Email icon
Contact
Phone icon
+49 6572 - 92 24-0
Data protection

Privacy Policy

1. Introduction

With the following information, we would like to provide you, as the "data subject," with an overview of the processing of your personal data by us and your rights under data protection laws. The use of our websites is generally possible without entering personal data. However, if you wish to use special services of our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, for example, your name, address, or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection provisions applicable to "Elektromaschinenbau Wittlich GmbH." By means of this privacy policy, we wish to inform you about the scope and purpose of the personal data we collect, use, and process.

2. Controller

Controller within the meaning of the GDPR is:
Elektromaschinenbau Wittlich GmbH
Gewerbegebiet 2, 54533 Laufeld, Germany
Phone: +49 6572 / 9224-0
E-mail: info@emb-wittlich.de
Representatives of the Controller: Ruppert G. von Teutul, Harald Klein

3. Data Protection Officer

You can reach the Data Protection Officer as follows:
secom IT GmbH
Phone: +49 4271-9473-800
E-mail: datenschutz@emb-wittlich.de

You may contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.

4. Definitions

This privacy policy is based on the terms used by the European legislator in the adoption of the GDPR. Our intention is for this privacy policy to be easily readable and understandable for the public, as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms in this privacy policy, among others:

1. Personal data: All information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2. Data subject: Any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing (our company).

3. Processing: Any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

4. Restriction of processing: The marking of stored personal data with the aim of limiting its future processing.

5. Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

6. Pseudonymisation: The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

7. Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

8. Recipient: A natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

9. Third party: A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

10. Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


5. Legal Basis for Processing

Article 6(1)(a) GDPR (in conjunction with Section 25(1) TDDDG) serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party—such as processing operations required for the supply of goods or the provision of another service or consideration—the processing is based on Article 6(1)(b) GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, for example, in cases of enquiries about our products or services.

Where our company is subject to a legal obligation that necessitates the processing of personal data—such as to fulfil tax obligations—the processing is based on Article 6(1)(c) GDPR.

Finally, processing operations may be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal grounds, if the processing is necessary for the purposes of legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests, fundamental rights, and freedoms of the data subject. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. The legislator considered that a legitimate interest could be assumed if you are a customer of our company (Recital 47, sentence 2 GDPR).


6. Disclosure of Data to Third Parties

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We only disclose your personal data to third parties if:

1. you have given your express consent pursuant to Article 6(1)(a) GDPR;

2. disclosure is permissible pursuant to Article 6(1)(f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data;

3. there is a legal obligation for disclosure pursuant to Article 6(1)(c) GDPR; or

4. it is legally permissible and necessary pursuant to Article 6(1)(b) GDPR for the performance of a contractual relationship with you.

In the context of the processing operations described in this privacy policy, personal data may be transferred to the United States. The USA does not have an adequate level of data protection (ECJ: Schrems II judgment). In particular, US investigative authorities may require US companies to hand over or disclose personal data without the data subjects being able to effectively take legal action against this. As a result, there is generally the possibility that your personal data will be processed by US investigative authorities. We have no influence on these processing activities.

To protect your data, we have concluded data processing agreements based on the European Commission’s Standard Contractual Clauses. Where these Standard Contractual Clauses are not sufficient to establish an adequate level of protection, your consent pursuant to Article 49(1)(a) GDPR may serve as the legal basis for the transfer to third countries. This does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 GDPR.

7. Technology

7.1 SSL/TLS Encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content—such as orders, login data, or enquiries you send to us as the operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
We use this technology to protect the data you transmit.

7.2 Data Collection When Visiting the Website
When you use our website for purely informational purposes—meaning you do not register or otherwise transmit information to us—we only collect the data that your browser transmits to our server (so-called “server log files”). Each time a page on our website is accessed by you or an automated system, our website collects a series of general data and information. These general data and information are stored in the server’s log files. The following can be recorded:

1. browser types and versions used;

2. the operating system used by the accessing system;

3. the website from which an accessing system reaches our website (so-called referrer);

4. the sub-pages which are accessed on our website by an accessing system;

5. the date and time of access to the website;

6. a shortened Internet Protocol address (anonymised IP address); and

7. the internet service provider of the accessing system.

When using these general data and information, we do not draw any conclusions about you personally. Rather, this information is needed to:

1. deliver the content of our website correctly;

2. optimise the content of our website as well as the advertising for it;

3. ensure the long-term functionality of our IT systems and website technology; and

4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

These collected data and information are therefore evaluated by us statistically and also with the aim of increasing data protection and data security in our company, ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

The legal basis for the data processing is Article 6(1)(f) GDPR. Our legitimate interest follows from the purposes of data collection listed above.

7.3 Hosting
We host the content of our website with the following provider:

IONOS
Provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter “IONOS”). When you visit our website, IONOS collects various log files, including your IP addresses. Details can be found in the IONOS privacy policy: https://www.ionos.de/terms-gtc/terms-privacy.

The use of IONOS is based on Article 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website possible. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.

Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required under data protection law, which ensures that the personal data of our website visitors are only processed in accordance with our instructions and in compliance with the GDPR.


8. Cookies

8.1 General Information on Cookies
Cookies are small files that your browser automatically creates and stores on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.

The cookie stores information that results in each case from the specific device used. However, this does not mean that we obtain direct knowledge of your identity.

The use of cookies serves to make the use of our offering more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

We also use temporary cookies to optimise user-friendliness; these are stored on your device for a certain defined period. If you visit our site again to use our services, it will be automatically recognised that you have already been with us and which entries and settings you have made, so that you do not have to enter them again.

Furthermore, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offering for you. These cookies enable us to automatically recognise, upon a repeat visit to our website, that you have already visited us. The cookies set in this way are automatically deleted after a defined period. The respective storage duration of the cookies can be found in the settings of the consent tool used.

8.2 Legal Basis for the Use of Cookies
The data processed by cookies that are necessary for the proper functioning of the website are required to protect our legitimate interests and those of third parties pursuant to Article 6(1)(f) GDPR.

For all other cookies, you have given your consent via our opt-in cookie banner within the meaning of Article 6(1)(a) GDPR.

8.3 Information on Avoiding Cookies in Common Browsers
Through the settings of your browser, you may at any time delete cookies, allow only selected cookies, or completely disable cookies.

9. Content of Our Website

9.1 Contact / Contact Form
When contacting us (e.g., via contact form or e-mail), personal data is collected. The specific data collected in the case of a contact form can be seen from the respective contact form itself. These data are stored and used exclusively for the purpose of responding to your enquiry or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Article 6(1)(f) GDPR.

If your contact aims at concluding a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR. Your data will be deleted once your enquiry has been conclusively processed, which is the case when the circumstances indicate that the matter in question has been finally clarified and provided that there are no statutory retention obligations to the contrary.

9.2 Application Management / Job Board
We collect and process the personal data of applicants for the purpose of handling the application procedure. Processing may also be carried out electronically, in particular if an applicant submits corresponding application documents to us electronically, for example, by e-mail or via a web form on the website.

If we conclude an employment or service contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with legal requirements.

If we do not conclude a contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests on our part oppose deletion.

Another legitimate interest in this sense would be, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

The legal basis for processing your data is Article 88 GDPR.

10. Our Activities on Social Networks

To communicate with you on social networks and to inform you about our services, we maintain our own pages there. If you visit one of our social media pages, we are, together with the provider of the respective social media platform, jointly responsible for the data processing operations triggered as per Article 26 GDPR.

We are not the original provider of these pages, but merely use them within the framework of the options offered to us by the respective providers. Therefore, we point out that your data may also be processed outside the European Union (EU) or the European Economic Area (EEA). This may pose risks to you because it could make it more difficult to exercise your rights (e.g., right of access, erasure, objection, etc.), and the processing in social networks often takes place directly for advertising purposes or for analysing user behaviour by the providers, without us being able to influence this. If usage profiles are created by the provider, cookies are often used, or the usage behaviour is assigned to your own member profile of the social networks.

The described processing of personal data takes place pursuant to Article 6(1)(f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider to communicate with you in a timely manner or to inform you about our services. If you are required by the respective providers to give consent to data processing as a user, the legal basis for the processing is Article 6(1)(a) GDPR in conjunction with Article 7 GDPR.

Since we do not have access to the providers’ databases, we recommend that you exercise your rights (e.g., right of access, rectification, erasure, etc.) directly with the respective provider. For further information on the processing of your data in social networks, we have listed the social network providers we use below:

10.1 Facebook
(Joint) Controller for data processing in Europe:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy: https://www.facebook.com/about/privacy

10.2 Instagram
(Joint) Controller for data processing in Germany:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy: https://instagram.com/legal/privacy/

11. Your Rights as a Data Subject

11.1 Right to Confirmation
You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed.

11.2 Right of Access (Article 15 GDPR)
You have the right to obtain from us at any time free information about the personal data stored about you and a copy of such information in accordance with the statutory provisions.

11.3 Right to Rectification (Article 16 GDPR)
You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay. You also have the right to have incomplete personal data completed, taking into account the purposes of the processing.

11.4 Right to Erasure (Article 17 GDPR)
You have the right to request that personal data concerning you be erased without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.

11.5 Right to Restriction of Processing (Article 18 GDPR)
You have the right to request the restriction of processing where one of the legal requirements is met.

11.6 Right to Data Portability (Article 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us to which the personal data have been provided, where the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Article 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

11.7 Right to Object (Article 21 GDPR)
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you, which is based on Article 6(1)(e) GDPR (processing in the public interest) or Article 6(1)(f) GDPR (processing based on a balancing of interests). This also applies to profiling based on these provisions within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defence of legal claims.

Where personal data are processed by us for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.

You also have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In connection with the use of information society services, and notwithstanding Directive 2002/58/EC, you are free to exercise your right to object by automated means using technical specifications.

11.8 Right to Withdraw Data Protection Consent
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

11.9 Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority responsible for data protection about our processing of your personal data.

12. Routine Erasure and Blocking of Personal Data

We process and store your personal data only for the period necessary to achieve the storage purpose or insofar as this is required by the legal provisions to which our company is subject.

If the storage purpose ceases to apply or if a statutory storage period expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.

13. Duration of the Storage of Personal Data

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data will be routinely deleted, provided that they are no longer required for the fulfilment or initiation of a contract.

14. Up-to-dateness and Amendment of the Privacy Policy

This privacy policy is currently valid and has the status: August 2025.

Due to the further development of our websites and offers or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed and printed by you at any time on the website at "www.emb-wittlich.de/datenschutz.html".