Data protection declaration under the EU GDPR

Dear Website User,

According to the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), we are obliged to inform you about the purpose for which personal data is collected and used on our website, how this is done and to what extent, which we hereby wish to do. This information also tells you what rights you have with regard to data protection. Please read the following data protection information carefully.

I. Scope of application

This data protection declaration as well as the information obligations fulfilled here under the EU GDPR and the Telekommunikation-Telemedien-Datenschutz-Gesetz (TDDDG) [German Telecommunications Digital Services Data Protection Act] apply exclusively to this website including all sub-pages.

Our data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers, interested parties and business partners. To ensure this, we would like to explain the terms used in advance. Among other things, these definitions are used in our privacy policy:

Supervisory Authority is an independent public body established under Article 51 GDPR which is responsible for monitoring the application of the Regulation in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of personal data within the EU.

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Right of appeal – you may contact the supervisory authority if you believe a provider has not processed your personal data correctly. You can formulate your complaint in a simple and straightforward manner. Some providers may issue a complaint form for this purpose.

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

Third party means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Consent that has been given can be revoked at any time.

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

The responsible body within the meaning of the EU General Data Protection Regulation (Art. 4(7) GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Sauter GmbH
Untere Mühlewiesen 14
79793 Wutöschingen
Deutschland
Tel.: +49 7746 92300
E-Mail: info@sauter-gmbh.de
Website: www.sauter-gmbh.de

The “controller” means the natural or legal person, which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

Our data protection officer will be happy to answer any questions, provide any explanations or address any queries regarding the use of your data:

DASBP Consulting
Feldkreuzweg 21
79793 Wutöschingen
Deutschland
E-Mail: info@dasbp-consulting.de
Website: https://www.dasbp-consulting.de

1. Description and scope of processing of personal data

Personal data also includes information about your use of our website. In this context, we collect the following personal data from you: Information about your visits to our website, such as the extent of data transfer, the location from which you retrieve data from our website and other connection data and sources that you retrieve. This is usually done through the use of log files and cookies. Further information on log files and cookies can be found below.

2. Legal basis for the processing of personal data

We process personal data in compliance with the relevant data protection regulations, in particular the EU GDPR, TDDDG and the BDSG-neu. The processing of your personal data is based on the legal permission of the following legal bases:

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 letter a of the EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data. If you have consented to the storage of cookies or access to information in your terminal device, the data processing is also carried out on the basis of § 25 para. 1 TDDDG.

If cookies or cookie-like technologies are used in the context of data processing, the storage of information in the end user’s terminal equipment or access to information already stored in the end user’s terminal equipment is carried out in accordance with Section 25 (1) GDPR. 1 TDDDG in conjunction with Art. 6 para. 1 letter a GDPR and the further data processing pursuant to Art. 6 para. 1 DSGVO. If the use of cookies is deemed absolutely necessary, this is done on the basis of Section 25 (2) TDDDG and further data processing in accordance with Art. 6 (1) GDPR.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation, Art. 6 para. 1 lit. c GDPR serves as the legal basis (e.g. obligations under labor or tax law).

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 letter d GDPR as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 letter f GDPR as the legal basis for processing.

Information on the relevant legal basis in each individual case is provided in the following paragraphs of our data protection declaration.

3. Purposes of use for the processing of personal data

We only collect, process and use personal data relating to the use of this website (usage data) insofar as this is necessary, and do so exclusively within the scope provided for by law for the following purposes:

  • insofar as this is necessary for the provision of a functional website as well as our content and services,
  • to ensure that our website is presented in the most effective and appealing way possible;
  • in order to fulfil our obligations under any contracts that you have entered into with us;
  • to inform you about any changes to our services,
  • to enable you to use the service or to bill you for the service.

In general, it is not necessary for you to provide personal data in order to use our website. However, we may need your personal data so that we can actually provide our services. This applies in particular to answering individual inquiries.

4. Links to third-party websites

In order to ensure our data protection declaration is transparent, we refer at various points to third-party websites in the form of links to information and data protection notices displayed on external websites. The links published on our website are researched and compiled by us with the greatest possible care.

In general, it is not necessary for you to provide personal data in order to use our website. However, we may need your personal data in order to actually provide our services. This applies in particular to responding to individual inquiries.

5. Links to other websites/Data protection and third-party websites/Note about third-party providers

The website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or guarantee for third-party content or data protection conditions. Please check the applicable data protection conditions before you transmit personal data to these websites.

6. Our objection to the use of our contact details for cold marketing

The use of contact data published due to our legal obligation to provide a legal notice (known as the “legal notice”) for the purpose of sending unsolicited advertising and information material is hereby prohibited.

We expressly object to the processing of our contact data, which we have published in the legal notice or in the data protection contact, for the unsolicited sending of advertising and information material by third parties. The site operator expressly reserves the right to take legal action in the event of the unsolicited and unlawful sending of advertising and information material, such as spam e-mails.

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have extensive rights vis-à-vis the controller, which arise in particular out of Articles 15 to 21 of the same regulation:

1. Right to information (Art. 15 GDPR; Section 34 BDSG-neu)

You may request confirmation from the controller as to whether your personal data are being processed by us.

If this is the case, you may request information from the controller regarding the following

(1) the purposes for which your personal data are being processed;

(2) the categories of personal data which are being processed;

(3) the recipients or categories of recipients to whom your personal data have been or will be disclosed;

(4) the planned storage duration of your personal data or, if specific information in this regard is not possible, criteria for determining the storage duration;

(5) the existence of the right to request from the controller rectification, erasure or restricted processing of your personal data by the controller or to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) where the personal data are not collected from you as the data subject, any available information as to their source;

(8) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right of rectification (Art. 16 GDPR)

You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

3. Right to restriction of processing (Art. 18 GDPR)

You may request the restriction of the processing of your personal data under the following conditions:

(1) if you contest the accuracy of your personal data: this restriction would be for a period enabling the controller to check the accuracy of the data;

(2) the processing is unlawful and you object to the erasure of the personal data and request the restriction of their use instead;

(3) the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims;

(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

Where processing has been restricted, such personal data are, with the exception of storage, only allowed to be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted in accordance with the above conditions, you will be informed by the controller before this restriction has been lifted.

4. Right to erasure (Art. 17 GDPR, Section 35 BDSG-neu)

a) Obligation to erase

You may request that the controller erases your personal data without undue delay and the controller is obliged to erase these data without undue delay if one of the following reasons applies:

(1) Your personal data are no longer necessary for the purposes for which they were collected or processed.

(2) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.

(3) In accordance with. Article 21 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 6(1) GDPR. Article 21 2 GDPR to object to the processing.

(4) Your personal data have been processed unlawfully.

(5) The erasure of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

(6) Die Sie betreffenden personenbezogenen Daten wurden in Bezug auf angebotene Dienste der Informationsgesellschaft gemäß Art. 8 Abs. 1 DSGVO erhoben.

b) Information passed on to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) GDPR, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

(5) for the establishment, exercise or defence of legal claims.

5. Right to information/Notification obligation regarding erasure or restriction (Art. 19 GDPR)

If you have exercised the right to rectification, erasure or restriction of processing vis-a-vis the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom your personal data have been disclosed, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the controller.

6. Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. Art. 6 para. 1 lit. b GDPR is based and

(2) the processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object to the collection of data in specific cases and to direct marketing (Art. 21 GDPR)

7.1. Right to object on a case-by-case basis (Art. 21(1) GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balance of interests) with effect for the future; this also applies to profiling based on these provisions within the meaning of Article 4(4) of the same regulation.

The controller must no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (objection under Article 21(1) GDPR).

7.2. Right to object to data processing for direct marketing purposes (Art. 21(2) GDPR)

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).

The objection can be made informally by sending an email with “Objection” in the subject line, and providing your name, address or other identifiers to datenschutz@sauter-gmbh.de

In the context of using information society services (ISS) and notwithstanding Directive 2002/58/EC, you may exercise your right to object to automated means using technical specifications.

8. Withdrawal of consent to data processing (Art. 13(2)(c) GDPR)

If the processing of your personal data is based on consent, you have the right to revoke your voluntarily and expressly granted data protection declaration of consent for processing at any time with effect for the future. The relevant data will then be blocked or deleted immediately in accordance with statutory retention periods. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

You can withdraw your consent informally in the same way as you gave your consent. Alternatively, you can contact us at the following e-mail address, stating your full name and e-mail address:: datenschutz@sauter-gmbh.de

9. Automated individual decision-making including profiling (Art. 22 GDPR, Section 37 BDSG-neu)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests;

(3) is made with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller must implement suitable measures to safeguard your rights and freedoms, and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express your point of view and to contest the decision.

10. Right to complain to a supervisory authority (Art. 13(2)(d) and Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority of your choice (Art. 77 GDPR in conjunction with Section 19 BDSG-neu), in particular in the Member State of your place of residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority to which the complaint has been lodged must inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

A list of the supervisory authorities and their contact details with addresses can be found under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

In the event of data protection complaints, please contact the competent supervisory authority:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Tel. 0711 6155410
Fax: 0711 61554115
E-Mail: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de

To exercise these rights, you can contact the data controller referred to in Section III or the data protection officer referred to in Section IV at any time.

Please also contact us using the contact details provided if you have any questions, comments or requests regarding the collection, processing or use of your personal data.

1. Description and scope of processing of personal data

We process your data to perform and process the services that we have (contractually) undertaken to provide to you. Insofar as the provision of these services is associated with statutory obligations (such as statutory documentation or retention obligations), we also process your data for the purpose of fulfilling these statutory obligations.

2. Categories of personal data processed

Within the scope of our business relationship, we process and store the following categories of personal data: Personal data (name, address), bank details, order data (e.g. delivery order) if applicable, payment data, documentation data (data from consultation and service discussions), as well as comparable data.

3. Purposes and legal basis for the processing of personal data

We collect, process and use personal data only insofar as it is necessary for the establishment, content or modification of the legal relationship (inventory data). The processing serves the execution of our contracts or pre-contractual measures with you and the execution of your order, as well as all activities necessary for the operation and administration of our company. We collect, process and use personal data about the use of our website (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user.

In addition, we process personal data in accordance with Art. 6 para. 1 letter c GDPR, insofar as this is necessary for the fulfillment of legal obligations to which it is subject as a company. The purposes of processing include retention obligations under commercial and tax law in accordance with Section 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (AO).

4. Storage duration or criteria for determining storage duration

We generally store data that we process within the scope of contractual relationships for a period of 10 years – if necessary – for tax reasons. In accordance with legal requirements, data is stored in particular for 6 years in accordance with Section 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) AO (e.g. books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation).

5. Disclosure of data to internal recipients

The information collected on this website is passed on to the relevant internal departments within our companies that are involved in the execution and fulfilment of the relevant business processes (e.g. marketing, IT department).

6. Disclosure of data to contractual service providers (data processors)

In order to achieve the processing purposes specified by us, it is sometimes necessary for us to disclose your data to individual recipients who must process the data on our behalf. Below you will find a list of controllers and/or processors to whom we transfer, provide or otherwise make personal data accessible on a case-by-case basis. If it is not possible to name specific recipients here, the GDPR allows us to specify categories of recipients:

  • EDP and IT service provider
  • Web hosting and email dispatch hosting
  • Advertising agency
  • Telecommunications
  • Logistics
  • Sales and marketing

These service providers only process the data in accordance with express instructions and are contractually obliged to guarantee suitable technical and organizational measures for data protection. In addition, they are obliged to handle the information in accordance with this data protection notice and German data protection laws.

7. Disclosure of data to external recipients (third parties)

Furthermore, we may transfer the personal data of our customers to bodies such as:

  • Banks, for the processing of payment transactions
  • Competent administrative authorities, in particular tax consultants/auditors
  • Postal and delivery service providers
  • Financial management
  • Your personal data will not be transferred to third parties for purposes other than those listed above.

8. Data security/Security measures

8.1. SSL encryption

This website uses Secure Socket Layer (SSL) encryption for the transmission of data from your browser to our server, and to servers that provide files that we embed on our website.

With SSL, data is transmitted in encrypted form. The data cannot be changed and the sender cannot be identified. You can recognize the presence of SSL encryption by the text “https” in front of the address of the website that you call up in the browser.

8.2. Security notice

We secure our website and other IT systems against loss, destruction, unauthorized access, unauthorized modification or unauthorized dissemination of your data by means of suitable technical and organizational measures. However, despite all due care, complete protection against all risks is not possible in every case.

As we cannot guarantee complete data security when communicating by e-mail, we recommend sending confidential information by post. Our security measures are continuously improved in line with technological developments.

1. Description and scope of processing of personal data

You can visit our website without providing any information or disclosing your identity. Each time a customer (or other visitor) accesses/visits our website, the internet browser used on your device (computer, laptop, tablet, smartphone, etc.) automatically sends or transmits data and information about your usage behavior and your interaction with us to the server of our website and registers data on your computer or mobile device (access data). This information is temporarily stored in a so-called server log file. This data is information that relates to an identified or identifiable natural person (website visitor).

2. Categories of personal data processed

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected by default:

  • Information about the browser type and version used,
  • Information about the operating system of the user’s computer,
  • Details of the user’s internet service provider,
  • IP address of the user,
  • Date and time of access/server request (HTTP status code)
  • Websites from which the user’s system accesses our website
  • Websites accessed by the user’s system via our website

The data is not analyzed for marketing purposes in this context. This data is not stored together with other personal data of the user. This data is collected and stored anonymously; we neither intend to nor do we draw any conclusions about the person concerned. No personal surfing profiles or similar are created or processed.

3. Legal basis for data processing

The data in the server log files is processed to protect our overriding legitimate interest on the basis of Article 6(1)(f) GDPR and Section 31 BDSG.

We have a legitimate interest in providing a website optimised for your browser, ensuring the website’s stability and functionality and enabling you to communicate between our server and your terminal device.

We reserve the right to subsequently check the log data/server log files if there are reasonable grounds to suspect unlawful use.

4. Purpose of data processing

The collection, storage and processing of the listed data (without personal reference) in log files is carried out to ensure the functionality of the website. In addition, we use the data to optimize the website, for technical administration and to ensure the security of our information technology systems and to defend against and analyze attacks.

5. Storage duration or criteria for determining storage duration

This data/information is stored in the log files of our system for a limited period of time based on the following criteria:

  • The data that we process in connection with the (purely informational) access to our website in order to provide the website is only stored for the duration of your use of the website and then deleted immediately (when the respective session has ended). If the data is stored in log files, this is usually the case after seven days at the latest (rolling logging). In this case, the IP addresses of the users are deleted or alienated (anonymized by shortening) so that it is no longer possible to identify the accessing computer (client).
  • Log data whose further retention is suspended for evidentiary purposes (e.g. to clarify acts of abuse or fraud, to detect abuse or to maintain proper operation), if there is a justified suspicion of unlawful use based on concrete evidence and further examination and processing of the information is necessary for this reason, are excluded from deletion until the respective incident has been finally clarified. These will be deleted or overwritten after 6 months at the latest.

The data is not analyzed for marketing purposes in this context. This data is not stored together with other personal data of the user. This data is collected and stored anonymously; we neither intend to nor do we draw any conclusions about the person concerned. No personal surfing profiles or similar are created or processed.

6. Recipients or categories of recipients of personal data

The recipient of the data is our technical hosting service provider, Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, which acts as a processor for the operation and maintenance of our website in accordance with Art. 6 para. 1 letter f GDPR in conjunction with Art. 28 GDPR. Art. 28 GDPR. This is a contract prescribed by data protection law, which ensures that the data controller processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

7. Legal or contractual requirements to provide personal data; necessity for the conclusion of the contract; obligation of the data subject to provide personal data; and possible consequences of non-provision

The processing and storage of data by the system is technically necessary to visit a website in order to enable delivery of the website to the user’s computer, to avoid server overload and to ensure stability and security.

There is no legal or contractual obligation to provide data, however, it is not technically possible to call up our website without providing data.

8. Objection and removal option

The collection of data for the provision of the website and the storage of data in log files are absolutely necessary for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 (1) GDPR.

1. Use of web hosting

a) Description and scope of data processing

For our web presence, we use the web hosting service of Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany, which acts on our behalf as a data processor.

We or our hosting provider process inventory, contact, content, contract, usage, meta and communication data of our customers, interested parties and website users, as well as contact requests, IP address (which is necessary to be able to deliver online content to browsers), website accesses and other data generated via our website and incurred in the context of usage and communication in order to make available the hosting services.

b) Purpose and legal basis for data processing

The hosting services we use are for the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1) (b) GDPR) and on the basis of our legitimate interests in the secure, fast and efficient provision and provision of our online offer by a professional provider in accordance with Art. 6 (1) (f) GDPR.

c) Storage duration or criteria for determining storage duration

The personal data collected on this website is stored on the hoster’s servers. Our hoster will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.

2. Emailing

a) Description and scope of data processing

We use the hosting service Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn Germany to send our emails.

The e-mail sending services we use include sending, receiving and storing e-mails. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of emails and the content of the respective emails are processed.

b) Purpose and legal basis for data processing

The aforementioned data may also be processed for spam detection purposes. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted in transit, but not on the servers from which they are sent and received, unless an end-to-end encryption process is used. We can therefore accept no responsibility for the transmission path of e-mails between the sender and receipt on our server.

a) Description and scope of data processing

You may contact us by post, telephone or email.

If you contact us by post, we may in particular process your address data (e.g. surname, first name, street, place of residence, postcode), date and time of receipt of the post as well as the data resulting from the correspondence itself.

If you contact us by telephone, your telephone number and, if necessary, your name, e-mail address, time of the call and details of your request will be processed on request during the conversation.

If contact is made by e-mail to our e-mail addresses, the user’s personal data transmitted with the e-mail will be stored for further contact management. If you contact us by e-mail, your e-mail address, the time of the e-mail and the data resulting from the message text (including attachments, if applicable) will be processed.

Abhängig davon, welche Daten Sie hier angeben, treten wir dann wahlweise per Telefon oder E-Mail wieder in Kontakt und rufen Sie ggfs. zurück bzw. schreiben Ihnen.

b) Legal basis for data processing

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 para. 1 letter f GDPR, as we have a necessary legitimate interest in the effective processing of the enquiries addressed to us and to reply to your e-mail or to offer you the opportunity to contact us at any time and to be able to answer your enquiries. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 letter b GDPR.

c) Purpose of data processing

The purpose of processing the above data is to process the contact enquiry or to be able to contact you in order to answer the request and process it, to fulfil your wish to be contacted and to contact you in the event that follow-up questions arise.

d) Recipients or categories of recipients of personal data

The recipient of the data is our technical hosting service provider, Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany, which acts as a processor for the operation and maintenance of our website. This is a contract prescribed by data protection law, which ensures that the data controller processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

In this context, this personal data is not passed on to third parties or other recipients. There are also no plans to transfer this data to a third country or to an international organisation.

e) Storage duration or criteria for determining storage duration

The personal data you send to us by e-mail will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies, e.g. after your request has been processed or when the respective conversation with you has ended. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified or as soon as it is no longer required to fulfil the purpose for which it was collected and provided that there are no statutory retention obligations to the contrary.

Where a contractual relationship arises, we are subject to the mandatory statutory provisions – in particular statutory retention periods – and delete your data after six or ten years.

f) Objection and removal option

If the user contacts us by e-mail, they can object to the storage of their personal data at any time. You can send us your objection at any time in writing or by e-mail to datenschutz@sauter-gmbh.de.

g) Withdrawal of consent under data protection law

If you have given us separate consent to process your data, you can withdraw this consent at any time in accordance with Art. 7 (3) GDPR. Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation. All personal data stored in the course of contacting us will be deleted in this case.

Your consent can be withdrawn by sending an email to datenschutz@sauter-gmbh.de.

h) Legal or contractual requirements to provide personal data; necessity for the conclusion of the contract; obligation of the data subject to provide personal data; and possible consequences of non-provision

The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it may mean that you will not be able to use our contact form and the option to contact us, or that it will not be possible to process your enquiry without providing it. In such a case, the conversation cannot be continued.

1. Use of technically necessary cookies

We use cookies on various pages in order to make visiting our website attractive and to enable the use of certain functions.

In its original form, a cookie is a data record that is stored on your data carrier/end device (laptop, tablet, smartphone or similar) and that stores certain settings and data for exchange with our system via your browser in order to tailor the offer to its needs and enable it to use certain functions.

Cookies richten auf Ihrem Endgerät keinen Schaden an, enthalten keine Viren, Trojaner oder sonstige Schadsoftware. Cookies können auf keine anderen Daten auf Ihrem Computer zugreifen, diese lesen oder verändern.

a) Description and scope of data processing

The technical structure of the website requires us to use technologies, in particular cookies. Without these technologies, our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted at the end of your visit to the website, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in the Consent Manager.

Please activate Javascript to see the list of all declared cookies and similar technologies.

a) Description and scope of data processing

We use Team Viewer QuickSupport, a web conferencing and remote maintenance service, on our website. The provider is TeamViewer Germany GmbH (“TeamViewer”), Bahnhofsplatz 2, 73033 Göppingen, Germany.

The TeamViewer data protection team and data protection officer can be contacted at privacy@teamviewer.com or at TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen, Germany.

Further information about TeamViewer can be found in its data protection notice available here: https://www.teamviewer.com/de/datenschutzinformation

b) Categories of personal data processed

The following personal data are processed within the scope of support services via TeamViewer:

  • Content data transmitted when using the software and services, e.g. the data related to the chat functionality
  • Connection data stored on the user’s device (log files)
  • Data from conference recordings stored on the user’s device

In addition, TeamViewer collects data that is generated during online support, such as data like

  • Usernames
  • Email addresses
  • IP addresses
  • Preferred language
  • Meeting ID
  • Location

TeamViewer states that it uses different types of cookies depending on the purpose. Detailed information in connection with the use of cookies, pixels and similar technologies, as well as their purpose, can be found at https://www.teamviewer.com/de/datenschutzinformation/ under “Data protection information for cookies”.

If you have any questions about the processing of your personal data by TeamViewer Germany GmbH in connection with your contractual relationship, please contact privacy@teamviewer.com.

c) Legal basis for data processing

The processing of personal data for the data transfer to TeamViewer takes place exclusively on the basis of your prior consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the storage of or access to information in terminal equipment within the meaning of the TDDDG is concerned.

d) Purposes for which personal data are processed

With the help of TeamViewer QuickSupport software, we offer you support services directly on your PC upon request and only during our business hours following telephone or written consent. This allows us to offer better and more tailored support in the case of questions or problems.

The collection, storage and processing of data in the context of setting up and carrying out remote maintenance is carried out exclusively for the purpose of providing support services. We will not link your data with other data, will not use it for other purposes and will not pass it on to third parties under any circumstances.

The purpose and scope of the data collection and the further processing and use of the data by TeamViewer in connection with the use of its products as well as your rights in this regard and setting options to protect your privacy can be found in the data protection information, in particular the TeamViewer data policy, which you can view at the following link: https://www.teamviewer.com/de/datenschutzinformation/

e) Storage duration or criteria for determining storage duration

The history of the online service is not stored beyond the online session. Exceptions are log data, which are only used to ensure IT security and are deleted after 7 days.

The data will only be stored by Sauter GmbH for as long as is necessary for preparation and follow-up and for the provision of online support. The data will be deleted after the TeamViewer online support has been completed.

f) Internal recipients of personal data

The information collected in this context is received within our companies by our support staff/IT department involved in the execution and fulfilment of the respective business processes. Our employees are sufficiently trained and familiarised with the confidentiality and due diligence obligations.

g) Recipients or categories of recipients of personal data as data processors

The recipient of the data is TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen, Germany, with whom we have concluded an order processing contract in accordance with Art. 28 GDPR. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

h) Withdrawal of the declaration of consent under data protection law

If you have expressly given us separate consent to data processing, you can revoke your voluntarily given consent in accordance with Art. 7 para. 3 GDPR at any time with effect for the future and without giving reasons by calling up the cookie settings on our website and finding an overview of the cookies used, as well as the option to change or revoke the individual cookies or the category of cookies/your selection. The withdrawal of your consent does not affect the lawfulness of processing based on your consent before its withdrawal.

i) Legal or contractual requirements to provide personal data; necessity for the conclusion of the contract; obligation of the data subject to provide personal data; and possible consequences of non-provision

The provision of the aforementioned personal data is neither legally nor contractually required and is also not mandatory in order to display the website and is also not required for the conclusion of a contract. You are also not obliged to provide the personal data.

In cases of data collection based on your consent, the provision of data by you is voluntary and not mandatory. However, if you do not give your consent, we will not be able to provide the services based on data processing with your consent.

a) Description and scope of data processing

On our website, we also offer you the opportunity to apply for vacancies electronically or on your own initiative and to send us your application by e-mail or post. We advertise current vacancies in a separate section, for which interested parties can apply by e-mail to the contact address provided. If you send us your application by post, we will process the data you provide.

b) Purpose of processing

The purpose of processing the personal data resulting from the application documents you send is exclusively to process your application or to manage the application procedure and to be able to identify a suitable applicant.

c) Legal basis for data processing

The legal basis for the processing of personal data resulting from the application, including contact for queries, is generally Art. 6 para. 1 lit. b GDPR (general contract initiation) in conjunction with. § Section 26 para. 1 BDSG-new (initiation of an employment relationship) and Art. 88 para. 1 GDPR and Art. 6 para. 1 lit. a GDPR (if consent has been given) in the sense of which the application process is considered to be the initiation or fulfilment of an employment contract.

In the event of a successful application, the data provided will be processed on the basis of Art. 6 para. 1 lit. b DSGVO i.V.m. § 26 Abs. 1 BDSG-new for the purposes of implementing the employment relationship.

d) Recipients or categories of recipients of personal data

Personal data are only passed on within our company to the departments involved in the application process.

A career quiz is offered for speculative applications. This is an e-recruiting service provided by the personnel service provider Universal Job Süd GmbH, Eisenbahnstraße 17, 79761 Waldshut-Tiengen which constitutes joint processing under Art. 26 GDPR (cooperation of two or more controllers in the processing of personal data).

When operating the application platform at https://www.upgrade-worklife.de we process and use your personal data in our online application system exclusively for the purposes necessary to ensure effective and correct processing of the application procedure. This also applies to data added during the application process, e.g. as a result of queries and subsequently submitted documents.

We seek to obtain a brief overview of you and your current situation through the online application process/career quiz.

e) Storage duration or criteria for determining storage duration

The data transferred for the purpose of establishing the employment relationship are stored in compliance with the statutory provisions:

If we conclude an employment contract with an applicant, we also store the data submitted so that we can enter into an employment relationship.

Where we do not conclude a contract with you, where we are unable to make you a job offer or where you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided for up to six months from the end of the application process (i.e. rejection, or having been informed of the rejection or withdrawal of the application) on the basis of our legitimate interests. After this period, the data are deleted and the physical application documents destroyed. If it is evident that data will be needed after the six-month period has expired (due to an impending or pending legal dispute), they will only be deleted when the purpose for continued storage no longer applies.

They may be stored for longer if you have given your consent or if legal storage obligations prevent erasure.

The application email and the documents sent will be deleted after six months once the application process is over, unless we are legally obliged to retain these data.

If you have sent us your application documents by post, we will return your submitted documents to you once the application process is over.

f) Data sources

We process personal data that we receive from you by post or email in the course of contacting you or processing your application, or that you send to us via https://www.upgrade-worklife.de.

g) Legal or contractual requirements to provide personal data; necessity for the conclusion of the contract; obligation of the data subject to provide personal data; and possible consequences of non-provision

The provision of personal data as part of the application process is neither legally nor contractually required. You are therefore not obliged to provide your personal data. However, please note that this is necessary for the decision on an application or the conclusion of a contract in relation to an employment relationship with us. If you do not provide us with any personal data, we cannot make a decision on the establishment of an employment relationship. We recommend that you only provide the personal data that is required to complete your application.

XIV. Validity and amendment of this data protection declaration

Due to the ongoing development of our website, the growth of our business objectives and offers, and due to new technologies, changes to our data processing or changes because of changed legal, judicial or official requirements (e.g. an adjustment required by new case law), it may become necessary to change or adapt this data protection declaration at any time with effect for the future.

We therefore ask you to revisit the privacy policy each time you visit the website and check whether it has changed in the meantime, especially if you provide personal data. You can easily recognise this by the date given at the end. The new privacy policy will then apply to your next visit.

These data protection provisions can be accessed at any time from any page of our website under the heading “Data protection declaration”.

Gender-equal language

We endeavour to formulate our texts in a gender-neutral manner. For reasons of better readability, however, the masculine form is used when referring to persons and personal nouns. We expressly point out here that, in the interests of equal treatment, the masculine form always refers simultaneously to female, male and diverse persons. Corresponding terms are used for editorial reasons only and do not imply any judgement.

As of: January 2025

© 2025 Sauter GmbH