Data privacy policy

We are pleased that you are visiting the CADENAS website. The following contains information about the collection of personal data with the use of this website:

I. Name and address of the responsible party

Responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

CADENAS Konstruktions-, 
Softwareentwicklungs-
und Vertriebs GmbH

Berliner Allee 28 b + c
86153 Augsburg
GERMANY

Phone +49 821 2 58 58 0-0
Fax +49 821 2 58 58 0-999

info@cadenas.de
www.cadenas.de

II. Name and address of the Data Protection Officer

You can reach the Data Protection Officer of the responsible party at:

CADENAS Konstruktions-,
Softwareentwicklungs-
und Vertriebs GmbH

Att. Data Protection Officer

Berliner Allee 28 b+c
86153 Augsburg
GERMANY
dataprotection@cadenas.de
www.cadenas.de

III. Data Processing in general

1. Extent of the processing of personal data

We process the personal data of our users, in principle, only to the extent of what is necessary to provide a functional website as well as our contents and services. The processing of the personal data of our users takes place regularly only with the consent of the user. An exception in such cases is when prior consent is not possible for factual reasons and the processing of the data is permitted by legal provisions.

Moreover, we will collect personal data (e.g. e-mail address, name, phone number and company) within the operation of our websites only if you make such data available (e.g. if you register for a newsletter on our homepage, use our contact form, leave a comment, register on our Community Portal, register on our ticket system PARTconcept for support enquiries or provide contact details in the settings of our apps) and if we have the authorization to do so with your consent or on the basis of a legal regulation for processing and use. Information required to render a service is indicated accordingly, any other information is voluntary. We basically use such data for the purpose of which you provided us the data, e.g. to answer your inquiry, to process your inquiry or to provide you with access to certain information or offers..

2. Legal basis for the processing of personal data

Insofar as consent has been obtained by the person concerned to process personal data, Art. 6(1)(a) of the EU Data Protection Basic Regulation (GDPR) serves as the legal basis.

When processing personal data to fulfill a contract, the contracting party, which is the person concerned, Art. 6(1 lit)(b) of the GDPR serves as the legal basis.  This also applies to processing required for the execution of pre-contractual measures.

Insofar as the processing of personal data is necessary to meet a legal obligation which our company is subject to, Art. 6(1)(c) of the GDPR serves as the legal basis.

In case the vital interests of the person concerned or another natural person make the processing of personal data necessary, Art. 6(1)(d) of the GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and outweigh the interests, fundamental rights and freedoms of the person concerned, then Art. 6(1 lit)(f) GDPR serves as the legal basis for the processing.  

3. Data deletion and storage period

The personal data of the person concerned will be deleted or blocked as soon as there is no longer a purpose for the storage. Storage can also take place if provided for by European or national legislators in regulations, laws or other provisions the responsible party is subject to. Blocking or deletion of the data shall also take place when the mandatory storage period by the aforementioned standards expires.

IV. Providing the website and creating log files

1. Description and extent of the data processing

Whenever our website is called up, our system records data and information automatically from the system of the calling computer.

The following data is collected:

  • IP address
  • date and time of the request  
  • time zone difference to Greenwich Mean Time
  • content of the request
  • access Status/https-status code
  • the transferred data volume
  • website from which the request comes
  • browser,
  • the operating system and its interface
  • language and version

The data is also stored in the log files of our system. The information is stored in the log files of our system solely for the purposes of the technical administration of our website. This data will not stored together with other personal data of the user, neither transferred to third parties.

2. Legal basis for the data processing

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must be stored for the length of the session.

Storage in log files takes place to ensure the functionality of the website. The data also serves to optimize the website and to ensure the security of our information system. An evaluation of the data for marketing purposes does not take place in this regard.

Our legitimate interest in data processing is for these purposes in accordance with Art. 6(1)(f) GDPR.

4. Storage period

The data will be deleted as soon as the purpose of the data's collection is no longer necessary. Collecting the data to be provided to the website will end with each session.   

In case the storage of IP addresses in log files takes place:

If the data is stored in log files, this will be for the duration of seven days at the most. Storage beyond that point is possible. In which case the IP addresses of the users are deleted or distorted to prevent attributing to the requesting client.

5. Objection and removal option

The collecting of data for the website and the storing of data in log files are essential to operate the website. Therefore the user has no possibility to object.

V. Use of cookies

1. Description and extent of the data processing

On various occasions, cookies are used on our apps and websites in order to provide you with targeted information and to store your search settings. Cookies are small text files sent to your PC or end device from our web and normally stored on your hard drive for the browser you use. Cookies cannot run any programs nor transfer viruses onto your computer, but serve only to provide us the information needed to make your visit to our website easier and more effective.  A cookie contains a character string which enables the clear identification of the browser whenever the website is visited again. If you have an account on any of our websites, we use cookies to identify you for subsequent visits, otherwise you would have to make a new login with each visit. The stored information is saved separately from any other data that might have been provided to us. In particular, the data of cookies will not be linked with any of your additional data.

Our websites use cookies to the following extent:

(1) Session IDs

(2) persistent Cookies

(3) Third-Party-Cookies

Session IDs allow the various requests by your browser to be assigned to a common session, so that your computer will be recognized when you return to the website.

We use cookies to make our website more user-friendly. Some elements of our website require that the browser can be identified even after a page change.

In particular, the following data is stored and transferred in the cookies:

(1) Language settings

(2) Log-in Information: User Name, Password encrypted if user selects Option "remember my Login data"

We also use cookies on our website to enable an analysis of the user's surfing behavior.

In this respect, especially the following data can be transferred:

(1) Search terms entered

(2) Frequency of page views

(3) Utilization of website functions

User data collected in this manner are pseudonymized through technical precautions. Therefore the user visiting the website cannot be identified. The data will not be stored together with other personal data.

When calling up our website, an info banner lets the users know that cookies are used for purposes of analysis and they are referred to this data protection declaration. It will also be pointed out that the storing of cookies can be prevented in the browser settings.

2. Legal basis for the data processing

The legal basis for the processing of personal data with the use of cookies is Art.6(1)(f) GDPR.

3. Purpose of the data processing

The reason for using technically necessary cookies is to simplify the use of websites for the users. Some of the functions of our website cannot be offered without the use of cookies. For those, it is necessary that the browser can also be recognized after a page change.

We need cookies for the following uses:

(1)   Session ID

The user data collected by technically necessary cookies will not be used to create user profiles.

The use of analysis cookies serve the purpose of improving the quality of our website and its contents. The analysis cookies show us how our website is used and help us to constantly optimize our offer.

At this point we need to describe the purpose of using analysis cookies in more detail.

Our legitimate interest in data processing is for these purposes in accordance with Art. 6 (1)(f) GDPR.

4. Storage period, possibilities for objection and removal

Cookies are stored on the user's computer and from there transferred to our page. It follows that you as the user have the complete control over the use of cookies. By changing your settings in your Internet browser, you can deactivate or limit the transfer of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. The deactivating of cookies for our website can possibly lead to a restricted use of all of the website's functions.

The session IDs are then deleted when you log out or close the browser. Persistent cookies will be deleted automatically after a specified time, which can vary depending on the cookie.

VI. Web analysis by Matomo (formerly PIWIK)

1. Extent of the processing of personal data

We use the Open-Source tool Matomo (formerly PIWIK) on our website to analyse the surfing behavior of our users. The software places a cookie on the user's computer (see above). When individual pages of our website are called up, the following data will be stored:

(1)Two bytes of the IP address of the user's system

(2) The called up website

(3) The website from where the user reached the called up website (referrer)

(4) The subpages called up from the website

(5) The length of stay on the website

(6) The frequency of visits to the website

The software runs exclusively on our website's server. The storing of personal data does not take place there. A transfer of the data to third parties does not take place.

The software is configured with the function "Automatically Anonymize Visitor IPs" in such a way that the IP addresses are not completely stored, but rather 2 Bytes of the IP address is masked (e.g.  192.168.xxx.xxx In this way, the abbreviated IP address of the calling up computer cannot be identified. For more information go to: https://matomo.org/docs/privacy/.

2. Legal basis for the processing of personal data

The legal basis for the processing of personal data with the use of cookies is Art.6(1)(f) GDPR.

3. Purpose of the data processing

The processing of the user's personal data enables us to do an analysis of the user's surfing behavior. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us improve our website and its user-friendliness. Our legitimate interest in data processing is for these purposes in accordance with Art. 6(1)(f)  GDPR. By anonymizing the IP address, the user's interest in protecting personal data is sufficiently taken into account.

4. Storage period

The data will be deleted when no longer needed for our recording purposes, which in this case takes place after 30 days

5. Objection and removal option

Cookies are stored on the user's computer and from there transferred to our page. It follows that you, as the user, have the complete control over the use of cookies. By changing your settings in your Internet browser, you can deactivate or limit the transfer of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. The deactivating of cookies for our website can possibly lead to a restricted use of all of the website's functions.

We offer our users the possibility to opt out of the analytical method on our website. To do so, follow the appropriate link. In this way, another cookie will be placed on your system that signals our system to no longer store the user's data. If the user deletes that cookie from his own system, he will have to place an opt-out cookie again.

Further information about privacy settings of Matomo software can be found at the following link: https://matomo.org/docs/privacy/

VII. Link to services of third parties

This statement of data privacy applies only to our websites and their subpages. Our websites can also contain links to other providers not covered by this statement. If you leave our websites via a link, it is recommended to carefully read the data protection regulations of each website that collects personal data.

1. Social Media Buttons

We have integrated buttons with graphics of Facebook, Linkedin and Youtube on our homepage so that you can find CADENAS on those social media platforms with one click. In the interest of the most extensive protection of your data, the buttons are only integrated as a link to the respective services. This assures that data transfer to any operator of the social network will not take place without previous activation on your part. After clicking the button, you will be forwarded to the provider and can then visit the pages of CADENAS on each of the platforms, find out about activities and topics around CADENAS, leave your comments and exchange ideas with others. Third-party pages are operated exclusively by the same. We neither have any influence on the data collected there and the data processing nor do we have any knowledge about the full extent of data collection, the purpose thereof as well as the storage periods. Information on the handling of your personal data when using those websites is available in the data protection regulations of the provider.

2. YouTube

We have integrated YouTube videos into our websites, stored at http://www.YouTube.com and playable directly from our websites. These are all integrated in “extended data protection mode”, i.e. no data about you as a user will be transferred to YouTube when you are not playing any videos. Only when viewing videos YouTube, if need be, will store cookies on your computer and so-called  server log files, see 1, will be transferred. YouTube uses this data to collect information about the visitors of their website, i.a. for statistics, preventing fraud and improving usability. Also a connection with the Google DoubleClick network is established. Moreover, if you are logged into your YouTube account, YouTube can assign your surfing behavior directly to your personal profile. If this is against your wishes, we recommend that you log out of your YouTube account before playing the video. We have no influence on the said data transfer and collect no personal data with regard to the embedding of YouTube videos. Information about the handling of your personal data when using those websites is available in YouTube’s data protection policy: https://www.youtube.com/static?template=privacy_guidelines

The embedded YouTube videos are used in the framework of permitted use by YouTube, which all YouTube users must accept: https://www.youtube.com/t/terms

In case you notice any copyright violation, please report this directly to YouTube.

3. Use of Google Site Search

Google custom search engine „Google CSE“ Is the central search service on the CADENAS homepage. The integrated search service allows a full-text search for contents of the official Internet offer from CADENAS. For user information on the Internet offer, “search Google™ cadenas.de” is displayed in the search box. When the user enters a term in the search box, an additional link appears below the search box that refers to data protection when using the Google™ search.

After entering the search term in the search box, pressing enter or the search icon (magnifying glass), the user activates the search function and the search results page appears, which loads the Google search results by means of a plugin provided by Google.

The plugin, developed and provided by Google (Google Custom Search Engine, “Google CSE”), is integrated into the search results page by CADENAS as a software module “as is”(unchanged). The plugin enables automatic communication (data exchange) between the search results page and Google service, when the results page is called up. The use of Google’s search function includes a dynamic transfer of data to the search results page by the service provider Google.

In principle, no data is transferred to the provider of the search service (Google) when CADENAS websites are officially called up, where the "Google user-defined search" is integrated. Data is first transferred to Google after the user has activated the search box, a full-text search has started and the search results page is called up. When using the search function within the results page, user data is also sent to the Google server in the USA and stored there.

By using the full-text search and the accompanying search results page, you consent to the use of the Google search service as well as to the transfer of data to the Google service. This includes e.g. search terms you have entered and the IP address of the computer you are using. Please note that other standards of data protection apply for Google than for the Internet offer from CADENAS. We draw your attention to the fact that processing, in particular the storing, deleting and use of personal data possibly transmitted, is the matter of the provider of the search service and that CADENAS has no influence on the type and extent of the data transferred and further processed.

In its privacy policy Google commits itself not to pass on information to third parties,however, it makes exceptions from that. This means information could be transferred to third parties, if this is legally required in the US or if third parties process data for Google. If you are logged in to Google, the Google service is in the position to assign the information directly to your user profile. You should log out to prevent profile information about you from being collected.

Further information from Google Inc. about the handling of user data (data privacy policy) can be obtained here: http://www.google.com/policies/privacy/

4. Use of Google Maps

On our websites and apps you can use the Google Maps service to see where CADENAS branch offices or a manufacturer is located on an interactive map. In doing so information about using CADENAS wesbites or apps, including your IP address is transferred to the Google server in the US and stored there.

In its privacy policy Google commits itself not to pass on information to third parties ,however, it makes exceptions from that. This means information could be transferred to third parties, if this is legally required in the US or if third parties process data for Google. You can find Google’s privacy policy here:  http://www.google.com/policies/privacy/

You have the option to switch off the card service and to prevent data transfer to Google. Simply deactivate JavaScript in your browser. In this case, you will no longer be able to use the location display.

5. Share Function

We offer you the so-called “share function” on our websites and in our apps. This can be used to share the contents of our websites, such as news or CAD models, with persons who you think would be interested, per e-mail and via Social Media Buttons (Facebook, Tumblr, Xing, Google Plus, Pinterest, WhatsApp,LinkedIn, Twitter).

In case you share contents via email, please be aware of the fact that you are responsible for the sent email and deemed to be Data Controller pursuant to the German Federal Data Protection Act. In the interest of the fullest protection possible for your data, the Buttons on our websites and in our apps are integrated only as a link to the respective services. This ensures that a data transfer does not take place to the operator of each social network without prior activation performed by you. After clicking onto the button without being logged into the social network, the login window of the selected social network will open in a new browser window and at the same time a cookie will be placed on your hard disk. If you click the button while being already logged into the social network, the network will be able to allocate your visit to your account on the social network. Websites of third parties are solely operated by them. We neither have any influence on the data collected and processed, nor do we know anything about the full extent of the data collection, the purposes as well as the storage limits. Information about the handling of your personal data when using those websites is available in the provider’s data protection policy.

Addresses of the respective providers and URL with their privacy notices:

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other applications sowie http://www.facebook.com/about/privacy/your-info everyoneinfo.

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
http://www.facebook.com/policy.php
further information on data collection: http://www.facebook.com/help/186325668085084
http://www.facebook.com/about/privacy/your-info-on-other applications
http://www.facebook.com/about/privacy/your-info.

b) .WhatsApp Inc., 650 Castro Street, Suite 120-219, Mountain View, California 94041, USA; https://www.whatsapp.com/legal/

c) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.

d) Tumblr, Inc., 35 East 21st Street, 10E, New York, NY 10010, USA; https://www.tumblr.com/policy/en/privacy

e) Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA; http://www.google.com/policies/privacy/?hl=de

f) Pinterest Inc, 808 Brannan Street, San Francisco, California 94103, USA; https://about.pinterest.com/de/privacy-policy

g) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.

h) Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy?lang=de

i) YouTube LLC, 901 Cherry Ave., San Bruno, California 94066, USA; https://www.youtube.com/static?template=privacy_guidelines

VIII. Data processing at our presence through social networks

1. In general

We publically maintain accessible profiles in social networks. The social networks we use are detailed below. Social networks such as Facebook, Google+, etc. can, as a rule, analyse your user behavior comprehensively when you visit their website or a website with integrated social media contents (e.g. like- buttons or banners). When you visit our social media presence, numerous data protection processes are triggered. Specifically: When you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign the visit to your user account. Your personal data might also be collected even if you are not logged in or you do not have an account with the respective social media portal. In this case, data collection can take place via the cookies stored on your end device or by the collecting of your IP address. With the help of such data, the operators of social media portals can create user profiles that contain your preferences and interests. This way, interest-related advertising can be displayed for you in and outside of the respective social media presence. If you have an account with a certain social network, interest-related advertising can be displayed on all devices where you are or were logged in. Moreover, please note that we cannot trace all processing operations on the social media portals. Depending on the provider,  additional processing can be carried out by the operators of the social media portals. For details, see the terms of use and data protection regulations of the respective social media portal.

2. Legal basis

Our social media presence should be as comprehensive on the Internet as possible. This is a legitimate interest as set out in Art. 6 para. 1 lit. f DSGVO. The analyzing processes initiated by the social networks are possibly based on differing legal grounds, which must be stated by the operators of the social networks (e.g. Consent according to Art. 6 para. 1 lit. a DSGVO.

3. Person responsible and the exercise of rights

When you visit one of our social media presences (e.g. Facebook), we, together with the operators of the social media platform, are responsible for starting the data-processing operations for that visit. You can assert your rights (information, correction, deletion, limitation of the processing, data portability and complaints) in general against us as well as against the operator of the respective social media portal (e.g. against Facebook). Please note that, even though we share the responsibility with the operators of social media portals, we cannot entirely influence data processing operations of those social media portals. Our options primarily go by the company policy of each provider.

4. Storage period

The data we collect directly from the social media presence are deleted as soon as they have served their purpose for being stored, if you request us to do so, if you revoke your consent to store the data or there is no longer any reason for the storage of your data.  Stored cookies remain on your end device till you delete them. Mandatory legal provision – esp. retention periods – remain unaffected. We have no influence on the storage period of your data, which are stored by the operators of the social networks for their own purposes. You can find out the details directly from the operators of the social networks (e.g. in their privacy statement, see below).  

5. Where are we represented?

- Facebook – We have a profile and/or a page on Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified as per the EU-US Privacy Shield. You can find the entry at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC

We have concluded an agreement with Facebook on mutual responsibility for the processing of data (controller addendum). The agreement specifies which data processing operations we and/or Facebook are responsible for, when you visit our Facebook fan page. You can have a look at the agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum

You can adjust your advertising preferences in your user account. Simply click on the following link and log in: https://www.facebook.com/settings?tab=ads Details of data protection at Facebook are found in Facebook's privacy statement: https://www.facebook.com/about/privacy/

Additional information about page-insight statistics can be found at: https://www.facebook.com/legal/terms/information_about_page_insights_data

- Twitter – We use the short message service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter is certified as per the EU-US Privacy Shield. Find the entry at https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO  You can adjust your Twitter data protection preferences in your user account. Simply click on the following link and log in: https://twitter.com/personalization

Find details in Twitter's privacy statement: https://twitter.com/de/privacy

- XING – We have a profile at XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland. You can obtain details about how your personal data is used in XING's privacy statement. https://privacy.xing.com/de/datenschutzerklaerung

 - LinkedIn – We have a profile at LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland. LinkedIn is certified as per the EU-US Privacy Shield. You can find the entry at https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0

LinkedIn uses advertising cookies. Please use the following link if you wish to deactivate LinkedIn advertising cookies: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

You can obtain details about how your personal data is used in LinkedIn's privacy statement. https://www.linkedin.com/legal/privacy-policy

- YouTube LLC, 901 Cherry Ave., San Bruno, California 94066, USA; Details about how they handle your personal data can be found inYouTube's privacy statement: https://www.youtube.com/static?template=privacy_guidelines

IX. Newsletter

1. Description and extent of the data processing

1.1 Receipt of newsletter by registration

It is possible to subscribe to a free newsletter on our website. Data will be transferred to us from the input mask when registering for the newsletter. Shipping and administration takes place through CANVAS GmbH, a member of the CADENAS group.

Only your e-mail address is needed to have the newsletter sent to you. Further information , marked separately (e.g. title, first and last name) is voluntary and used solely for personalizing the newsletter. This data as well will be completely deleted in case of cancellation (see under VIII 4).

In addition, the following data is collected at registration;

(1) IP address of the requesting computer

(2) Date and time of registration

For the processing of the data, your consent will be obtained and this data protection declaration will be referred to during registration.

1.1 Receiving the newsletter due to the sale of goods or services

If you purchase goods or services on our website and in so doing leave your e-mail address,the same can be used by us to send you a newsletter. In this case, only direct advertising for our own similar goods or services will be sent via the newsletter.

With the exception of CANVAS GmbH (see above 1.1), the data obtained for the sending of newsletter will not be passed on to any third parties. The data will be used solely for sending the newsletter.

Please note that we use Inxmail to send our newsletter, a newsletter tool of the Inxmail GmbH, Wentzingerstr.17, 79106 Freiburg. Inxmail provides statistical evaluation features on user behavior. The e-mail sent contains so-called web beacons for the evaluation, also referred to as tracking pixel. These are one-pixel image files, linked to the server of Inxmail, thus making it possible to evaluate user behavior.  This takes place by the collecting of server-log files, see 1, like the time of calling up the e-mail and the corresponding IP address as well as the web beacons assigned to your e-mail address and linked with a personal ID. A user profile is created with the data obtained, in order to tailor the newsletter to your interests. This includes when you read our newsletter and which links you click onto, so as to infer your personal interests. You can object to such tracking at any time by unsubscribing the newsletter..

2. Legal basis for the data processing

1.1 Receipt of newsletter by registration

Legal basis for the processing of data, after the user registers for the newsletter, is the submitting of the user's consent Art. 6(1)(a) GDPR.

1.2 Receiving the newsletter due to the sale of goods or services

Legal basis for sending the newsletter as a result of the sale of goods or services ist § 7(3) UWG.

3. Purpose of the data processing

The collecting of the e-mail address and other voluntary information (e.g. title, first and last name) of the user serves to deliver the newsletter as well as to supply the newsletter text with a personal addressing by name.

The collecting of any other personal data during registration serves to prevent the misuse of services or the e-mail address used.

4. Storage period

The data will be deleted as soon as the purpose of the data's collection is no longer necessary. The user's e-mail address will be stored for as long as the newsletter is subscribed to.

Any other personal data collected during registration will usually be deleted after a period of seven days.

We use the so-called double-opt in when registering for our newsletter. This means we will send you a confirmation e-mail to the e-mail address obtained from you, where you confirm your wish to receive the newsletter. If this is not confirmed within one (1) week, your registration will be automatically deleted.

5. Objection and removal option

The subscription to the newsletter can be cancelled by the user at any time. A link for this purpose is in every newsletter.

At this point, it is also possible to withdraw your consent to the storage of your personal data that was collected during registration.

For the newsletter registration, we use the so-called double-opt-in method. This means that we send a confirmation e-mail to your e-mail address and ask you to confirm your wish to receive our newsletter. You have a week’s time to confirm, otherwise your registration will be deleted automatically. As far as you confirm your wish to receive the newsletter, we will store your e-mail address until you unsubscribe the newsletter. The storage serves the purpose of sending you our newsletter on current topics about CADENAS. Required information for the sending of the newsletter is only your e-mail address. Any other information marked separately is voluntary and will be used to personalize the newsletter. Such data will also be deleted in case of cancellation.

X. Registration

1. Description and extent of the data processing

We offer users on our website the option to register with their personal data to take part as a participant in our B2B PARTcommunity forum and to use services provided, e.g. the obtaining of CAD models, within this and, if necessary, other portals  solely for registered participants. The data will then be entered into an input mask, transferred to us and stored.

Our B2B PARTcommunity forum can be read without being registered. Provided you wish to use our B2B PARTcommunity portal to download CAD models, place postings in the community forum, comment on or like other postings or to participate in challenges, you can either use your login from a PARTcommunity manufacturer portal or you will have to register at PARTcommunity B2B. For the registration, we use the so-called double-opt-in process, i.e. your registration will be finalized only after you have confirmed by clicking on a link contained in an e-mail of confirmation sent to you for this purpose. In case your confirmation does not follow in a timely manner, your registration will be deleted automatically from our data base.

Moreover, we offer you the option to register for our service via Facebook Connect. More infos here.

The following details are collected during the registration process:

(1) E-mail address*
(2) Password*
(3) Confirm password*
(4) Time zone
(5) Language
(6) Enter verification code*
(7) Declaration of consent to the terms of use and the data privacy statement

Text suggestion after confirmation button: I hereby give my consent to the processing (collection, storage and use) of my personal data according to the data protection declaration and privacy notices that I have been made aware of. I have read the terms of use of the PARTcommunity forum and hereby give my consent as well.

Profile information
(8) First name*
(9) Last name*
(10) Company*
(11) Street*
(12) Postal code*
(13) City*
(14) Country*
(15) Select system environment CAD
(16) Select system environment PLM/ERP
(17) Select System Environment OTHER
(18) Website
(19) LinkedIn
(20) Facebook
(21) Skype
(22) Twitter
(23) Profile picture

Those marked with * are mandatory. Further personal data will only be collected only on a voluntary basis, such as for a request or registration.

During registration, the following data will also be stored:

(1) IP address of the user
(2) Date and time of registration

The user's consent to process such data will be obtained during registration and reference will be made to the regulations of the terms of use as well as the provisions of this data protection declaration and agreed on and legally binding for the duration of the user relationship.

2. Legal basis for the data processing

Legal basis for the processing of data, after the user registers for the newsletter, is the submitting of the user's consent Art. 6(1)(a) GDPR.

If the registration serves to fulfill a contract of which the user is a party (e.g. use / license agreement for the providing and obtaining of CAD models) or the implementation of pre-contractual measures, the legal basis for the data processing  is also Art. 6(1)(b) GDPR.

 

3. Purpose of the data processing

Every access to our portal and every obtaining of CAD models will be recorded.  The storage serves internal system-related and statistical purposes. The following is recorded: Name of the accessed file, date and time of access, data volume transferred, report on successful access, web browser and requesting domain.

3.1 A registration of the user is necessary to hold specific contents and services ready on our website.

If you use our portal, we will store the data necessary to perform the contract. In addition, we will store the voluntary data you have provided for the duration of use of the portal, unless previously deleted. All information can be managed and modified in the protected customer area. Information given in the forum such as public postings, pinboard entries, friendships, private messages (we have no access to the latter) etc. will be stored so as to operate the forum.

If you use the portal, your data can be made accessible to other participants, depending on the contractual service. Your user name, your photo (if available) and your postings in public groups will be visible to non-members only if you have enabled the same. Moreover, for registered members the „user info“ is visible, which includes information on the type of your membership, visitors to your profile, friendships, the last time you placed a posting and since when you have been a member. In contrast, your entire profile containing the data you have released is visible to all members you have confirmed as personal contacts. If you make contents accessible to your personal contacts, but not by a private message service, the contents will be viewable to third parties, provided your personal contact has authorized a release. Insofar as you have placed postings in the public group, these will be viewable for all registered members of the portal. In the protected customer area, you can manage whatever information and postings you wish to release.

3.2 A registration of the user is necessary to fulfill a contract with the user or for the implementation of pre-contractual measures.

We require and process, in particular, your double-opt verified e-mail address to use as your mailing address for the delivery of ordered CAD models as well as proof of deliver for us to the respective manufacturer of the requested product catalog. We owe it to you and are obligated to the catalog manufacturer, in particular, your e-mail address and the information of the CAD model you obtained to transfer to the respective manufacturer of the requested product catalog so that he can run an invoice control of the delivery order and also contact you to inform you of faulty and/or updated CAD models.

If you register on the PARTcommunity portal of with a specific manufacturer or download CAD files from manufacturers, we pass on your personal data that you specified to execute the order. In addition, the catalog manufacturer will receive personal data such as your e-mail address and, if necessary, further contact details, if you have voluntarily provided him the same via the feedback function in order to leave feedback for the manufacturer portal or if you opt for a newsletter from the manufacturer, so that he can provide you a newsletter for certain information or offers. Insofar as you are put through to the manufacturers homepage, we recommend that you read the data protection provisions on the homepage of the manufacturer before providing your personal data, since this data protection declaration does not include other websites.

Other personal data processed for the obtaining of CAD models serves to prevent misuse in the providing of the CAD models (e.g. violation of the Fair Use Policy) and to ensure the safety of our information technology systems.

Further information about the handling of your data as a registered portal member in the PARTcommunity forum can be obtained here.

4. Storage period

The data will be deleted as soon as the purpose of the data's collection is no longer necessary.

This is the case for the data collected during registration, if registration is withdrawn or amended on our website.

For data collected to perform a contract (e.g. agreement of use to provide and obtain CAD models) or for the implementation of pre-contractual measures, whenever the data is no longer necessary for the implementation of the contract. Also, after concluding a contract, it can become necessary to store the personal data of the contract partner in order to meet contractual or legal obligations.

We will process and store your personal data as long as needed to meet our contractual and legal obligations.

Moreover, we are subject to various retention and documentation obligations from, among other things, the commercial code (HGB) and the tax code (AO).  The specified deadlines for retention and documentation are usually six to ten years.

The storage period is finally assessed according to limitation periods which are usually three years in accordance to §§ 195 ff. of the Civil Code (BGB), but in certain cases can be up to thirty years, although the regular limitation period is three years.

5. Objection and removal option

Users have the option to cancel registration at any time. You can modify your stored data anytime.

You can delete and manage your account and change your information in the protected customer area.

If the data is necessary to perform a contract or to implement pre-contractual measures, a premature deletion of the data is only possible if not prevented by contractual or legal obligations (see  IX 9.).

XI. Contact form and e-mail contact

1. Description and extent of the data processing

There is a contact form on our website which can be used for electronic contacting. If the user takes advantage of it, the data entered into the input mask will be transferred to us and stored. The data consists of:

(1) E-mail address
(2) Your name
(3) Company
(4) Postal code
(5) Place

During registration, the following data will also be stored:

(6) Date and time of registration

For the processing of the data, your consent will be obtained and this data protection declaration will be referred to during registration.

As an alternative, contacting is also possible via the e-mail address provided. In this case, the user's personal data submitted with the e-mail will be stored.

In this context, no further data will be transferred to any third parties. The data will only be used to process the conversation.

2. Legal basis for the data processing

Legal basis for the processing of data, after the user registers for the newsletter, is the submitting of the user's consent Art. 6(1)(a) GDPR.

Legal basis for the processing of data transferred by e-mail is Art. 6(1)(f) GDPR.  If e-mail contact is aimed for after concluding a contract, the legal basis for processing is also Art. 6(1)(b).

3. Purpose of the data processing

The processing of personal data from the input mask serves only for contacting. In case of contacting by e-mail, here is also a legitimate interest in the processing of the data.

To ensure your contact to the nearest CADENAS location, we will also transfer your data, if necessary, to a CADENAS branch office or subsidiary near you.

Any other personal data processed during dispatch serves to prevent misuse of the contact form and to ensure the safety of our information technology systems.

4. Storage period

The data will be deleted as soon as the purpose of the data's collection is no longer necessary. This is the case when the conversation with the user is finished, for the personal data from the input mask of the contact form and the data has been sent by e-mail. The conversation is finished when it can be assumed that the matter has finally been clarified.

The additional personal data collected during dispatch will be deleted after a period of seven days.

5. Objection and removal option

The user can at any time withdraw his consent to the processing of his personal data. If the user contacts us by e-mail, he has the option to object to the storage of his personal data. In this case, the conversation can no longer continue.

You can  also submit the withdrawal of your consent and the objection to storage anytime in text form (e-mail).

In this case, all personal data that was stored in the course of contacting will be deleted.

XII. Data transfer to third parties

Provided you have given your consent or if we are required by law to do so, we will transfer you personal data besides the third parties mentioned in IX 3.2, to the following third parties for specific purposes:

If you have provided us with your personal data, e.g. e-mail when contacting us or via the contact form or when signing up for the newsletter, we will forward your data, if necessary, to our subsidiaries in order to answer your requests or to grant you access to certain information or offers. In this case, you will be notified about the transfer of your data to any subsidiaries.

In some instances, we make use of external providers to process your data. We have carefully selected and commissioned them in writing. They are bound to our instructions and checked upon by us on a regular basis. The service provider shall not forward the said data to third parties.

The described recipients might be located outside of the European economic area (“third countries”), where the level of data protection is not the same as in your home country. In such cases, CADENAS will take measures to ensure a suitable level of data protection.

We will pass on your personal data to subsidiaries in third countries basically only when they have obligated themselves in EU standard contractual clauses to ensure a suitable level of data protection.

The transfer of data takes place exclusively within and in compliance with the applicable legal regulations. We will neither sell your personal data to third parties nor market in any way.

XIII. Use of our Apps

1. Description and extent of the data processing

If you make use of our apps, we will use your data to provide the product or service that you have selected. Necessary information will be transferred to the app store during the download, in particular

(1)   user name,
(2)   e-mail address 
(3)   customer number of your account,
(4)   time of download
(5)   payment information and  
(6)   the individual device number

We have no influence on this data collection and are not responsible for it. We process the data provided insofar as necessary to download the app onto your end device. Beyond that, your data will not be stored.

2. Legal basis for the data processing

Legal basis for the processing of data, after the user registers for the newsletter, is the submitting of the user's consent Art. 6(1)(a) GDPR.

Legal basis for the processing of data transferred while using this app is Art. 6(1)(f) GDPR. If the use of the app serves the concluding of a contract (e.g. obtaining/download of CAD models), an additional legal basis for processing is Art. 6(1)(b) GDPR.

3. Purpose of the data processing

3.1 Download of CAD files

If you wish to receive the CAD files of manufacturers by e-mail, you can register in the app settings. Information required for downloading CAD models is marked accordingly, all other is voluntary.

If you request CAD models via our app by e-mail, we will store your data that is necessary to fulfill the contract. All information can be managed and changed in the protected customer area.

3.2 Use of your photos

Depending on the respective operating system of your end device, we ask for permission in a pop-up to use your photos while downloading or when you begin using the app. If you refuse, we will not use the data. It could be, however, that you then will not be able to use all the functions of the app. Later on, you can alway consent or withdraw permission in the settings of your operating system.

If you allow access, the app will access only the said data and transfer to our server, insofar as is necessary to render the functionality.

3.3 Collection of your location data

Our offer also includes so-called Location Based Services, with which we make you special offers tailored to your respective location.To offer you such functions of the app, we will collect your location data by means of GPS and your IP address in anonymized form, with your permission. You can allow or refuse this function at any time in the settings of your operating system. Your location will only be transferred to us whenever you use app functions that require us to know your location.

4. Storage period

The data will be deleted as soon as the purpose of the data's collection is no longer necessary and no legal retention obligations exist.

5. Objection and removal option

Users have the option to cancel registration at any time. You can modify your stored data anytime.

You can delete and manage your account and change your information in the protected customer area.

XIV. Data security

We maintain current technical measures to ensure data security, in particular for the protection of your personal data from risks during data transfers as well as the acquiring of knowledge by third parties. These measures are adjusted according to the current state of the art. All of the information you provide to CADENAS in message forms are securely transmitted using the latest internet security technology and used only for the purposes specified. We use a SSL (Secure Sockets Layer Protocol) based data transmission procedure. This protocol enables all of the data that is transmitted between your browser and our server to be fully encrypted. This protects your data from being manipulated or accessed by unauthorized third parties during transmission.

XV. Rights of the person concerned

If you process personal data, you are the person concerned pursuant to the GDPR. You have the following rights against the responsible party:

1. Right to information

You can request a confirmation from the responsible party of whether your personal data is being processed by us.

If your data is being processed, you can request the following information from the responsible party:

  1. the purpose of the processing of your personal data;
  2. the categories of personal data being processed;
  3. the recipients or categories of the recipients to which the said personal data have been or will be disclosed;
  4. the expected storage period of your personal data or, in case concrete information is not available, criteria for the setting of the storage period;
  5. the existence of a right to correction or deletion of your personal data, a right to the limitation of processing by the responsible party or a right of objection against the processing.
  6. the existence of a right to appeal with a supervisory authority;
  7. all available information about the origin of the data, if the personal data was not collected from the person concerned;
  8. the existence of automatic decision making, including profiling as per Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and the effects hoped for of such a processing for the person concerned.

You have the right to request information about whether your personal data will be transferred to a third country or an international organisation. In this connection, you can ask about the suitable guarantees as per Art. 46 GDPR relating to the transfer.

2. Right of correction

You have a right of correction and/or completion against the responsible party, insofar as your processed personal data is not correct or incomplete. The responsible party is to make adjustments immediately.

3. Right to limit processing

You can request a limitation of the processing of your personal data on the following conditions:

  1. if you dispute the correctness of your personal data for a long enough period to allow the responsible party ample time to check the correctness of your personal data.
  2. the processing is unlawful and you refuse the deletion of the personal data and request, instead, limiting the use of personal data;
  3. the responsible party has no further need of the personal data, however you have need of the data for the establishment, exercise and defense of legal claims or
  4. if you have objected to the processing as per Art. 21(1) GDPR and it is not yet sure if the responsible party's legitimate reasons outweigh your reasons.

If the processing of your personal data has been limited, such data – except for storage purposes – may only be processed with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal entity or for reasons of an important public interest of the European Union or a member state.

If limitation was according to the above conditions, you will be informed before the limitation is removed.

4. Right of deletion

a) Obligation to delete

You can request of the responsible party to delete your personal data immediately, and the responsible party is obligated to delete the data immediately, provided one of the following reasons apply:

  1. Your personal data is no longer needed for the purposes the data was collected or otherwise processed.
  2. You revoke your consent for the processing that was based on Art. 6 (1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing of your data.
  3. As per Art. 21 (1) GDPR, you enter an objection against the processing and there are no other overriding legitimate reasons for the processing, or as per  Art. 21(2) GDPR, you enter an objection against the processing.
  4. Your personal data was unlawfully processed.
  5. The deletion of your personal data is to meet a legal obligation in accordance with European Union law or that of the member states, which the responsible party is subject to.
  6. Your personal data was collected with regard to the services of the information society as per Art. 8(1) GDPR.

b) Information to third parties

If the responsible party made your personal data public and if he is obligated to delete your data according to Art. 17(1) GDPR, he is to take suitable measures, in consideration of available technology and the costs of implementation, also of a technical kind, to inform you that as the person concerned, the deletion of all links to the respective personal data has been requested, including copies or replications of the personal data.

c) Exceptions:

The right to have data deleted does not apply insofar as processing is necessary

  1. to practise the right of freedom of opinion and information;
  2. to meet a legal obligation that requires processing according to the law of the European Union or member states,which the responsible party is subject to, or for the performance of a task that is in the public's interest or the excercise of official authority that has been transferred to the responsible party.
  3. for reasons of public interest in the area of public health as per Art.9(2)(h)(i) as well as Art. 9(3) GDPR.
  4. for archive, scientific or historical research purposes in the public's interest in accordance with   Art. 89(1) GDPR, insofar as the right mentioned in Section a) renders the expected realization of the objectives of processing impossible or seriously affected, or
  5. for the establishment, exercise or defense of legal claims.

5. Right to information

If you have asserted the right of correction, deletion or limitation against the responsible party, he is obligated to inform all those recipients in possession of your personal data of the correction or deletion of the data or the limitation of processing, unless it proves to be impossible or involves disproportionate effort.

You have the right to be informed about those recipients by the responsible party.

6. Right to data portability

You have the right to receive your personal data, which you provided to the responsible party, in a structured, conventional and machine-readable format. Moreover, you have the right to transfer the data to another responsible party without hindrance by the responsible party whom you provided with your personal data, as long as

  1. the processing is based on consent according to Art.6(1)(a) GDPR or Art. 9(2)(a) GDPR or in a contract as per Art.6(1)(b) GDPR and
  2. the processing takes place by means of automated processes.

In exercising this right, you also have the right to cause that your personal data be directly transferred from one responsible party to another, if technically possible.  The freedom and rights of other persons must not hereby be affected.

The right to data portability does not apply to a processing of personal data which is necessary to perform a task, which is in the public's interest or in exercising official authority transferred to the responsible party.

7. Right of objection

You have the right, for reasons stemming from your special situation, to object to the processing of your personal data, on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling supported by these provisions.

If you file an objection, the responsible party will no longer process your personal data unless he can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedom, or the processing serves the establishment, exercise or defense of legal claims.

You have the right to object at any time to the processing of your personal data for such advertising; this also applies to profiling, insofar as it is directly related to direct advertising.

If you object to the processing for purposes of direct advertising, we will no longer process your personal data for such purposes.

You have the option, relating to the use of services of the information society - regardless of Directive 2002/58/EC - to exercise your  right of objection by means of automated processing, where technical specifications are used.

8. Right of withdrawal from the declaration of consent under data protection law

You have the right to withdraw from your declaration of consent under data protection law at any time. After consent has been withdrawn, the legality of the processing done up to the time of the withdrawal remains unaffected.

9. Automated decision in individual cases, profiling included

You have the right not to be subject to a decison solely based on automated processing - profiling included – which has indirect legal effects for you or otherwise affect you adversely. This does not apply, if the decision

  1. is necessary for the conclusion or fulfillment of a contract between you and the responsible party,
  2. is permissible as per legal regulations of the European Union or member states, which the responsible party is subject to, and those legal regulationss contain appropriate measure to ensure you rights and freedoms as well as your legitimate interests or
  3. is made with your expressed consent.

However, those decisions must not be based on special categories of personal data in accordance with Art. 9(1) GDPR, as far as Art. 9(2)(a) or (g) GDPR does not apply and suitable measures have been taken to protect the rights and freedoms as well as their legitimate interests.

In regards to (1) and (3) of the mentioned cases, the responsible party is to take suitable measures to ensure the rights and freedoms as well as their legitimate interests, which is to include at least the right to obtain the intervention of a person on the part of the responsible party, to present one's own point of view and to challenge the decision.

10. Right of appeal with a supervisory authority

Irrespective of another administrative or judicial remedy, you have the right of appeal with a supervisory authority, in particular with the member state of your residence, your workplace or the place of the presumed infringement, if you are of the opinion that the processing of your personal data is in violation of the GDPR.

The supervisory authority, where you made your appeal, shall inform the complainant of the status and results of the appeal, including the possibility of a judicial remedy as per Art. 78 GDPR.

The competent supervisory authority for CADENAS Konstruktions-, Softwareentwicklungs- und Vertriebs GmbH – the Bavarian State Office for Data Protection Supervision – can be contacted at:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach
GERMANY

Address
P.O. Box 606
91511 Ansbach
GERMANY

Phone: +49 (0) 981 53 1300
Telefax: +49 (0) 981 53 98 1300
E-Mail: poststelle@lda.bayern.de