Data privacy

Name and contact of the controller pursuant to Article 4 (7) GDPR

topex GmbH
Daimlerstraße 2
D-73268 Erkenbrechtsweiler
Tel.: +49 (0) 7026 /9316-0
Fax: +49 (0) 7026 / 9316-90
E-mail: datenschutz(at)topex.de

 

external data protection officer
w-consults
Schlehenweg 12
72415 Grosselfingen
E-mail: datenschutz(at)w-consults.de
Tel.: +49 7476 4490428

 

 

Cookies

To make our website look attractive and enable certain functions, we use cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted at the end of your browser session, i.e. when you close your browser (session cookies). Other cookies remain on your device and allow us or our partner companies (third party cookies) to recognise your browser the next time you visit (persistent cookies). Cookies are used to gather and process certain user data such as browser data, location data and IP address to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

Cookies also store settings to simplify the ordering process (e.g. to recall the content of a virtual shopping cart for use later on the website). Insofar as personal data is processed by some of the cookies implemented by us, this data is processed in accordance with either Art. 6(1)(b) GDPR (General Data Protection Regulation) for performance of the contract or Art. 6(1)(f) GDPR for protecting our legitimate interests by ensuring the best possible website functionality and effective design for a customer friendly experience when visiting the site.

We sometimes work with advertising partners who help us to make our online content more interesting for you. Cookies from partner companies (third party cookies) may sometimes be stored on your hard drive for this purpose when you visit our website. Where we cooperate with advertising partners as stated above, how these types of cookies are used and what information they gather is described individually and separately in the following paragraphs.

Update/change cookie consent



Server log files

The website provider gathers and stores information automatically in server log files, which your browser automatically sends to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the computer accessing the website
  • Date and time of the server request
  • Quantity of data sent in bytes
  • Your IP address (anonymised)

Please note that you can set your browser to inform you about the placing of cookies and you can decide individually whether to accept them, or can block acceptance of cookies for certain cases or generally. Each browser differs in terms of how cookies are managed. This is explained in the help menu of every browser, where you will find information on how to change your cookie settings. Use the following links to view this information for different browsers:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/?s=cookies&product=latest
Please note that if you block cookies, this may restrict the functionality of our website.

Contacting us

Contact form
If you send us an enquiry using the contact form, your details from this form, including the contact data that you have provided, will be stored by us for the purposes of processing your enquiry and in case of follow-up questions. This data will not be disclosed without your consent.
The data entered in the contact form will only be processed on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time.
An informal message to us by email is sufficient for this. The legality of the data processing procedures performed prior to withdrawal of consent shall remain unaffected.
We will continue to hold the data that you entered in the contact form until you ask us to erase it, withdraw your consent to the storage of the data, or until the purpose for the data storage no longer applies (e.g. the processing of your enquiry has been completed). This is without prejudice to any mandatory statutory regulations – in particular retention periods.

Enquiries by email, phone or fax
If you contact us by email, phone or fax, we will store and process your enquiry, including all associated personal data (name, enquiry), for the purposes of dealing with your request. This data will not be disclosed without your consent.
This data will be processed on the basis of Art. 6(1)(b) GDPR, insofar as your enquiry is related to the performance of a contract or is necessary in order to take steps prior to entering into a contract. In all other cases, the data will be processed on the basis of your consent (Art. 6(1)(a) GDPR) and/or our legitimate interests (Art. 6(1)(f) GDPR), since we have a legitimate interest in the effective processing of the enquiries submitted to us.
We will continue to hold the data that you sent to us in the form of contact enquiries until you ask us to erase it, withdraw your consent to the storage of the data, or until the purpose for the data storage no longer applies (e.g. the processing of your enquiry has been completed). This is without prejudice to any mandatory statutory regulations – in particular statutory retention periods.

Job applications using the online form
On our website, we offer job applicants the option of applying online using an application form. In order to be accepted into the application process, the applicant must include in the form all the personal data required for us to make a sound, informed judgement and selection.
The required information includes general personal data (name, address, contact phone number or electronic means of contact) and specific evidence of the qualifications necessary for a post. Health-related details may also be needed, insofar as these need to be taken into consideration with regard to labour and social welfare law in the interests of the applicant's social protection.
When the form is submitted, the applicant data is sent to us using state-of-the-art encryption, stored by us and assessed solely for the purpose of processing the application.
The legal basis for processing this data is Art. 6(1)(b) GDPR combined with paragraph 26(1) BDSG (German Federal Data Protection Act), under which the application process is deemed the initiation a contract of employment.
Insofar as applicants are requested to provide special categories of personal data (e.g. health data such as details of disabilities) as per Art. 9(1) GDPR, this data is processed in accordance with Art. 9(2)(b) GDPR, in order for us to be able to exercise rights in the field of employment and social security and social protection law and fulfil our obligations in this regard.
The special data categories may alternatively or cumulatively be processed on the basis of Art. 9(1)(h) GDPR, if processing this data is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services.
If the applicant is not selected during the evaluation described above, or an applicant withdraws their application early, the applicant's data sent via the form shall be erased after no more than 6 months, following notification to this effect. This delay is calculated on the basis of our legitimate interest in answering any follow-up questions regarding the application and, where necessary, complying with our record-keeping obligations pursuant to the regulations on equal treatment of applicants.
In the case of a successful application, the data provided will be processed further on the basis of Art. 6(1)(b) GDPR combined with paragraph 26(1) BDSG (German Federal Data Protection Act) for the purposes of conducting the employment relationship.

Data processing for order handling

In order to process your order, we work with service providers who fully or partially assist us with the performance of closed contracts. If you commission us to perform a service or send goods, your personal data will be used without your separate consent only insofar as this data is required in order to provide the service or perform the contract. This applies in particular to the disclosure of your data to transport companies, credit institutions or others for provision of the service or contractual performance of the services used.
As part of contractual performance, the personal data gathered by us is disclosed to, for example, the transport company assigned with the delivery, insofar as this is necessary in order to deliver the goods. We will disclose your payment data to the assigned credit institution, insofar as this is necessary for processing the payment. The legal basis for disclosing this data is Art. 6(1)(b) GDPR.
We disclose customer accounts and personal data about customers if we are legally obliged to do so, or if the disclosure of this data is required in order implement our general terms of business or other agreements, or to protect our rights or the rights of other customers and those of third parties.

YouTube

This website uses the YouTube embedding function for display and playback of videos offered by the provider "YouTube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
The extended data protection mode is used here which, according to the provider, only triggers the storage of user information when the video(s) is/are played. If embedded YouTube video playback is started, "YouTube" uses cookies to collect information about user behaviour. According to information from "YouTube", these cookies serve amongst other things to collect video statistics, improve user friendliness and prevent abusive practices. When you are logged into Google, your data is assigned directly to your account if you click on a video. You should therefore log out before activating the button if you do not wish to be associated with your YouTube profile. Google stores your data (even for users who are not logged in) as usage profiles and analyses it. In accordance with Art. 6(1)(f) GDPR, this analysis is based on the legitimate interests of Google in displaying personalised advertising, market research and/or the bespoke design of its website. You have a right to object to the creation of these user profiles, and should contact YouTube to exercise your right if you wish to do so. When using YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA.
Regardless of whether the embedded video is played back, a connection to the Google network is established when visiting this website, which may trigger further data processing beyond our control.

In the event that personal data is transferred to Google LLC. based in the United States, Google LLC. is certified under the US-European "Privacy Shield" data protection agreement, which guarantees compliance with the data protection level applicable in the EU. An up to date certificate can be viewed here: https://www.privacyshield.gov/list

Further information on "YouTube" data protection can be found in the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy

Our social media presence

Data processing by social networks
We maintain publicly accessible profiles on social media. Details of the specific social networks we use are set out below.
Social networks such as Facebook, Google+, etc. are generally able to comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. "Like" buttons or banner ads). Visiting our social media pages triggers numerous processing operations relevant for data protection. Specifically:
If you visit our social media page when you are logged in to your social media account, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded even if you are not logged in or do not have an account with the social media portal in question. In this case, this data is collected using cookies stored on your device, for example, or by recording your IP address.
Using the data collected in this way, the operators of the social media portals are able to create user profiles containing your preferences and interests. By this means, you can be shown interest-based advertising both within and outside of the particular social media site. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged into or have previously logged into.
One of the aims of processing this information is to allow the social media platform to improve its advertising system, which it disseminates throughout its network. Another is to allow us as the operator of the social media page to obtain statistics, which are compiled based on the visits to our network page. The purpose of this is to manage the marketing of our activities. For example, it allows us to become acquainted with the profiles of visitors who like our social media page or use applications on the page, in order to provide them with more relevant content and develop functions that might be of more interest to them.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, other processing operations may therefore be performed by the social media portal operators. Details can be found in the terms of use and privacy policies of the individual social media portals.

Legal basis
Our social media activity is designed to achieve the widest possible online presence. This is a legitimate interest under Art. 6(1)(f) GDPR. The analysis processes triggered by the social networks may have an alternative legal basis, which must be specified by the social network operators (e.g. consent within the meaning of Art. 6(1)(a) GDPR).

The controller and assertion of rights
If you visit one of our social media pages (e.g. Facebook), we and the operator of the social media platform are jointly responsible for the data processing operations triggered by your visit. In principle you can exercise your rights (information, rectification, erasure, restriction of processing, data portability and complaint) against us and against the operator of the relevant social media portal (e.g. Facebook).
Please note that despite our joint responsibility with the social media portal operators, we cannot fully control the data processing activities of the social media portals. Our options are largely based on the company policy of the provider in question.

Duration of storage
The data we collect directly through our social media presence will be deleted from our systems as soon as the purpose for the data storage no longer exists, if you ask us to erase this data, if you withdraw your consent to the storage of the data, or the purpose for the data storage no longer applies. Cookies stored on your device will remain there until you delete them. This is without prejudice to any mandatory statutory regulations – in particular retention periods.
We have no control over the duration of storage of data retained by social network operators for their own purposes. For details, please refer to the social network operators directly (e.g. by consulting their privacy policy – see below).

Specific social networks
Facebook
We have a Facebook profile. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.
We have concluded an agreement with Facebook regarding joint responsibility for the processing of data (Controller Addendum). This agreement defines which data processing operations we or Facebook are responsible for when you visit our Facebook Fan Page. You can read this agreement by clicking on this link: 
www.facebook.com/legal/terms/page_controller_addendum

You can customise your advertising settings yourself in your user account. Click on the following link and log in: www.facebook.com/settings

Details can be found in the Facebook privacy policy:
www.facebook.com/about/privacy/

Link to information about Page Insights data:
https://www.facebook.com/legal/terms/information_about_page_insights_data

 

LinkedIn
We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified under the EU-US Privacy Shield. LinkedIn uses advertising cookies.
Under the settings for advertising preferences, LinkedIn users can control the extent to which their user behaviour can be recorded during their visit to our LinkedIn page. 
Processing of information by the cookies used by LinkedIn can also be disabled if cookies from third parties or from LinkedIn are blocked by your own browser settings.

To disable the LinkedIn advertising cookies, use the following link:
www.linkedin.com/psettings/guest-controls/retargeting-opt-out

For details on how LinkedIn handles your personal information, please refer to LinkedIn's privacy policy:
www.linkedin.com/legal/privacy-policy

Google APIs / Google Hosted Libraries

We use Google Hosted Libraries on our website. Google Hosted Libraries is a service by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Like many other internet sites, this website uses the jQuery JavaScript library. We use Google’s CDN (content delivery network) to load this library. This increases the loading speed of our website and improves your user experience. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. It is very likely that you have already used jQuery on another Google CDN website. If so, your browser can refer back to the stored copy in your cache. If this is the case, it does not need to be downloaded again. If there no copy in your cache, the file is downloaded from Google CDN. It may also be necessary to download this file for other reasons. In these cases, data is sent from your browser to Google Inc. ("Google"). In this way, you also consent to the possibility that your data could be transferred to the USA. Google has pledged to comply with the EU-US Privacy Shield Framework, which ensures compliance with the level of data protection applicable in the EU.
The connection to the library takes place via an interface ("API") to Google services. Through this connection to the library, Google may collect and process information (including personal data). In so doing, the possibility that Google could transfer the information to a server in a third country cannot be excluded.

Specifically, the following personal data is processed by Google Hosted Libraries:

  • Log data (particularly the IP address)
  • Information about location
  • Unique application numbers
  • Cookies and similar technologies

If you are logged into your Google account, depending on your account settings, Google may be able to add the processed information to your account and treat it as personal data. You can prevent direct addition of this data by logging out of your Google account or changing the corresponding settings in your Google account. You can also prevent the installation of any cookies that Google places using the corresponding settings in your browser.
Details about the terms for Google Hosted Libraries can be found under: developers.google.com/speed/libraries/terms
Technical information about Google Hosted Libraries can be found under: developers.google.com/speed/libraries/ 

Google may place cookies on your device for the use of Google Hosted Libraries. Google claims to use these cookies solely for reasons of security and prevention of misuse.

Our aim in integrating Google Hosted Libraries is to integrate the libraries needed for optimal functionality of the site.

The legal basis for the processing of personal data described here is Art. 6(1)(f) GDPR. Our legitimate interest required for this is the major benefit derived from the integration of Google Hosted Libraries. Integrating the libraries via Google enables us to reduce our maintenance costs, the loading time of the website, and the server and traffic loads. Google also has a legitimate interest in the (personal) data it gathers in order to improve its own services.

Integration of Google Maps

(1) On this website, we use Google Maps. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.
(2) When you visit the website, Google is informed that you have called up the corresponding subpage of our website. In addition, the data referred to in paragraph 3 of this policy will be transmitted. This occurs regardless of whether Google provides a user account that you are logged into, or whether you do not have a user account. If you are logged into Google, your data will be directly associated with your account. If you do not wish to be associated with your profile on Google, you should log out before activating the button. Google stores your data as user profiles and uses it for the purposes of advertising, market research and/or customisation of its website. This kind of analysis takes place in particular (including for users who are not logged in) in order to show you targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; you would have to contact Google to exercise this right.
(3) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the privacy policies of the provider. These will also give you further information about your rights in this regard and setting options to protect your privacy: https://policies.google.com/privacy?hl=en. Google also processes your personal data in the USA and complies with the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework 

Bootstrap CDN

We use Bootstrap technology on our web pages for state-of-the-art design and presentation of the content on different devices. The provider is StackPath, LLC, 2021 McKinney Avenue, Suite 1100 Dallas, Texas 75201. To increase the loading speed of our web pages, we use the BootstrapCDN (Content Delivery Network) from MaxCDN to supply libraries (collections of technical instructions) to your browser. The service is integrated for the optimisation of our web pages in our own interest, as per Art. 6(1)(f) GDPR.
It is highly likely that you have already downloaded one of these libraries when visiting another BootstrapCDN website. In this case, your browser can refer back to the stored copy in your cache. If your browser has not stored a copy in the cache or downloaded the file from BootstrapCDN for another reason, your IP address will be sent to the provider MaxCDN while connecting to the BootstrapCDN server.
If you have enabled JavaScript in your browser and not installed a JavaScript blocker, your browser may send personal data, such as your IP address, to BootstrapCDN. We do not know what data BootstrapCDN associates with the data it receives or for what purpose BootstrapCDN uses this data. To totally prevent BootstrapCDN executing JavaScript code, you can install a JavaScript blocker (e.g. www.noscript.net or www.ghostery.com).
Further information on data protection at StackPath, LLC. can be found at: https://www.stackpath.com/legal/master-service-agreement/#pp
For the exceptional cases in which personal data is transferred to the USA, StackPath (BootstrapCDN) complies with the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Rights of the data subject

Under the applicable data protection law, you have data subject rights vis-à-vis the controller with regard to the processing of your personal data (right of access to information and right of intervention), as detailed below:

  • Right of access to information as per Art. 15 GDPR: You have in particular a right of access to information about your personal data processed by us, the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory authority, where the personal data is not collected from you, any available information as to its source, the existence of automated decision making, including profiling, and if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you, and your right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer of your data to a third country.
  • Right to rectification as per Art. 16 GDPR: You have the right to immediate rectification of inaccurate personal data concerning you, and to completion of your personal data stored by us, should it be incomplete.
  • Right to erasure as per Art. 17 GDPR: You have the right to demand erasure of your personal data where the grounds in Art. 17(1) GDPR apply. However, this right shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise or defence of legal claims.
  • Right to restriction of processing as per Art. 18 GDPR: You have the right to demand restriction of processing of your personal data where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data; if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead; if we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; if you have objected to processing for reasons relating to your specific situation, pending verification as to whether our legitimate grounds override yours.
  • Right to notification as per Art. 19 GDPR: If you have asserted the right to rectification or erasure of personal data or restriction of processing vis-à-vis the controller, the latter is obliged to communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
  • Right to data portability as per Art. 20 GDPR: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to transmit this data to another controller, where technically feasible.
  • Right to withdraw consent as per Art. 7(3) GDPR: You have the right to withdraw your consent to the processing of your data at any time with future effect. If you withdraw your consent, we will erase the data concerned without delay, unless a legal basis can be supported for further processing without consent. The withdrawal of consent shall not affect the legality of processing carried out between the giving of consent and withdrawal.
  • Right to lodge a complaint as per Art. 77 GDPR: If you believe that the processing of the personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

SSL encryption

This website uses SSL encryption for reasons of security and to prevent the transfer of confidential content, such as the enquiries you submit to us as the operators of the website. An encrypted link can be identified by the fact that the browser address bar switches from "http://" to "https://" and the padlock symbol appears in your browser bar. When SSL encryption is activated, the data you transfer to us cannot be read by third parties.

Right of access to information, erasure, blocking

You have the right of access to information – free of charge at any time – regarding your stored personal data, its source and recipient and the purpose of data processing, as well as a right to rectification, blocking or erasure of this data. You can contact us regarding this or any other questions concerning personal data at any time using the contact data provided at the start of this privacy policy.
If you have any questions not answered in this privacy policy, or regarding the processing of your personal data, you can contact our data protection officer, who can also help you with requests for information, suggestions or complaints.
Data protection officer:
Steffen Wacker
E-Mail: datenschutz(at)topex.de

Data security

We implement a wide range of security measures as per Art. 32 GDPR (technical and organisational measures) to protect your personal data. If you contact us by email, please note that the confidentiality of the information you send is not guaranteed. The content of the emails may under certain circumstances be seen by third parties. We therefore recommend that you send us confidential information by post.

Objection to marketing emails

We hereby object to the use of contact data, published as part of our obligation to provide a legal notice, for the sending of marketing and information material not explicitly requested. The operators of the sites expressly reserve the right to take legal steps in the event of unsolicited sending of marketing material, such as spam emails.

Right to object

If, as part of a weighing up of interests, we process your personal data on the basis of our overriding interest, you have the right to object to this processing at any time with future effect, on grounds relating to your particular situation.
If you exercise your right to object, we shall cease to process the data concerned. However, we reserve the right to process this data further if we can provide compelling reasons for processing it which override your interests, basic rights and basic freedoms, or if the processing is for the establishment, exercise or defence of legal claims.
If we process your personal data for direct marketing purposes, you shall have the right to object to the processing of personal data concerning yourself for such marketing at any time. You can exercise your right to object as described above.
If you exercise your right to object, we shall cease to process the data concerned for direct marketing purposes.

Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal retention period (e.g. commercial and tax retention periods). After expiry of this period, the corresponding data will be routinely erased, provided it is no longer necessary for the performance or initiation of the contract and/or there is no longer any legitimate interest on our part in further storage.

Updating the privacy policy

This privacy policy will be updated when topex GmbH launches new products or services, changes internet processes or internet and IT security technology becomes more advanced. We will publish the changes here.

Cookie-settings