data violates applicable law. To do so, you may address the data protection authority that is responsible for your place of residence or your country or to the data protection authority that is responsible for us.
You are only entitled to the rights described above provided that the applicable legal requirements have been met, and unless expressly mentioned otherwise in the description above.
If you have questions on how your personal data is processed, on your rights as a data subject and on any consent given, you may contact us in this regard free of charge. To exercise all of your aforementioned rights, please contact email@example.com or by postal mal to the address given above under Clause 1. When doing so, please make sure that we can clearly identify you as the data subject.
10. Links to and integrating third-party offers
Web pages and services from other providers that are linked to our website are provided by the respective service provider. We have no influence on the design, content and function of these third-party services. We expressly distance ourselves from all content of any linked third-party products. Please keep in mind that the third-party products linked on our website may potentially install their own cookies on your end device or collect your personal data. We have no control over this. If this is the case, please obtain information from the provider of these linked third-party products directly.
b. Services and third-party content:
On our online web pages, we utilize content or service products from third parties so as to be able to integrate videos, for example (hereinafter commonly referred to as "content") on the basis of our legitimate interests as defined in Art. 6 (1f) GDPR, i.e. our interests in the analysis, the optimization and economic operation of our online services. This always requires that the third-party provider of this content perceive the IP address of the user, because they would be unable to send the content to their browser without the IP address. Therefor, the IP address is required to display this content. We make every effort to only use such content from those providers who solely use the IP address to deliver the content.
Third-party providers may also utilize so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" allow information such as visitor traffic to be analyzed on the pages of this website. Furthermore, this pseudonym information may be stored in cookies of the users' devices and, among other things, may contain technical information about the browser and the operating system, referring web pages, time of visit and other information on how the online services were used, and may also be combined with such information from other sources.
From time to time, it may be necessary to adjust the content to this privacy notice. We therefore reserve the right to change it at any time. We will publish the revised version of the privacy notice here. The privacy notice as amended at the time of your visit will apply.